f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 05:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe
Size

9.9MB
MD5

bbe85507c3d30efe4e8ac3b2f7e0ac66
SHA1

90dd939e57b918c63c41052306f89bd57a5118e8
SHA256

f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a
SHA512

576b6b027d9f00a6f35d098a20e2c3ee3152e37b0015050dfb128bb4eab66ddbfeddeb4cd1e933805ba9d66f4071016188b4b0a557562d1bed5b2c722ffba26e
SSDEEP

196608:OkHYh3yx6GlD/3qsH0u51sKsb99zd4JwWziNdxiLnG57o246fiv3r1y:r6isGh1PTxsb/54JNiN4q7746qv35y

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-65-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-79-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-83-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-91-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2024-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2024-5-0x0000000000400000-0x000000000167D000-memory.dmp	vmprotect
behavioral1/memory/2024-66-0x0000000000400000-0x000000000167D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe
2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe
2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe
2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2860	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	28
PID 2024 wrote to memory of 2860	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	28
PID 2024 wrote to memory of 2860	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	28
PID 2024 wrote to memory of 2860	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	28
PID 2024 wrote to memory of 2892	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	29
PID 2024 wrote to memory of 2892	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	29
PID 2024 wrote to memory of 2892	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	29
PID 2024 wrote to memory of 2892	2024	f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe	29

C:\Users\Admin\AppData\Local\Temp\f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe
"C:\Users\Admin\AppData\Local\Temp\f5c4e5f2762434c4bab88a05773de56b9f7db01da49e85b67da1f9a3eb1f425a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\cmd.exe
  cmd /C del / f / s / q %windir%\\prefetch\\*.*
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  cmd /C del / f / s / q %windir%\\temp\\*.log
  2⤵
  PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-0-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2024-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2024-5-0x0000000000400000-0x000000000167D000-memory.dmp

Filesize
18.5MB

Download
memory/2024-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2024-6-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2024-8-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2024-10-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2024-13-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2024-15-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2024-18-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2024-20-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2024-23-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2024-25-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2024-28-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2024-30-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2024-31-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2024-33-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2024-35-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2024-36-0x0000000077EA0000-0x0000000077EA1000-memory.dmp

Filesize
4KB

Download
memory/2024-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-66-0x0000000000400000-0x000000000167D000-memory.dmp

Filesize
18.5MB

Download
memory/2024-65-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-79-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-83-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-91-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2024-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download