3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a

General

Target

3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe
Size

1.7MB
MD5

1841cad1eac5d22bb89414363611fa46
SHA1

ffdff62aab6c54da698ac61cab3bd59f12262d16
SHA256

3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a
SHA512

1557d0fee8049f3384158c5dc34f0ddd24ba3e9945ee2660f7268f938c5fb61048288a40cec5f7f094882ecde47e1862d027d1cbee682c532f924519767706a1
SSDEEP

24576:kzsOzQ6IBtcBCLjMiyxajsopBaZWiXn1A0c0MmAG6dAkQ8eBYrCR2h:k6uAmkIYBaZWwn+0c0EHGh8eBYm2h

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 25 IoCs

resource	yara_rule
behavioral1/memory/1524-0-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-2-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-1-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-5-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-3-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-8-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-11-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-13-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-16-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-22-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-20-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-25-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-18-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-27-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-35-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-33-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-31-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-29-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-38-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-40-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-44-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-42-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-48-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-46-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX
behavioral1/memory/1524-49-0x00000000005D0000-0x000000000060D000-memory.dmp	UPX

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1524-0-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-2-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-1-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-5-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-3-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-8-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-11-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-13-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-16-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-22-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-20-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-25-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-18-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-27-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-35-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-33-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-31-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-29-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-38-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-40-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-44-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-42-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-48-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-46-0x00000000005D0000-0x000000000060D000-memory.dmp	upx
behavioral1/memory/1524-49-0x00000000005D0000-0x000000000060D000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1524	3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe
1524	3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe
1524	3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe

C:\Users\Admin\AppData\Local\Temp\3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe
"C:\Users\Admin\AppData\Local\Temp\3ae91cba9cdc17ef4d2a5e9c49fd6cd832463e158567ac57635557e60fd0af5a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-0-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-2-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-1-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-5-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-3-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-8-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-11-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-13-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-16-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-22-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-20-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-25-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-18-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-27-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-35-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-33-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-31-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-29-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-38-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-40-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-44-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-42-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-48-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-46-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download
memory/1524-49-0x00000000005D0000-0x000000000060D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing