9641272c45bd8f870e70276a5439a89401abc4907472eb5e4bb3f0dbb4bebd4b | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 09:19

Sharing

Report Analysis Logs

General

Target

mame32k.exe
Size

3.4MB
MD5

635f4bedc82b1f90e40919130685e972
SHA1

4e966f3dd0a3f4018f0af3e936deab90df6b9e70
SHA256

bc3195c50eac0cbf4591bea14aa5666b7ec71c7a0c3185a4dd3a77608442726a
SHA512

8f47d846afeffe4b0221ba9228588fbda11051040526c2194e313763b1ce9499443f80e223759e39ffcd8c36cffbacc82d7da5a73cf75e9e108102ce3b7f240a
SSDEEP

49152:JYjAmLixk+br/lLH6CHBXB5tus9x2gLoMRRcU8SsdU6un+vQIas3uG0KbN:JY1ck+f9zTBxjnL2JU8e6pQM3N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral10/memory/3620-0-0x0000000000400000-0x0000000001701000-memory.dmp	upx
behavioral10/memory/3620-1-0x0000000010000000-0x0000000010017000-memory.dmp	upx
behavioral10/memory/3620-2-0x0000000000400000-0x0000000001701000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3620	mame32k.exe

C:\Users\Admin\AppData\Local\Temp\mame32k.exe
"C:\Users\Admin\AppData\Local\Temp\mame32k.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3620-0-0x0000000000400000-0x0000000001701000-memory.dmp

Filesize
19.0MB

Download
memory/3620-1-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/3620-2-0x0000000000400000-0x0000000001701000-memory.dmp

Filesize
19.0MB

Download