df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03

General

Target

df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
Size

6.2MB
MD5

5e68c0e41b0a9100f2ac60b1b393f4b9
SHA1

3505558c3b45381d23589f36da973572a18225b4
SHA256

df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03
SHA512

4504a4dcefcfc602b1f7925243c03c6b2f73e52e2aa725dbd8f3e20d046b202255063933e9da3c8f0b0a70e99e92d43bdfe9ab67d21b0f8c95930b2edd12f3fa
SSDEEP

98304:GxAEzHAXT2JNbhyVVnWZXeGO15mhZmsuqAs08KdKGMxLWK3jfNURpOO9oycC3W7Q:9Xwhy2ZuGO5JbWL54wy5G7AxF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/436-1-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-15-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-43-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-41-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-11-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-39-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-37-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-36-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-33-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-32-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-29-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-27-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-25-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-23-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-21-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-19-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-18-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-13-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-10-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-7-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-6-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-3-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/436-2-0x0000000010000000-0x000000001003F000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
436	df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe

C:\Users\Admin\AppData\Local\Temp\df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe
"C:\Users\Admin\AppData\Local\Temp\df3979808fcdfc55bc2a70b88733354cc2bf33860bfdfc3919782e16d4aa2c03.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/436-0-0x0000000000400000-0x0000000000E63000-memory.dmp

Filesize
10.4MB

Download
memory/436-1-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-15-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-43-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-41-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-11-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-39-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-37-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-44-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/436-36-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-33-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-32-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-29-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-27-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-25-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-23-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-21-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-19-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-18-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-13-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-10-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-7-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-6-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-3-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-2-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/436-46-0x0000000000400000-0x0000000000E63000-memory.dmp

Filesize
10.4MB

Download

Analysis

Sharing