15adf2383fcf1034e6a0bbf322edb991ab38a5a17c2aed3a36056a0a24dea8d4 | Triage

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:17

Sharing

Report Analysis Logs

General

Target

0038cf4299a4543bd771bb6f5d93dc45.exe
Size

11KB
MD5

0038cf4299a4543bd771bb6f5d93dc45
SHA1

4fd1c814dac543f3ff6904a034ed332b22417b1b
SHA256

15adf2383fcf1034e6a0bbf322edb991ab38a5a17c2aed3a36056a0a24dea8d4
SHA512

b86cd6e4aff5528fb7565500b30b16dc81824119ac7f9d68f4e3310d94c1515c81faa2332bb9363c1679e11b41bcd1d1f992b7e28c518d243bac4002eee41a5c
SSDEEP

192:UEcUk0Z0bl4tEfJPBBQMdW057vSPxLwB+bOtW:UEQ0+R4y6SWu7a5LtyW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4072-0-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral2/memory/4072-3-0x0000000000400000-0x000000000040D000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4072	0038cf4299a4543bd771bb6f5d93dc45.exe
4072	0038cf4299a4543bd771bb6f5d93dc45.exe
4072	0038cf4299a4543bd771bb6f5d93dc45.exe
4072	0038cf4299a4543bd771bb6f5d93dc45.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4072	0038cf4299a4543bd771bb6f5d93dc45.exe

C:\Users\Admin\AppData\Local\Temp\0038cf4299a4543bd771bb6f5d93dc45.exe
"C:\Users\Admin\AppData\Local\Temp\0038cf4299a4543bd771bb6f5d93dc45.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4072-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4072-3-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download