cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea

General

Target

cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe
Size

2.3MB
MD5

798eba318b0baed3f2e9ec3bd498850b
SHA1

fbddd65ac74159fb7864353099eaee212936297f
SHA256

cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea
SHA512

29589f743bebfed04925bd729a975aee37d981700b1aa8524138c3321c8d0f3793c4e349a37ed343083c6b294d53eefcfb00dc95bf4723319c1b05d2821df397
SSDEEP

49152:0As6XRk1VedbE9wAOvUrTEscbY0uyBKZwRcoak0yr9/ws9qP74yw8YAMrvw+x/85:0AS1VedbE9wtvyETbYPXkn/ws9yYhvw3

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1392	cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1392-0-0x0000000000400000-0x0000000000941000-memory.dmp	upx
behavioral2/memory/1392-7-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-24-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-37-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-43-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-48-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-54-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-57-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-60-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-61-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-52-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-50-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-46-0x0000000000400000-0x0000000000941000-memory.dmp	upx
behavioral2/memory/1392-45-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-40-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-35-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-33-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-30-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-28-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-26-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-22-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-20-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-18-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-15-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-13-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-12-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-11-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-10-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-9-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-64-0x0000000003530000-0x000000000356E000-memory.dmp	upx
behavioral2/memory/1392-65-0x0000000000400000-0x0000000000941000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1392	cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe
1392	cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe
1392	cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe

C:\Users\Admin\AppData\Local\Temp\cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe
"C:\Users\Admin\AppData\Local\Temp\cf567aa17486009a9bf3041306849b2ac71ab0e68d92224a0aea63f8675f95ea.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\CCStudio\HpSocket4C.dll

Filesize
1.3MB

MD5
d05529e655a3497b0e6dadea55819de1

SHA1
d18b5da28042ef2af2f9be7386e86b3f2f86f6bd

SHA256
393bd1ef398fde8a2f3e0354bc3a98bbe74599d41274140c2eebfe35de02c589

SHA512
d7c3da74de5a0ecd8a4ad77e92748ba8b6fe6dfce235eb99b1c7c735ccf2925f87f0db322f24d63372678d6bfdb16670e080eb8761ffbb044dcd7d7f79f2add9

Download Submit
memory/1392-40-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-33-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-7-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-24-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-37-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-43-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-48-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-54-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-35-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-60-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-61-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-52-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-50-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-46-0x0000000000400000-0x0000000000941000-memory.dmp

Filesize
5.3MB

Download
memory/1392-1-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/1392-45-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-57-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-0-0x0000000000400000-0x0000000000941000-memory.dmp

Filesize
5.3MB

Download
memory/1392-30-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-28-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-26-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-22-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-20-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-18-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-15-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-13-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-12-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-11-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-10-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-9-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-64-0x0000000003530000-0x000000000356E000-memory.dmp

Filesize
248KB

Download
memory/1392-65-0x0000000000400000-0x0000000000941000-memory.dmp

Filesize
5.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads