534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 08:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72929dc9cd7ff04c903459f70d0756a6.exe
Size

1.9MB
MD5

72929dc9cd7ff04c903459f70d0756a6
SHA1

ecc70471eec1491257d0b954e92484a666b15a81
SHA256

534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c
SHA512

1bfb064e45d906fd6fa7c75f3a32cb4a27cb32f3dd3564334d6573d5430e465d6929a1330905f42c81bb538976cccc7c9e10ed60e36b1884e12c797720983d47
SSDEEP

49152:QGJTeLOqwizFY/f1QRv41eaTNGC0Y8ZxMjI6IeLH3q:T1wOqwMY/Kv41VfBJj

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Contacts a large (647) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3308-3-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-7-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-6-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-2-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-8-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-9-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-16-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-30-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-31-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-32-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-41-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-42-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-46-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-49-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-59-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-57-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-87-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-79-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-102-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-100-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-99-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-96-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-95-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-93-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-92-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-90-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-89-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-88-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-86-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-85-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-84-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-83-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-81-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-80-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-101-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-78-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-75-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-98-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-73-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-97-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-94-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-68-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-91-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-66-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-64-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-63-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-61-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-82-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-55-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-54-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-77-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-74-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-52-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-72-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-71-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-69-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-67-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-51-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-62-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-60-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-58-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-56-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-53-0x0000000000400000-0x0000000000848000-memory.dmp	upx
behavioral2/memory/3308-50-0x0000000000400000-0x0000000000848000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\""	72929dc9cd7ff04c903459f70d0756a6.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 808 set thread context of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3308	72929dc9cd7ff04c903459f70d0756a6.exe
3308	72929dc9cd7ff04c903459f70d0756a6.exe
3308	72929dc9cd7ff04c903459f70d0756a6.exe
3308	72929dc9cd7ff04c903459f70d0756a6.exe
3308	72929dc9cd7ff04c903459f70d0756a6.exe
3308	72929dc9cd7ff04c903459f70d0756a6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85
PID 808 wrote to memory of 3308	808	72929dc9cd7ff04c903459f70d0756a6.exe	85

C:\Users\Admin\AppData\Local\Temp\72929dc9cd7ff04c903459f70d0756a6.exe
"C:\Users\Admin\AppData\Local\Temp\72929dc9cd7ff04c903459f70d0756a6.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:808
- C:\Users\Admin\AppData\Local\Temp\72929dc9cd7ff04c903459f70d0756a6.exe
  "C:\Users\Admin\AppData\Local\Temp\72929dc9cd7ff04c903459f70d0756a6.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

Filesize
2.5MB

MD5
85989ad48363b4f972fffb50c90cd77f

SHA1
0d1570e8ef32e485917011ba6bbfc313133d0d61

SHA256
c598182a7ca2ff63dce744a72c5cf877decddd339a3ae88921b12d97c5f9c50d

SHA512
3c522410a466ca0f2c0286d5738e7fd28a2e0440281d091f363c60103b72b4d28c670a5ccd7986c8a8cf10e2def857ec5f628190ff873fead57fb4da229f7181

Download Submit
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

Filesize
8.2MB

MD5
43d9e96f7a701c91215b3208603f4008

SHA1
7d985d60e532f3bafafcdc86990be5a80f208ff7

SHA256
a979a4bacd21e5ed41b04c5f841f606308955cfd95c004ec31669d84a0140ad4

SHA512
4895709113c60ae75d931ebc841c26ddf4e209d855808e07adf77cdcb9f7a87438381ba54b0e118debb3f568bc14ddc177d1e0b874f7dbab23638c61f358b8d3

Download Submit
memory/808-1-0x00000000022C0000-0x0000000002480000-memory.dmp

Filesize
1.8MB

Download
memory/808-4-0x0000000002480000-0x0000000002637000-memory.dmp

Filesize
1.7MB

Download
memory/3308-3-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-7-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-6-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-2-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-8-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-9-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-16-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-30-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-31-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-32-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-41-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-42-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-46-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-49-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-59-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-57-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-87-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-79-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-102-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-100-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-99-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-96-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-95-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-93-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-92-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-90-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-89-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-88-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-86-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-85-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-84-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-83-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-81-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-80-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-101-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-78-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-75-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-98-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-73-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-97-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-94-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-68-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-91-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-66-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-64-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-63-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-61-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-82-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-55-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-54-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-77-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-74-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-52-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-72-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-71-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-69-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-67-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-51-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-62-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-60-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-58-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-56-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-53-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/3308-50-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download