Managed XDR

upxpacked_38cb78f2e233...c2f8f42cab3d568da20243 — malware analysis report

File info

Filename
upxpacked_38cb78f2e2334f2485ad6c481623cd534d0735cfc5c2f8f42cab3d568da20243
File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
File size
1 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
bdf549d96efac6a9fa19df9636724755f3121ee8
SHA256
a2b8900d573217bd2eb6e1c70b1b0b550015aa3be0c6a0067b4df55c9e428031
MD5
47fd37081d023f63a67f951e63605ffa

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_upx: The executable file is compressed using UPX
T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497 antidbg_query_process: Checks if the process is being debugged (ProcessDebugPort)

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity