7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
Size

4.1MB
MD5

a636f22085351fdc188b2f67ece1de7d
SHA1

3424b67f61ced1949323e790b110b6a7c638e24b
SHA256

7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c
SHA512

bdaeee6c8e219b4dffbcbdda3a1816fefdb62857b4f9855a1075af8b9e7d27e54bdb0d3d373789ecb4f4f183a1120b0468676e525a4a06d4bf36e0f5c733036e
SSDEEP

49152:uwvlunynlqDXcNziTiTha3vq41T1rxqdVGcfPlaIPeFnGDsXV/+oXsa18j1X6sXL:5lqDOiuTQ3S41NxgMIm4DmmsWBKsToDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2844-13077-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13078-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13079-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13081-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13083-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13085-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13087-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13089-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13092-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13095-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13097-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13099-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13101-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13104-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13106-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13110-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13113-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13115-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13117-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13120-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13122-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13124-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13126-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13127-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2844-13129-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\WOW6432Node\Interface\{335D7791-3407-3911-3A45-37DF20D5318E}	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\WOW6432Node\Interface\{335D7791-3407-3911-3A45-37DF20D5318E}\ = "D7MtRbdaVLk4SL1QG5pGcoF/ff9yCg+gZ9BIIdsEBFDdpFe6UN5MKyisIkW0Wj65KUi7UBCaCG+aeHL/bwr5oFjQRiHQBMZN3aRXulDeTCtK3QNuhp0NmUTigF4xtE9d"	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
2844	7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe

C:\Users\Admin\AppData\Local\Temp\7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe
"C:\Users\Admin\AppData\Local\Temp\7e496ec24aacd9e46141c8dad45116110a011046db2d4b90e333f9a6842ceb8c.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2844-0-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-1-0x0000000077A00000-0x0000000077C15000-memory.dmp

Filesize
2.1MB

Download
memory/2844-3875-0x00000000776E0000-0x0000000077880000-memory.dmp

Filesize
1.6MB

Download
memory/2844-5884-0x00000000765B0000-0x000000007662A000-memory.dmp

Filesize
488KB

Download
memory/2844-13069-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13070-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13071-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13072-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13074-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13075-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13077-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13078-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13079-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13081-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13083-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13085-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13087-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13089-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13092-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13095-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13097-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13099-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13104-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13108-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13106-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13110-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13113-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13115-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13117-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13120-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13122-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13124-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13126-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13127-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13128-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13129-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2844-13130-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13133-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13134-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13139-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download
memory/2844-13140-0x0000000000400000-0x00000000009FC000-memory.dmp

Filesize
6.0MB

Download