cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762

Analysis

max time kernel
147s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 03:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe
Size

887KB
MD5

46a3291f6050c4b2e80c8fb9ae90e675
SHA1

fdcb82222389b91fbd61e5dff9ddf4a0e7b60766
SHA256

cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762
SHA512

f3e4bcd120d06e940a373939787634d2ada9ea5da09b48dce86dcbf021aee82a9c5a24af38ee522d1bac190d579878a706f0f30fe83b04c73a06caa627ae9054
SSDEEP

24576:NcuZZl/7jVa65h0H8rnGiSraViXZrUYGhCgBYZBU:N5ZzjjTmg1aZfGcgOZB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/1720-2-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-4-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-5-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-6-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-7-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-8-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-9-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-10-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-11-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-12-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-13-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-14-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-15-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-16-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-17-0x0000000000400000-0x000000000075C000-memory.dmp	upx
behavioral1/memory/324-18-0x0000000000400000-0x000000000075C000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
324	SzybkiTomek.exe
324	SzybkiTomek.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
324	SzybkiTomek.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe
1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe
324	SzybkiTomek.exe
324	SzybkiTomek.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 324	1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe	30
PID 1720 wrote to memory of 324	1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe	30
PID 1720 wrote to memory of 324	1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe	30
PID 1720 wrote to memory of 324	1720	cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe	30

C:\Users\Admin\AppData\Local\Temp\cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe
"C:\Users\Admin\AppData\Local\Temp\cebed627e099a78aa0f773ba39d99bdc2fb4b1128ede4c76f02c948c42d75762.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\SzybkiTomek.exe
  SzybkiTomek.exe
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-9-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-11-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-18-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-4-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-5-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-6-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-7-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-8-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-17-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-16-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-10-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-12-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-13-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-14-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/324-15-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/1720-0-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/1720-2-0x0000000000400000-0x000000000075C000-memory.dmp

Filesize
3.4MB

Download
memory/1720-3-0x0000000002300000-0x000000000265C000-memory.dmp

Filesize
3.4MB

Download