34a9ec931a64174025d96b1c89a55d8c0b50bd56f292e9ea4f3c0988aa7152d9

Analysis

max time kernel
181s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

047e727e60decb6bdc043d2a3d2339b8.exe
Size

448KB
MD5

047e727e60decb6bdc043d2a3d2339b8
SHA1

0366a02c49dae96d1f68851a13666a61ecd799a3
SHA256

34a9ec931a64174025d96b1c89a55d8c0b50bd56f292e9ea4f3c0988aa7152d9
SHA512

38b4543f78be089c1c5bc4a7a3549b239dd70f33b99a2a07430adf08a3d11734f42a22ecec8316bca804c98803b2f2c9bbc24a76ffb316289cdd97ce9795c56e
SSDEEP

12288:wrBh4Fcia8U2qu4CH8LOHBLphwMxSfavHeWGpHv9GQT65:w34FtU23rrbGMbfUFGQTA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-2-0x0000000000400000-0x0000000000479000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	047e727e60decb6bdc043d2a3d2339b8.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe
2676	047e727e60decb6bdc043d2a3d2339b8.exe

C:\Users\Admin\AppData\Local\Temp\047e727e60decb6bdc043d2a3d2339b8.exe
"C:\Users\Admin\AppData\Local\Temp\047e727e60decb6bdc043d2a3d2339b8.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2676-0-0x0000000000300000-0x0000000000368000-memory.dmp

Filesize
416KB

Download
memory/2676-1-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2676-2-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2676-5-0x0000000000300000-0x0000000000368000-memory.dmp

Filesize
416KB

Download