7645dad4a9eb0353ee6bdd7f4e21e8b29025bf3136c1a42eca9b8b46d2a6cc84

Analysis

max time kernel
131s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6256812fc5bcd00c9f0905c167138743.exe
Size

413KB
MD5

6256812fc5bcd00c9f0905c167138743
SHA1

6c89a48d8baf4ebe3d09a33d97827b7c89b91c45
SHA256

7645dad4a9eb0353ee6bdd7f4e21e8b29025bf3136c1a42eca9b8b46d2a6cc84
SHA512

48ebcb7028ac3138665286ca744ee31403ee5ade3e9f4b488e24a9c4e7c0cc1316874698e7ebc8c4e64263a6fdc188509ac96a3f0d9b0eb80a61d7eb274cb3fb
SSDEEP

6144:h7/7Wn2iBqScSkltGne4D64jdMcmR5HYfEsq4DKxZtmCmUbLZOTvoU:h7TykFILjdbmR54csq4DK/tOTwU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-1-0x0000000000400000-0x00000000004D2000-memory.dmp	upx
behavioral1/memory/2116-10-0x0000000000400000-0x00000000004D2000-memory.dmp	upx
behavioral1/memory/2116-29-0x0000000000400000-0x00000000004D2000-memory.dmp	upx
behavioral1/memory/3052-31-0x0000000000400000-0x00000000004D2000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe
2116	6256812fc5bcd00c9f0905c167138743.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	6256812fc5bcd00c9f0905c167138743.exe

C:\Users\Admin\AppData\Local\Temp\6256812fc5bcd00c9f0905c167138743.exe
"C:\Users\Admin\AppData\Local\Temp\6256812fc5bcd00c9f0905c167138743.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2116
- C:\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe
  "C:\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe" "C:\Users\Admin\AppData\Local\Temp\6256812fc5bcd00c9f0905c167138743.exe"
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe

Filesize
41KB

MD5
9bfb5745a363884236a2f47c19650a9a

SHA1
3a3f0f01d9632a9c6dd1f8a558bb2b3a2563aa5f

SHA256
d3f2f54416a98fca010cd8b58d14b4972d64aa1880415087baa62ed20b5b71ec

SHA512
b7ba4c8a4b8938d661f2e9da93ad5d23fbe0878c2b4ca587aebbc53aca3c6b8ccd48e33f75336adc75113d9a0a5a1ca55777aef5a0631d077eaf8a00ea64a3cc

Download Submit
C:\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe

Filesize
45KB

MD5
b1b70defb4e50a5868947a0a2f4efad9

SHA1
9453a5c76956a20690c1fff797b63f9ea493adcd

SHA256
3de703710a9e6e100215cca4f31ff9f0d4737f1baf483683c735e49bebd86e47

SHA512
071f6df5bc8827bc8a34bc3a4589df329de011decc4647c79b32f73f54a816ad45c3e1b905e5f8eba2798e7c19cff893a74300fa6307a19afc07739e5dc9b910

Download Submit
C:\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe

Filesize
19KB

MD5
d59d77c9eb6637e4a736fe080008f7e0

SHA1
0e916b769fe19727a7f9aa896d3045b5b5ac83de

SHA256
9ae00491f4c805d77bbd4a1eadd2ffa98289139b6a00da965bc7ed7530497cbe

SHA512
ebca967b74e3d9853eaeea30be9d9d2067be271f7514d944d0f58edb844d85063ec87b029588453eeb5ef55a82b5f09471c61868d88e71e71215d25806f8dbcf

Download Submit
\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe

Filesize
68KB

MD5
86988357239890ed2eb0949e88ddaae0

SHA1
c8d29f52f297af671933a5e00c103ce35c425500

SHA256
8d3b4a5ffb0b4efe3910063bc696ec7fe14101a6c14c5c9891d4a004bf90f80b

SHA512
fc366ee811d683cb9d2611bf14115ade0f4bee45490feded9cb8cc4ae0927164a0d081af6439d64cd28be69d2b2050860018b0aacbc8c818d84178491273d7ed

Download Submit
\ProgramData\aO33411OoOaD33411\aO33411OoOaD33411.exe

Filesize
55KB

MD5
e2a6139829a9264850ef2c7f98e5b994

SHA1
a8a5503c19b425b773e9b7587635766b64d2bf6f

SHA256
05344aea64d4996b8b23218175b2b850ba1ba13391b8b8589c40d960616bc742

SHA512
280357b60f90951aeee3a1c30f76fd650096b4a467b495193cf83d3a88c376a8ee9535702a9e3a02c348398aac319e12867ff64b7b937cb138e3cdfa01427cb5

Download Submit
memory/2116-0-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2116-1-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2116-10-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2116-29-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/3052-31-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download