9bc737a10dbdfd20b388cfb7cf333a252993a55dbf0356c12eacad149cbf057c

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4381c176192177167410b61fb24fb693.exe
Size

453KB
MD5

4381c176192177167410b61fb24fb693
SHA1

73a34b94e52c86ca8189ecc794fec358349312d5
SHA256

9bc737a10dbdfd20b388cfb7cf333a252993a55dbf0356c12eacad149cbf057c
SHA512

e134853ebdfd12c79838f425fba91b3f6712139a6cab9fb539273ad186e2bc73d948a4e0912a6856ba808da8a4493789124220265bca356086ea857004b7047c
SSDEEP

12288:ASfYZWjfcI/tvTrY9a3oiF76B0Z1qP3S2:HfYsvlSrip6B0Z4P3S2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-2-0x0000000000400000-0x000000000047A000-memory.dmp	upx

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Control Panel\5761b2dc-ce77-4bfa-b965-6f33b1867cf2	4381c176192177167410b61fb24fb693.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe
2128	4381c176192177167410b61fb24fb693.exe

C:\Users\Admin\AppData\Local\Temp\4381c176192177167410b61fb24fb693.exe
"C:\Users\Admin\AppData\Local\Temp\4381c176192177167410b61fb24fb693.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x00000000004F0000-0x0000000000559000-memory.dmp

Filesize
420KB

Download
memory/2128-1-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2128-2-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/2128-5-0x00000000004F0000-0x0000000000559000-memory.dmp

Filesize
420KB

Download