e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

Resubmissions

09/04/2024, 02:52

240409-dc1rssfh6x 8

09/04/2024, 02:49

240409-da6v2acc46 3

09/04/2024, 02:45

240409-c8yrmscb55 7

09/04/2024, 02:41

240409-c6xfssff6v 1

Analysis

max time kernel
157s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 786937.exe
Size

2.9MB
MD5

dc29dd92582fe161658ceea65e314239
SHA1

22cbba5817885e3bd99470cfda7a49a7aa005a65
SHA256

e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306
SHA512

0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413
SSDEEP

24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023270-28.dat	upx

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2428	Unconfirmed 786937.exe
4768	Unconfirmed 786937.exe
4768	Unconfirmed 786937.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	Unconfirmed 786937.exe
Token: SeDebugPrivilege	4768	Unconfirmed 786937.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 4768	2428	Unconfirmed 786937.exe	98
PID 2428 wrote to memory of 4768	2428	Unconfirmed 786937.exe	98
PID 2428 wrote to memory of 4768	2428	Unconfirmed 786937.exe	98

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
  "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe" --monitor 1880
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.222.577.exe

Filesize
88KB

MD5
4d03d54632c9af8ad351f49d38868d4e

SHA1
d115704f39e716f364ff8d83e7d27b5f68c6c5c2

SHA256
8691d83d05c6800dc1caebe21d84f358a82b62da1487eb252f2d2e164fb40abb

SHA512
60bfa60dd825b045726aba4782e597dca83d6d1dc4c02e609a38654e80c1cfd31121ace4778f015409b16af81cb8024801c1dc13ccb440a0755fad499cf8d042

Download Submit
memory/2428-15-0x000000000A440000-0x000000000A4D2000-memory.dmp

Filesize
584KB

Download
memory/2428-12-0x0000000006D90000-0x0000000006DD4000-memory.dmp

Filesize
272KB

Download
memory/2428-3-0x0000000005930000-0x00000000059E0000-memory.dmp

Filesize
704KB

Download
memory/2428-4-0x0000000006180000-0x00000000061D6000-memory.dmp

Filesize
344KB

Download
memory/2428-1-0x0000000000A10000-0x0000000000CF0000-memory.dmp

Filesize
2.9MB

Download
memory/2428-25-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/2428-7-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2428-8-0x00000000069E0000-0x0000000006A18000-memory.dmp

Filesize
224KB

Download
memory/2428-9-0x0000000006680000-0x000000000668E000-memory.dmp

Filesize
56KB

Download
memory/2428-13-0x0000000009260000-0x0000000009282000-memory.dmp

Filesize
136KB

Download
memory/2428-2-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/2428-11-0x0000000006D50000-0x0000000006D58000-memory.dmp

Filesize
32KB

Download
memory/2428-10-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/2428-14-0x0000000009E80000-0x000000000A1D4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-0-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/2428-16-0x000000000AA90000-0x000000000B034000-memory.dmp

Filesize
5.6MB

Download
memory/2428-18-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/2428-24-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4768-19-0x0000000005740000-0x0000000005750000-memory.dmp

Filesize
64KB

Download
memory/4768-17-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4768-6-0x0000000005740000-0x0000000005750000-memory.dmp

Filesize
64KB

Download
memory/4768-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download