37aa87f537a9f8ff371df3467af3bfbf2b0dfbe2ea624ca59fece2e5576dda4d

Analysis

max time kernel
0s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a3029d7651d12726ff92e6d99917408.exe
Size

556KB
MD5

1a3029d7651d12726ff92e6d99917408
SHA1

72d32dc421c391aa8581dd473d75ff777bdee4eb
SHA256

37aa87f537a9f8ff371df3467af3bfbf2b0dfbe2ea624ca59fece2e5576dda4d
SHA512

603dc57bc8ea9fe733e8af7f6113e55a5e1d29a41d034cca84c53a67513009e27301e975b4926d74194b3a2987ebca52f74cdf8d7327046b8e148dab1bdbbbed
SSDEEP

12288:DGMVWEswD7o/Aoy51aISoO+YlyeU81GYOCmBmXHKwMMzk:DGSWEhnoIooSUY40G4imXHKwMMzk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3640-0-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-1-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-2-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-154-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-155-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-156-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-157-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-159-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-160-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-161-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-163-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-164-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-165-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-166-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-167-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-168-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-169-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-170-0x0000000000400000-0x0000000000521000-memory.dmp	upx
behavioral2/memory/3640-171-0x0000000000400000-0x0000000000521000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3640	1a3029d7651d12726ff92e6d99917408.exe
3640	1a3029d7651d12726ff92e6d99917408.exe

C:\Users\Admin\AppData\Local\Temp\1a3029d7651d12726ff92e6d99917408.exe
"C:\Users\Admin\AppData\Local\Temp\1a3029d7651d12726ff92e6d99917408.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3640-0-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-1-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-2-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-6-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download
memory/3640-154-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-155-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-156-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-157-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-158-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

Filesize
4KB

Download
memory/3640-159-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-160-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-161-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-163-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-164-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-165-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-166-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-167-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-168-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-169-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-170-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3640-171-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download