8983d951c2b99cab92156f7567e600b23f9814d4fe95eeb556107825e518ec73

Analysis

max time kernel
140s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b82cae2d4321aa735190c6c054ab89b3.exe
Size

192KB
MD5

b82cae2d4321aa735190c6c054ab89b3
SHA1

a46f7be3a71f0f9dfea73be266293cd7d1ad158f
SHA256

8983d951c2b99cab92156f7567e600b23f9814d4fe95eeb556107825e518ec73
SHA512

c34ead815f0744226e5e7b1bbb13c17b95935da37cd75d44fc1716a762d4cb5540b8fa19137d7d03e4a927e69548718e5da210a4f248e5fd172da787cd340ff1
SSDEEP

6144:Zn8Z9iJtTdjZicYvtjFOf/bK8xQ6VBEMoO:ZnUindjUcSQK8xXTL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3528-0-0x0000000004000000-0x0000000004075000-memory.dmp	upx
behavioral2/memory/1180-13-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-16-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-19-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3528-25-0x0000000004000000-0x0000000004075000-memory.dmp	upx
behavioral2/memory/1180-28-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-30-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-29-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-31-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1180-36-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3528 set thread context of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 3528 wrote to memory of 1180	3528	b82cae2d4321aa735190c6c054ab89b3.exe	89
PID 1180 wrote to memory of 2524	1180	b82cae2d4321aa735190c6c054ab89b3.exe	91
PID 1180 wrote to memory of 2524	1180	b82cae2d4321aa735190c6c054ab89b3.exe	91
PID 1180 wrote to memory of 2524	1180	b82cae2d4321aa735190c6c054ab89b3.exe	91

C:\Users\Admin\AppData\Local\Temp\b82cae2d4321aa735190c6c054ab89b3.exe
"C:\Users\Admin\AppData\Local\Temp\b82cae2d4321aa735190c6c054ab89b3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Users\Admin\AppData\Local\Temp\b82cae2d4321aa735190c6c054ab89b3.exe
  "C:\Users\Admin\AppData\Local\Temp\b82cae2d4321aa735190c6c054ab89b3.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1180
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\37B9.tmp\welcome.bat""
    3⤵
    PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\37B9.tmp\welcome.bat

Filesize
33B

MD5
56844c2e40c388540fa723975f12fc5f

SHA1
f965610b3108a919620920e4e45c2650a2f3c38e

SHA256
2d2e1f8328536a83a2c56aad47b6de0b5d255247260c1e55ea1c4fcdf6bbd797

SHA512
034db9e5b2664a6533550ccdc46a449559921f304f8f3e66fc429740f9af1cc727e1b691b90427185f8de093a9bf4617e4428789ad92170897dd998e90340f52

Download Submit
memory/1180-28-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-29-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-36-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-31-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-19-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-30-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-13-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1180-16-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3528-25-0x0000000004000000-0x0000000004075000-memory.dmp

Filesize
468KB

Download
memory/3528-15-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-5-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-10-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-9-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-17-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-0-0x0000000004000000-0x0000000004075000-memory.dmp

Filesize
468KB

Download
memory/3528-26-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-7-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-12-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-2-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/3528-35-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download
memory/3528-20-0x00000000000A0000-0x00000000001A0000-memory.dmp

Filesize
1024KB

Download