a63116967e732956dbbdf760f4c4d291c50184ce21dadb234e194ac1c2e864c4

General

Target

223481b2716424c55b698a70a7723430.exe
Size

402KB
MD5

223481b2716424c55b698a70a7723430
SHA1

1757166b18b10d1682bc39f4b34a91e02a6dc86d
SHA256

a63116967e732956dbbdf760f4c4d291c50184ce21dadb234e194ac1c2e864c4
SHA512

01daef8e2cd4d52262ec291c1a0abb0362d110b4258f8c3ecd509fef1c47c7cb149bb551a0853a87966b8b488dd6188c8d2d46bf27417c0026fe7bf3d1c7f8ad
SSDEEP

6144:VNKh6l6kPy+PuZkHrsWcmlH72R6GIwNc8FE1O9HGpBgU3E7ju:V4Yba+PdrsWlHSRwIEKkgG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4648-0-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4648-1-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4648-2-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4648-5-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4648-6-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral2/memory/4648-9-0x0000000000400000-0x000000000052B000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe223481b2716424c55b698a70a7723430.exe

description	pid	process	target process
PID 4648 set thread context of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 set thread context of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe

pid process

4648 223481b2716424c55b698a70a7723430.exe

pid	process
4648	223481b2716424c55b698a70a7723430.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

223481b2716424c55b698a70a7723430.exe223481b2716424c55b698a70a7723430.exe

C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
"C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4648

C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
"C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4828

C:\Users\Admin\AppData\Local\Temp\223481b2716424c55b698a70a7723430.exe
mine.exe -a 59 -o http://hdzx.aquarium-stakany.org:8332/ -u darkSons_crypt -p pt
3⤵
PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2096-27-0x0000000002370000-0x00000000023BB000-memory.dmp

Filesize
300KB

Download
memory/2096-49-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-50-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-28-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2096-47-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-45-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-42-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-40-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-11-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-12-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-13-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/2096-14-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/2096-15-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-16-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-17-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-19-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-39-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-20-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-22-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-37-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-26-0x0000000002410000-0x0000000002415000-memory.dmp

Filesize
20KB

Download
memory/2096-25-0x0000000002420000-0x0000000002422000-memory.dmp

Filesize
8KB

Download
memory/2096-29-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-35-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2096-21-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-34-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-31-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2096-32-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4648-0-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4648-5-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4648-1-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4648-6-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4648-9-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4648-2-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/4828-24-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-30-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-38-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-43-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-33-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-44-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-7-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-46-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-36-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-48-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-10-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4828-41-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download

description	pid	process	target process
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4648 wrote to memory of 4828	4648	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe
PID 4828 wrote to memory of 2096	4828	223481b2716424c55b698a70a7723430.exe	223481b2716424c55b698a70a7723430.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads