Malware Analysis Report

2024-10-10 12:13

Sample ID 240613-tw5svszfnp
Target 456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe
SHA256 456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f

Threat Level: Shows suspicious behavior

The file 456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 16:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 16:25

Reported

2024-06-13 16:27

Platform

win7-20240220-en

Max time kernel

146s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe

"C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe"

Network

N/A

Files

memory/1976-0-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/1976-4-0x00000000043E0000-0x000000000441E000-memory.dmp

memory/1976-6-0x00000000043E0000-0x0000000004437000-memory.dmp

memory/1976-5-0x00000000043E0000-0x000000000441E000-memory.dmp

memory/1976-13-0x00000000043E0000-0x000000000440F000-memory.dmp

memory/1976-12-0x00000000043E0000-0x000000000440F000-memory.dmp

memory/1976-11-0x00000000043E0000-0x0000000004436000-memory.dmp

memory/1976-10-0x00000000043E0000-0x000000000445B000-memory.dmp

memory/1976-21-0x00000000043E0000-0x00000000043F5000-memory.dmp

memory/1976-20-0x00000000043E0000-0x00000000043F7000-memory.dmp

memory/1976-19-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-18-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-17-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-16-0x00000000043E0000-0x00000000043F2000-memory.dmp

memory/1976-15-0x00000000043E0000-0x00000000043F2000-memory.dmp

memory/1976-14-0x00000000043E0000-0x0000000004469000-memory.dmp

memory/1976-9-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-8-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-7-0x00000000043E0000-0x0000000004437000-memory.dmp

memory/1976-22-0x00000000043E0000-0x00000000043F5000-memory.dmp

memory/1976-28-0x00000000043E0000-0x00000000043F7000-memory.dmp

memory/1976-27-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-26-0x00000000043E0000-0x00000000043EB000-memory.dmp

memory/1976-25-0x00000000043E0000-0x0000000004427000-memory.dmp

memory/1976-24-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-23-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-33-0x00000000043E0000-0x00000000043F9000-memory.dmp

memory/1976-32-0x00000000043E0000-0x00000000043F9000-memory.dmp

memory/1976-37-0x00000000043E0000-0x00000000043E9000-memory.dmp

memory/1976-36-0x00000000043E0000-0x00000000043E9000-memory.dmp

memory/1976-35-0x00000000043E0000-0x00000000043EB000-memory.dmp

memory/1976-34-0x00000000043E0000-0x00000000043FB000-memory.dmp

memory/1976-31-0x00000000043E0000-0x00000000043F5000-memory.dmp

memory/1976-30-0x00000000043E0000-0x00000000043EB000-memory.dmp

memory/1976-29-0x00000000043E0000-0x0000000004427000-memory.dmp

memory/1976-42-0x00000000043E0000-0x0000000004428000-memory.dmp

memory/1976-41-0x00000000043E0000-0x0000000004428000-memory.dmp

memory/1976-40-0x00000000043E0000-0x000000000445B000-memory.dmp

memory/1976-39-0x00000000043E0000-0x000000000445B000-memory.dmp

memory/1976-38-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-43-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/1976-44-0x00000000043E0000-0x000000000441E000-memory.dmp

memory/1976-45-0x00000000043E0000-0x0000000004437000-memory.dmp

memory/1976-49-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-71-0x00000000043E0000-0x000000000443E000-memory.dmp

memory/1976-70-0x00000000043E0000-0x000000000443E000-memory.dmp

memory/1976-69-0x00000000043E0000-0x0000000004436000-memory.dmp

memory/1976-68-0x00000000043E0000-0x000000000445B000-memory.dmp

memory/1976-67-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-66-0x00000000043E0000-0x0000000004437000-memory.dmp

memory/1976-65-0x00000000043E0000-0x000000000441E000-memory.dmp

memory/1976-64-0x00000000043E0000-0x00000000043F2000-memory.dmp

memory/1976-63-0x00000000043E0000-0x000000000440A000-memory.dmp

memory/1976-62-0x00000000043E0000-0x00000000043FD000-memory.dmp

memory/1976-61-0x00000000043E0000-0x00000000043FD000-memory.dmp

memory/1976-60-0x00000000043E0000-0x00000000043F7000-memory.dmp

memory/1976-59-0x00000000043E0000-0x00000000043E4000-memory.dmp

memory/1976-58-0x00000000043E0000-0x00000000043E4000-memory.dmp

memory/1976-57-0x00000000043E0000-0x00000000043E4000-memory.dmp

memory/1976-56-0x00000000043E0000-0x00000000043E4000-memory.dmp

memory/1976-55-0x00000000043E0000-0x00000000043F0000-memory.dmp

memory/1976-54-0x00000000043E0000-0x000000000442C000-memory.dmp

memory/1976-53-0x00000000043E0000-0x000000000442C000-memory.dmp

memory/1976-52-0x00000000043E0000-0x00000000043E8000-memory.dmp

memory/1976-51-0x00000000043E0000-0x00000000043E8000-memory.dmp

memory/1976-50-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-48-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-47-0x00000000043E0000-0x00000000043F1000-memory.dmp

memory/1976-46-0x00000000043E0000-0x00000000043F1000-memory.dmp

memory/1976-79-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-78-0x00000000043E0000-0x00000000043E8000-memory.dmp

memory/1976-80-0x00000000043E0000-0x0000000004427000-memory.dmp

memory/1976-86-0x00000000043E0000-0x0000000004452000-memory.dmp

memory/1976-85-0x00000000043E0000-0x00000000043F5000-memory.dmp

memory/1976-84-0x00000000043E0000-0x0000000004427000-memory.dmp

memory/1976-83-0x00000000043E0000-0x00000000043F7000-memory.dmp

memory/1976-82-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-81-0x00000000043E0000-0x0000000004452000-memory.dmp

memory/1976-77-0x00000000043E0000-0x00000000043E7000-memory.dmp

memory/1976-76-0x00000000043E0000-0x00000000043E5000-memory.dmp

memory/1976-89-0x00000000043E0000-0x00000000043F0000-memory.dmp

memory/1976-88-0x00000000043E0000-0x00000000043F0000-memory.dmp

memory/1976-92-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-91-0x00000000043E0000-0x00000000043EA000-memory.dmp

memory/1976-90-0x00000000043E0000-0x00000000043E9000-memory.dmp

memory/1976-87-0x00000000043E0000-0x00000000043E9000-memory.dmp

memory/1976-75-0x00000000043E0000-0x00000000043E8000-memory.dmp

memory/1976-74-0x00000000043E0000-0x00000000043E5000-memory.dmp

memory/1976-73-0x00000000043E0000-0x00000000043F2000-memory.dmp

memory/1976-72-0x00000000043E0000-0x000000000440F000-memory.dmp

memory/1976-94-0x00000000043E0000-0x0000000004463000-memory.dmp

memory/1976-93-0x00000000043E0000-0x0000000004463000-memory.dmp

memory/1976-97-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-96-0x00000000043E0000-0x00000000043FE000-memory.dmp

memory/1976-95-0x00000000043E0000-0x000000000445B000-memory.dmp

memory/1976-653-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-700-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-722-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-723-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-724-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-726-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-727-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-728-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-729-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-730-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-731-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-732-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-733-0x0000000000400000-0x0000000000526000-memory.dmp

memory/1976-734-0x0000000000400000-0x0000000000526000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 16:25

Reported

2024-06-13 16:28

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe

"C:\Users\Admin\AppData\Local\Temp\456c827d5224a36ffc3c5c81210a9dfa8baccdbca2d533e9fcf5cab2b6f0d10f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2476-0-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-1-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/2476-4-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-5-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-6-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-7-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/2476-8-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-9-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-10-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-11-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-12-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-13-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-14-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-15-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-16-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-17-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-18-0x0000000000400000-0x0000000000526000-memory.dmp

memory/2476-19-0x0000000000400000-0x0000000000526000-memory.dmp