08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf

max time kernel
1198s
max time network
1200s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/04/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
Size

1.9MB
MD5

0b559ca054356534e07322d4cd00a351
SHA1

e5be9a86c3da0a25a15bad5b06390cae4f71610a
SHA256

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf
SHA512

82438431578bd37381632f2e330c600d17344a16dcf63b0df49887c964ec7565ee840fc2f98405982eefb21f6abaa111562b8950033fad389345b5069bd5e047
SSDEEP

49152:POwglWgEBHGKCSbMCAvxDM82UCYaLb+NLytJD8W4EfzaFb:POTlWHtAvO82U0LKNeEuz

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2576-2-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-3-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-5-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-6-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-7-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-8-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-13-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-14-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-15-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-16-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-41-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-42-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-45-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-49-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-53-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-54-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-55-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-56-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-60-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-61-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-62-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-63-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-64-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-65-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-66-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-67-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-68-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-69-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-70-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-71-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-72-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-73-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-74-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-75-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-79-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-80-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-84-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-85-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-86-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-87-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-91-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-92-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-93-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-94-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-95-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-96-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-97-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-98-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-99-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-100-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-101-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-102-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-103-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-107-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-108-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-109-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-116-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-117-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-118-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-119-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-123-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-124-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-125-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral2/memory/2576-126-0x0000000000400000-0x0000000000846000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\""	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4588 set thread context of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2576	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73
PID 4588 wrote to memory of 2576	4588	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	73

C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
"C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
  "C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
524aa207546b0ac25e011d6e3a62a5ff

SHA1
4a2136d1f00318cdbb09f6ba21e82648d0dc9617

SHA256
895824096b4bde3dc92ba17f36fe493317e786313095a40c16c337325916fa5f

SHA512
e5ac0ee8cb089a99b2ef6644d6a2891bde6798352d2f16c38c65c61cd132acc663c7a31e91bc6ac050cddd082d144c66f84bedf26dd646ae4adeb073233806d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

Filesize
6.0MB

MD5
09b7e4aff96c09d8c8829c91b8c5f8c4

SHA1
95dd22066677a655acbcc2b923001a1377e7344e

SHA256
08aeac53f329db54c01c28d22fea42ea406cca725c53d9ee9446e3e03a9c01f9

SHA512
4dc5be3865acbfdb01b6099eee92ee40f5b22ab8d53797ef68f33a0a2524f2788786b5bb41ad45d727cb968ba5c04902c1ca1db96e1aa31edb1ac8667d5b4396

Download Submit
memory/2576-74-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-80-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-5-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-6-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-2-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-8-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-13-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-14-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-15-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-16-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-41-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-42-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-45-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-49-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-53-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-54-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-55-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-56-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-60-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-61-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-62-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-63-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-64-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-65-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-66-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-67-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-68-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-69-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-70-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-71-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-72-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-73-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-7-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-3-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-117-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-75-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-84-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-85-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-86-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-87-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-91-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-92-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-93-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-94-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-95-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-96-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-97-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-98-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-99-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-100-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-101-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-102-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-103-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-107-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-108-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-109-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-116-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-79-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-118-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-119-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-123-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-124-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-125-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-126-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-127-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2576-128-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4588-1-0x00000000032C0000-0x000000000347E000-memory.dmp

Filesize
1.7MB

Download
memory/4588-4-0x0000000004C20000-0x0000000004DD6000-memory.dmp

Filesize
1.7MB

Download