e3c68fc7899f15e54b178c55ab9efef878ca8c29212610b5bd59aeba8d7e4c78 | Triage

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:06

Sharing

Report Analysis Logs

General

Target

36a33097de59d5f0072923cb015b686b.exe
Size

88KB
MD5

36a33097de59d5f0072923cb015b686b
SHA1

bbd3d4f75b69f935e91bb3a15135358d7bbde35b
SHA256

e3c68fc7899f15e54b178c55ab9efef878ca8c29212610b5bd59aeba8d7e4c78
SHA512

9559dc0c35696e4d5e6de863facdf767b9a96c08d4dc0e25560b923892ca344510949991066cacbdc7ad839c40309929ebb0e9e03a91d201534c95b5ee9cdf41
SSDEEP

1536:XZqENHOvBvqe6BZ9Zci7yMYVY6yEQY1N:pqENSvqxtZzYVY/RY1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4332-0-0x0000000000400000-0x0000000000431000-memory.dmp	upx
behavioral2/memory/4332-1-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Modifies Control Panel 10 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000002\Key Modifiers = 00000000	36a33097de59d5f0072923cb015b686b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000001\Virtual Key = 00000000	36a33097de59d5f0072923cb015b686b.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000000	36a33097de59d5f0072923cb015b686b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000000\Key Modifiers = 00000000	36a33097de59d5f0072923cb015b686b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000000\Virtual Key = 00000000	36a33097de59d5f0072923cb015b686b.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000001	36a33097de59d5f0072923cb015b686b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000001\Key Modifiers = 00000000	36a33097de59d5f0072923cb015b686b.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000002	36a33097de59d5f0072923cb015b686b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\0000002\Virtual Key = 00000000	36a33097de59d5f0072923cb015b686b.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Input Method\Hot Keys\00000104	36a33097de59d5f0072923cb015b686b.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe
4332	36a33097de59d5f0072923cb015b686b.exe

C:\Users\Admin\AppData\Local\Temp\36a33097de59d5f0072923cb015b686b.exe
"C:\Users\Admin\AppData\Local\Temp\36a33097de59d5f0072923cb015b686b.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:4332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4332-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4332-1-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download