4ebb2bd75c78469bc1a92b5fe5086efd4712d0d28c50011d3df0631c518a44c1 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 11:06

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

4.2MB
MD5

b868f691271c55662fddf5d732bd07e5
SHA1

b10e9c0135144a0c99122631c6422a2cdf39c8d4
SHA256

4ebb2bd75c78469bc1a92b5fe5086efd4712d0d28c50011d3df0631c518a44c1
SHA512

4eff9d4537e92b85e129c018635ae469abe1acd562ab7a081c14192fb768e7fd2402bc8db338eeb753b1c9dbc5decb3e19685e69c2a0cd2d696aa3d2c5e2bfac
SSDEEP

98304:uALdWXkBrMF1ET1JxfxDNcrGW6kyHaRe90A/uZunJuu9MB7wDnpFVw5Y7bR:uSTtZJT6rGWryH/90AmZnul1wsR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2892-0-0x0000000000070000-0x000000000085C000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2892	tmp.exe
2892	tmp.exe
2892	tmp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2892	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2892-0-0x0000000000070000-0x000000000085C000-memory.dmp

Filesize
7.9MB

Download