3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c

Analysis

max time kernel
18s
max time network
152s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe
Size

308KB
MD5

4d3655038f4d70303d0c389daea90a1c
SHA1

b2de436860db40c2d2e47843c8c7ac0c30fdef68
SHA256

3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c
SHA512

2390602d01d55ed4adbf5d0a935ebb975221b4ae84994ad5f3b5b2dbf6dcc831bf0da24c5f1ab8c3f20a0acb2f2ec3559d609c98e34fb518615d21f80fa604fb
SSDEEP

3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 7 IoCs

Processes:

resource	yara_rule
behavioral1/memory/28284-73925-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/memory/28284-73924-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/memory/28284-73923-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/memory/28284-73920-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/memory/28284-147849-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/memory/145204-147847-0x0000000000400000-0x0000000000414000-memory.dmp	UPX
behavioral1/memory/28284-147854-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/28284-73925-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/28284-73924-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/28284-73923-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/28284-73920-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/28284-73918-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/28284-147849-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/145204-147847-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/28284-147854-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe

pid process

2932 3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe

pid	process
2932	3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe

C:\Users\Admin\AppData\Local\Temp\3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe
"C:\Users\Admin\AppData\Local\Temp\3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe
"C:\Users\Admin\AppData\Local\Temp\3a59835da7aba7f406b645de60c73f716918efee16daecad05dd218bf37afa9c.exe"
2⤵
PID:28284

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PFBXW.bat" "
3⤵
PID:2040

C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Win Pdf" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe" /f
4⤵
PID:29928

C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe"
3⤵
PID:4072

C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe"
4⤵
PID:145136

C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe"
4⤵
PID:145204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PFBXW.bat
Filesize
145B

MD5
4eb61ec7816c34ec8c125acadc57ec1b

SHA1
b0015cc865c0bb1a027be663027d3829401a31cc

SHA256
08375cdb2e9819391f67f71e9718c15b48d3eaa452c54bd8fdd1f6a42e899aff

SHA512
f289f01d996dd643560370be8cdf8894e9a676ca3813f706c01ef5d705b9b18246c6cadf10d96edd433a616637b8a78fbd23c5738e76f1c4e671977b6d0cb6c1

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\csrsll.exe
Filesize
308KB

MD5
e603fe05a7c769a209e3e574fb2b79e6

SHA1
1813b99487b2d5fc69312eced1549742e9b9f9d8

SHA256
a734277aca7c459f177ac57d2dd2cdf52c792673a5db55776b846433417ad097

SHA512
0e97219e52845a7c2a99fa8bb8af3f0f12c4bffe7ebf0929679a1ffc13e7a667fc1a0ee4fd64aa9c3eab6b9833951ff3e0d8542e6910c85e189914dcf47c1968

Download Submit
memory/2932-51059-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51079-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51081-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51058-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51077-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51076-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51074-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51073-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51072-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51071-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51070-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51069-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51068-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51066-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51065-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51057-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51063-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51062-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51061-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51060-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2932-51082-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51064-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51056-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51054-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51053-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51052-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51078-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51075-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51067-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-51055-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2932-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2932-51080-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/28284-73923-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-73922-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/28284-73920-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-73918-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-73916-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-73924-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-73925-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-147849-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/28284-147854-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/145204-147847-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download