2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1

Analysis

max time kernel
144s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
Size

5.6MB
MD5

e72095440ad93ac78b2b69de0e072112
SHA1

d30cea66acf86a17c401626f597a68acb606aaae
SHA256

2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1
SHA512

5b7a73266e54581088acfb7b410d2eb7ef60aa2b1715a9b3c6984d130ee3b550d564ac988e9a3b2e1a11011322dd8ea63eed563faa12de520efbdbd348ba3c14
SSDEEP

98304:dt/bm1Ay2Njl5E7/vf6vq+LWMRynNP1BTYY4nCTsx6cbKy4LQtcX/2K4Gwr:dZm1ZsEb6vqwXoNdB0ZCTsx6cbDDcX/A

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-8696-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8707-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8709-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8713-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8716-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8720-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8727-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8729-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8739-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8742-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8746-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8749-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2656-8751-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 55 IoCs

pid	Process
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
2656	2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe

C:\Users\Admin\AppData\Local\Temp\2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe
"C:\Users\Admin\AppData\Local\Temp\2a13933ad0cb02afea6f651ae90effe2619f5979afe66aba789579014270d6b1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
1.8MB

MD5
9c842288aefe97836f56d6b20b078ff8

SHA1
4c28b0112195a5181891022fd999fc8a6236a842

SHA256
8d048151cefb7b07d4b00704fcc858d22c7501d1692902ea363678ad50db603e

SHA512
4e20b932b11b0c5cbce221c1eb947e7b3ddb68d5ad9d5153c713e55d11dde7482ae3164d57b20b7c82015bfcdbcc6c2d579544b324ff3662e207185200172eb0

Download Submit
memory/2656-0-0x0000000000400000-0x0000000000BE4000-memory.dmp

Filesize
7.9MB

Download
memory/2656-1-0x0000000075F20000-0x0000000075F67000-memory.dmp

Filesize
284KB

Download
memory/2656-814-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-816-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-822-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-830-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-828-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-832-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-834-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-826-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-824-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-820-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-818-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-811-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-812-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-842-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-844-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-850-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-848-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-846-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-840-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-838-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-852-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-836-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-854-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-858-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-864-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-862-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-860-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-866-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-868-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-870-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-856-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-872-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-2547-0x0000000002910000-0x0000000002A91000-memory.dmp

Filesize
1.5MB

Download
memory/2656-8686-0x0000000002C40000-0x0000000002D51000-memory.dmp

Filesize
1.1MB

Download
memory/2656-8693-0x0000000000400000-0x0000000000BE4000-memory.dmp

Filesize
7.9MB

Download
memory/2656-8696-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8707-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8709-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8713-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8716-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8720-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8727-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8729-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8731-0x0000000000400000-0x0000000000BE4000-memory.dmp

Filesize
7.9MB

Download
memory/2656-8739-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8742-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8746-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8749-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8751-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2656-8761-0x0000000000400000-0x0000000000BE4000-memory.dmp

Filesize
7.9MB

Download