08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf

max time kernel
1792s
max time network
1799s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17-04-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
Size

1.9MB
MD5

0b559ca054356534e07322d4cd00a351
SHA1

e5be9a86c3da0a25a15bad5b06390cae4f71610a
SHA256

08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf
SHA512

82438431578bd37381632f2e330c600d17344a16dcf63b0df49887c964ec7565ee840fc2f98405982eefb21f6abaa111562b8950033fad389345b5069bd5e047
SSDEEP

49152:POwglWgEBHGKCSbMCAvxDM82UCYaLb+NLytJD8W4EfzaFb:POTlWHtAvO82U0LKNeEuz

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral5/memory/2880-4-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-6-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-7-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-3-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-8-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-9-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-24-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-40-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-39-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-44-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-45-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-46-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-52-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-53-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-54-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-55-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-56-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-57-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-58-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-62-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-63-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-64-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-65-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-66-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-67-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-68-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-69-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-70-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-71-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-75-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-79-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-80-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-81-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-85-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-86-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-87-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-88-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-92-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-93-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-94-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-95-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-96-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-97-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-98-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-99-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-100-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-101-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-102-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-103-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-104-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-111-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-112-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-113-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-117-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-118-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-119-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-120-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-121-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-122-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-123-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-124-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-125-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-126-0x0000000000400000-0x0000000000846000-memory.dmp	upx
behavioral5/memory/2880-127-0x0000000000400000-0x0000000000846000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\""	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1812 set thread context of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
2880	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80
PID 1812 wrote to memory of 2880	1812	08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe	80

C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
"C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe
  "C:\Users\Admin\AppData\Local\Temp\08089429ee4231d39dd0f2c970dca60e09a72e6c003f480f2dad76b032fdc1cf.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus

Filesize
2.6MB

MD5
5d069829295a5f737eb7054d3ed24252

SHA1
df6376d7de71928a3acfafdfe5f2fd8a4b452c50

SHA256
e9d317432af7b2370c7df9de97a046f637237eccf1b727fca01c1b1d83b4f57e

SHA512
3161e65dfe3069e272358881e0fa8f4cf182c2b3b87820638b1f7b3b67c501419a90c0fd5c124e59219f977922d87fa8176d04456a2721935d6822b627898e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

Filesize
20.2MB

MD5
40bc3ffd77f364dd876edb574a1088a5

SHA1
1fb07883f01b2015f70fbe8e5b112dd1ee1d029f

SHA256
62bdd055431ea3ea17207f75d4471b7507f0c027cd890c771899621a2128d949

SHA512
a4b91d4379633cad294a193fc59c7df2b7e73dc14c15ae50f43eb2137b239f302500aba129dc9d92694030dfb560134da603c8352820defc809d88ceff65c12d

Download Submit
memory/1812-2-0x0000000004F80000-0x0000000005136000-memory.dmp

Filesize
1.7MB

Download
memory/1812-1-0x0000000003510000-0x00000000036D2000-memory.dmp

Filesize
1.8MB

Download
memory/2880-4-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-6-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-7-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-3-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-8-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-9-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-24-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-40-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-39-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-44-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-45-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-46-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-52-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-53-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-54-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-55-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-56-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-57-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-58-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-62-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-63-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-64-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-65-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-66-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-67-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-68-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-69-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-70-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-71-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-75-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-79-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-80-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-81-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-85-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-86-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-87-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-88-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-92-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-93-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-94-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-95-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-96-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-97-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-98-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-99-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-100-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-101-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-102-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-103-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-104-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-111-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-112-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-113-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-117-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-118-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-119-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-120-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-121-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-122-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-123-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-124-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-125-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-126-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-127-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-128-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2880-129-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download