04fdfdf3e5df042836c473a602a721a88064dc3b48f5e37f6163eeeaff85a56b

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40eafc0c9230e7950475f270074ade76.exe
Size

650KB
MD5

40eafc0c9230e7950475f270074ade76
SHA1

28cc9da0682b5c41034be57203694d2df7692e64
SHA256

04fdfdf3e5df042836c473a602a721a88064dc3b48f5e37f6163eeeaff85a56b
SHA512

e3ad17b750982d76b8eb327f5e74043890b467c81e80d2c347f072d6b1d41c0181ddf577f48bb5d8806e2b9ab987e2a8147cadb73373d149da5430c7c0bdc573
SSDEEP

12288:BJfs43cm0ze8WSDrIllm8H9KikqM2Sv2Mk6V8S5oRKDNEvH:BJfs+cGZSDrilzdKikqMLjV3E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2112-10-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-13-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-105-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-107-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-109-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-108-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-111-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-110-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-106-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-115-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-12-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-7-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-174-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-171-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-170-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-177-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-178-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-180-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-179-0x0000000002370000-0x00000000024A4000-memory.dmp	upx
behavioral2/memory/2112-183-0x0000000002370000-0x00000000024A4000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2112	40eafc0c9230e7950475f270074ade76.exe
2112	40eafc0c9230e7950475f270074ade76.exe
2112	40eafc0c9230e7950475f270074ade76.exe
2112	40eafc0c9230e7950475f270074ade76.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2112	40eafc0c9230e7950475f270074ade76.exe
Token: SeCreatePagefilePrivilege	2112	40eafc0c9230e7950475f270074ade76.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2112	40eafc0c9230e7950475f270074ade76.exe
2112	40eafc0c9230e7950475f270074ade76.exe

C:\Users\Admin\AppData\Local\Temp\40eafc0c9230e7950475f270074ade76.exe
"C:\Users\Admin\AppData\Local\Temp\40eafc0c9230e7950475f270074ade76.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-6-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2112-10-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-13-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-105-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-107-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-109-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-108-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-111-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-110-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-106-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-115-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-14-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/2112-12-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-7-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-0-0x0000000000470000-0x0000000000479000-memory.dmp

Filesize
36KB

Download
memory/2112-174-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-171-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-170-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-177-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-178-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-180-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-179-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-183-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-181-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-186-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-188-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-195-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-196-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-194-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-197-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-193-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-192-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-199-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-198-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-200-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-202-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-203-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-209-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-211-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-212-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-207-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-205-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-213-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-216-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-283-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-303-0x0000000002370000-0x00000000024A4000-memory.dmp

Filesize
1.2MB

Download
memory/2112-322-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download