8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Size

4.0MB
MD5

4411442cfb7fcedd0e56e0e4d5160b12
SHA1

c26c57b36a417d3c37628c0d30b93b6713910162
SHA256

8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8
SHA512

11e42040f99cc3464a518c0dc70aaba1e8072e99e7ecf92488f22524162f1fcd7a1759754e96332ec1fca6e54eef5dccdd090280caa7833aee741e3275d0c06a
SSDEEP

49152:zI/j3nUjjpJ7gqNuu9MvwXnRsQmop5R+xLFCh/Q20BB+s8KuqGaX0ToIBAUZLYlS:Q3nUZJ71Nujvw3RsX25R+xAjJBAUZLr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1336-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-20-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-26-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1336-71-0x0000000000BD0000-0x0000000000BF6000-memory.dmp	upx
behavioral1/memory/1336-69-0x0000000000BD0000-0x0000000000BF6000-memory.dmp	upx
behavioral1/memory/1336-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeDebugPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 1	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeCreateTokenPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeAssignPrimaryTokenPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeLockMemoryPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeIncreaseQuotaPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeMachineAccountPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeTcbPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeSecurityPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeTakeOwnershipPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeLoadDriverPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeSystemProfilePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeSystemtimePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeProfSingleProcessPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeIncBasePriorityPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeCreatePagefilePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeCreatePermanentPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeBackupPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeRestorePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeShutdownPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeDebugPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeAuditPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeSystemEnvironmentPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeChangeNotifyPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeRemoteShutdownPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeUndockPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeSyncAgentPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeEnableDelegationPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeManageVolumePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeImpersonatePrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeCreateGlobalPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 31	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 32	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 33	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 34	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 35	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 36	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 37	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 38	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 39	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 40	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 41	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 42	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 43	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 44	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 45	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 46	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 47	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: 48	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeDebugPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeDebugPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
Token: SeDebugPrivilege	1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
1336	8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe

C:\Users\Admin\AppData\Local\Temp\8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe
"C:\Users\Admin\AppData\Local\Temp\8c9190fe1bb6692f317c814d07855d8659712109f53186ea6b255b9bf84244c8.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f76982a.tmp

Filesize
1.2MB

MD5
d124f55b9393c976963407dff51ffa79

SHA1
2c7bbedd79791bfb866898c85b504186db610b5d

SHA256
ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef

SHA512
278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

Download Submit
C:\Users\Admin\AppData\Local\Temp\f769849.tmp

Filesize
813KB

MD5
5e0db2d8b2750543cd2ebb9ea8e6cdd3

SHA1
8b997b38e179cd03c0a2e87bddbc1ebca39a8630

SHA256
01eb95fa3943cf3c6b1a21e473a5c3cb9fcbce46913b15c96cac14e4f04075b4

SHA512
38a2064f7a740feb6dba46d57998140f16da7b9302bfe217a24d593220c2340f854645d05993aac6b7ecf819b5c09e062c5c81ba29f79d919ae518e6de071716

Download Submit
memory/1336-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-20-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-26-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-54-0x00000000003A0000-0x00000000003DC000-memory.dmp

Filesize
240KB

Download
memory/1336-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-68-0x0000000002BB0000-0x0000000002CB1000-memory.dmp

Filesize
1.0MB

Download
memory/1336-71-0x0000000000BD0000-0x0000000000BF6000-memory.dmp

Filesize
152KB

Download
memory/1336-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-70-0x0000000002960000-0x00000000029A1000-memory.dmp

Filesize
260KB

Download
memory/1336-69-0x0000000000BD0000-0x0000000000BF6000-memory.dmp

Filesize
152KB

Download
memory/1336-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1336-82-0x00000000003A0000-0x00000000003DC000-memory.dmp

Filesize
240KB

Download