312e098ad90418ff893aeec9d194378b098113192ef0b2a4434e46f092e2e2a3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e882d29a55e8a8f163f39b114d2bd7a.exe
Size

655KB
MD5

3e882d29a55e8a8f163f39b114d2bd7a
SHA1

95a56785c53565243748b1ffe9af09a4e17754f1
SHA256

312e098ad90418ff893aeec9d194378b098113192ef0b2a4434e46f092e2e2a3
SHA512

fdb697796bf97c7de37a693a4f9e981e72dbe35933e31a6571edf3652bca804c573c08b9f8ac7cb30089bacb88f9970c0710ac13dfb01dcef3187996aa65d631
SSDEEP

12288:s9JfsVNlpvJx+s2+aO+jgPYvO/WybtslriY7Dkx+FK4FGadofqfKiUDa:qJfsrv4+aRjQYDYa7sx+ZiqfEG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4888-7-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-12-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-13-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-112-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-115-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-114-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-113-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-117-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-116-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-111-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-10-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-164-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-161-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-159-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-185-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-184-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-189-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-186-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-187-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-183-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-194-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-199-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-198-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-197-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-202-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-200-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-204-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-203-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-205-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-206-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-207-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-210-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-208-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-211-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-213-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-214-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-217-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-216-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-219-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-221-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-223-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-309-0x0000000002330000-0x0000000002464000-memory.dmp	upx
behavioral2/memory/4888-330-0x0000000002330000-0x0000000002464000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240601734.log	3e882d29a55e8a8f163f39b114d2bd7a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4888	3e882d29a55e8a8f163f39b114d2bd7a.exe
Token: SeCreatePagefilePrivilege	4888	3e882d29a55e8a8f163f39b114d2bd7a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe
4888	3e882d29a55e8a8f163f39b114d2bd7a.exe

C:\Users\Admin\AppData\Local\Temp\3e882d29a55e8a8f163f39b114d2bd7a.exe
"C:\Users\Admin\AppData\Local\Temp\3e882d29a55e8a8f163f39b114d2bd7a.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240600703\images\Bg.gif

Filesize
20KB

MD5
94d82a50272a4423dca66ae32e0602ca

SHA1
18a1300c684442bffb41dcba54d30c72888f48ec

SHA256
03903399fb31a966050a305d95f585b4d95118eccd9e05a866ac9cdfc7dcbe9f

SHA512
65ccc863b46fedfe5d1e4089cf4bc93a6248f0263266639bde133b416f58e9eb8765a7b15088173470cde1db68ec536bdf65563eba82020d363cb7b2cae18f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\ProgressBar.png

Filesize
266B

MD5
0e0aead9873f985325c78c564830b2da

SHA1
339d70c35d53f322908be28dd80002379b739921

SHA256
bf07069ae477cdfbcbf2541c15f1c8b0cca5158d288ea3c0f86485bd45cefd98

SHA512
96d6f1edeaf4b7e76fb76fda7e14fe9dca86f21f3a1281d5445603a8b52f5201013a82541c1d1887c1cb36de7cb61c1a3a5cc93f1deeaec4c680c3eabff6008c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\back-button.png

Filesize
1KB

MD5
c5d63a3d40ff748895cf763749e8b931

SHA1
b3b4248e492727690c2adc7306a8ea0cd675b2ef

SHA256
226abf53c68832d2f353baf5f6c4b22464571cf247e4b811b9e736a0712250e1

SHA512
57a8d996b853b0b756840079f47b10c0a5f56cd6ad330dfd82e8609e4f10cea26a7934e1635cf0db0ca4801600b6b25f71f443f4158a8b77c08b3cd75fe25774

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\close_button.png

Filesize
1KB

MD5
83487401daf307d6c726a479de1ee6f9

SHA1
c173be4937a63672570078b325864c76b28040b8

SHA256
f4f0f59fccd9b87b208b416423797dcfb532472dcfef99bef41a11ea9f6f713b

SHA512
da69729b6682acd1c46587c7c3b4533d9afbcf84c17e55f43798f1fee0097c7a2f39860e6dbc6a9b1cb26dc63d9afab4511071981ad5fd494f36ad9659c56e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\finish-button.png

Filesize
2KB

MD5
e37ec66b72996fc3ad929cd068570d4d

SHA1
e21be5ea412b4dc02b7d3a61ab3a798946224cae

SHA256
bb4c9ad7ce53b3f958f800f9f04200c0f70542a60e97bba8bdffe7d32dfe9ad4

SHA512
f0973de78b2299fa4116ebefb6944b0a02ff8b8e568eb8e1967b7939a041b31c09e166fc3a33b1ed74c143236b5e0faa7c3905db831b9c262e0de0af9211b9e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\icon.png

Filesize
3KB

MD5
b460d82eab7af8ba6e338e351dd0ecdc

SHA1
265b9a3f3c80f40f8534ddcfbf9c1ed61e3b1b20

SHA256
47a4ac193b9bdfe15d0b8a95370823739c2ae4f6ebf2015e1412b880cde6b81d

SHA512
e3add5d91a61da7f64c7860e6303344f37cd49e2fde15c677924d133fec607dfe4ab4d99ec8a3322587b0b186a58e71fcd326e67057a6ff7ef80ad8ed3f0e63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\next-button.png

Filesize
2KB

MD5
274548cb843bb96fcb50a79a2340b22d

SHA1
bb5253c868861ff10fd48dcce1309d847f087e80

SHA256
d4c02b2a0debcdd1689bcfbc7987826deeb6ec10806d5dd6500def9cd901735d

SHA512
a0117381f58b6b741b049dbb5eadb5917c4199002a73c62890c30cf5759bdf09e8a163e413dc8459dc0dbe0c2cef35d5d5d4653c3646a7214495ae51a4c0d538

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240600703\images\progress-bg.png

Filesize
176B

MD5
192b249d9413082d676f85d1509fe258

SHA1
4130ba10d3bb2267f19fa07dc0672e6ba23a8c4e

SHA256
b97788b954e0f774c72a3a5bf9e50031e0bffbd8185d05fe443a8f47cafc0660

SHA512
75955b892ae19c31b3180d58adc103292fc5dc764b9932b145464021aad347cfdcc5524b24712feb4f611aaa9f375a0088a194a072cf846f1fe625236ac1b82d

Download Submit
memory/4888-10-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-194-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-117-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-116-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-111-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-0-0x0000000002170000-0x0000000002179000-memory.dmp

Filesize
36KB

Download
memory/4888-164-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-161-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-159-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-185-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-184-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-189-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-186-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-187-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-183-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-114-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-115-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-112-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-13-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-14-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/4888-12-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-7-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-6-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4888-113-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-199-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-198-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-197-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-202-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-200-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-204-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-203-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-205-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-206-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-207-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-210-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-208-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-211-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-213-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-214-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-217-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-216-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-219-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-221-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-223-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-309-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-330-0x0000000002330000-0x0000000002464000-memory.dmp

Filesize
1.2MB

Download
memory/4888-352-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download