Analysis
-
max time kernel
33s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-12-2024 18:24
Behavioral task
behavioral1
Sample
upx.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
upx.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
upx.exe
-
Size
14.8MB
-
MD5
f455be9af5edfdb2a3ea974d743f91b6
-
SHA1
8a4bab4f65c3b1c54f58786c67d94f900e5cd0b0
-
SHA256
ca048c463dcdf91e84ddc260bc0cadb6b0d8a68f92dc527c4038f7a6ab7c32b4
-
SHA512
98248a6e03084b7df36bbdca5cc0d0d01ad5f4d83a86fb9d6235d8b692bafeaee0c361b905a05289e91457b829d2cc9a3afe28516c7b84387e3710891ea1db1c
-
SSDEEP
196608:+itOI01DSfgMh0DVL6MzfCmMIEtVzxHejiO9rMyORk:+iUI4DYoLjCVtthxHdyOi
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2788 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2788 taskmgr.exe -
Suspicious use of FindShellTrayWindow 54 IoCs
pid Process 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe -
Suspicious use of SendNotifyMessage 54 IoCs
pid Process 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\upx.exe"C:\Users\Admin\AppData\Local\Temp\upx.exe"1⤵PID:1088
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2788