08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf

max time kernel
1799s
max time network
1800s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17/04/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
Size

1.9MB
MD5

0b559ca054356534e07322d4cd00a351
SHA1

e5be9a86c3da0a25a15bad5b06390cae4f71610a
SHA256

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf
SHA512

82438431578bd37381632f2e330c600d17344a16dcf63b0df49887c964ec7565ee840fc2f98405982eefb21f6abaa111562b8950033fad389345b5069bd5e047
SSDEEP

49152:POwglWgEBHGKCSbMCAvxDM82UCYaLb+NLytJD8W4EfzaFb:POTlWHtAvO82U0LKNeEuz

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/4560-4-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-1-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-6-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-7-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-8-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-9-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-23-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-39-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-40-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-41-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-45-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-46-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-52-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-53-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-54-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-55-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-59-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-60-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-61-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-62-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-63-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-64-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-65-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-66-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-67-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-68-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-69-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-70-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-71-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-72-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-73-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-77-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-78-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-79-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-83-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-84-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-85-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-89-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-90-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-91-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-92-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-93-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-94-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-95-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-96-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-97-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-98-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-99-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-100-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-101-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-105-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-106-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-107-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-114-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-115-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-116-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-117-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-121-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-122-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-123-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-124-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-125-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-126-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral3/memory/4560-127-0x0000000000400000-0x0000000000846000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\""	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 752 set thread context of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
4560	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72
PID 752 wrote to memory of 4560	752	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	72

C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
"C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:752
- C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
  "C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
2bb9dff531631722b5144e48d2026fe0

SHA1
918a78ccb6783ceeb5e8f6fb5fe68bf5add20cea

SHA256
d27cecb452f74d71791b7878c21bfa1fa03c28554f77a1cca95175274c623598

SHA512
ab4e7423c1e090d94e7764815772c658b9b489d7593c746b65103a00586b05a9f7d42c3ceba508feff37fd947c726a7a5a022b7b71cfd85764943de3ed17c06a

Download Submit
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

Filesize
7.1MB

MD5
6d783c8f21edde6d32b20b557fd43a8a

SHA1
0b53628f96ca23b2ab7a6048300d2a81a108c218

SHA256
64f13e63391b4de60f47f3d1922b291ba0a20f651c667dff544ca1b49a96e44a

SHA512
6b7a3efaf753f0f2f31f46fdfedf648c177190e324c871e406a2e81d7aa34656c7932035aea4a2bccff025e393cfcf4d998926155913cf616024a651377ec608

Download Submit
memory/752-2-0x00000000032E0000-0x00000000034A2000-memory.dmp

Filesize
1.8MB

Download
memory/752-3-0x0000000004D50000-0x0000000004F06000-memory.dmp

Filesize
1.7MB

Download
memory/4560-4-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-1-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-6-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-7-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-8-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-9-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-23-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-39-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-40-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-41-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-45-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-46-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-52-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-53-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-54-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-55-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-59-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-60-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-61-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-62-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-63-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-64-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-65-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-66-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-67-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-68-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-69-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-70-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-71-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-72-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-73-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-77-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-78-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-79-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-83-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-84-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-85-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-89-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-90-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-91-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-92-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-93-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-94-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-95-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-96-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-97-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-98-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-99-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-100-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-101-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-105-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-106-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-107-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-114-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-115-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-116-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-117-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-121-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-122-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-123-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-124-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-125-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-126-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-127-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-128-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/4560-129-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download