40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990

max time kernel
1039s
max time network
1801s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13/04/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe
Size

1.8MB
MD5

147f5f5bbc80b2ad753993e15f3f32c2
SHA1

16d73b4abeef12cf76414338901eb7bbef46775f
SHA256

40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512

9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6
SSDEEP

49152:L0F7w+ANy7moCOmY9x5VlLdf0w26/biK:IaXsCc9nmwfOK

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Contacts a large (870) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-5-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-6-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-8-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-9-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-10-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-11-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-16-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-17-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-18-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-43-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-44-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-45-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-54-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-55-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-56-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-60-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-61-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-62-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-63-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-64-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-65-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-66-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-67-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-68-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-69-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-70-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-71-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-72-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-73-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-74-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-75-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-79-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-83-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-87-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-88-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-89-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-90-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-94-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-95-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-96-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-97-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-98-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-99-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-100-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-101-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-102-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-103-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-104-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-105-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-106-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-110-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-111-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-112-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-119-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-120-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-121-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-125-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-126-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-127-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-128-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-129-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-130-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral1/memory/2324-134-0x0000000000400000-0x0000000000848000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\""	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
1840	discord.com
2682	discord.com
2683	discord.com
2783	discord.com
3015	discord.com
3603	discord.com
4367	discord.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2108 set thread context of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2324	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe
2324	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe
2324	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28
PID 2108 wrote to memory of 2324	2108	40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe	28

C:\Users\Admin\AppData\Local\Temp\40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe
"C:\Users\Admin\AppData\Local\Temp\40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe
  "C:\Users\Admin\AppData\Local\Temp\40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
cae53678af8227e6d6f022d6a856ddbd

SHA1
802d2d2a25e1483d5b47e9d1a7b6865d6938efe8

SHA256
893db0cada5e10fc6ba14944a6eaeb435cb12fc4c17a52fe5c9dd02a04591ff1

SHA512
c4a6c660d11da9484f5bdfaaec4f5316b98fb84259f8f4f624b762a4f1f0cd4728291e9f1f39e6b9a26782ccf3d10003a8c210e29e06f4a48316243a227bd04a

Download Submit
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

Filesize
8.8MB

MD5
d16ea7340153f4df20625a5c0a280f8a

SHA1
60f21520a70d38bd225e1a370f097550bfe210f9

SHA256
cebbb41aaffa71fb24cdf3012ab8046df216aae6185984f3688907a017b70ce7

SHA512
b516f19c1cd6e8dac75105718698d7cd901dd3826d7735da96e16a4fc40644d6f6991f4a7ac40b01d99195331107b5dfde05a2aca232029b682ba82bb90ad2a2

Download Submit
memory/2108-0-0x0000000004840000-0x00000000049F8000-memory.dmp

Filesize
1.7MB

Download
memory/2108-1-0x0000000004840000-0x00000000049F8000-memory.dmp

Filesize
1.7MB

Download
memory/2108-4-0x0000000004A00000-0x0000000004BB7000-memory.dmp

Filesize
1.7MB

Download
memory/2108-7-0x0000000004840000-0x00000000049F8000-memory.dmp

Filesize
1.7MB

Download
memory/2324-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2324-5-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-6-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-8-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-9-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-10-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-11-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-16-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-17-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-18-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-43-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-44-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-45-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-54-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-55-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-56-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-60-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-61-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-62-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-63-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-64-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-65-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-66-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-67-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-68-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-69-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-70-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-71-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-72-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-73-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-74-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-75-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-79-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-83-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-87-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-88-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-89-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-90-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-94-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-95-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-96-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-97-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-98-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-99-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-100-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-101-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-102-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-103-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-104-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-105-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-106-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-110-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-111-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-112-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-119-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-120-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-121-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-125-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-126-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-127-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-128-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-129-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-130-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2324-134-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download