77748dc3c4a0f60adde19cdff38f7746c12e032971049f16608dfbc61df465ff

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/09/2022, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Drone.exe
Size

10.8MB
MD5

074cee1977caf71701ab33380fda5955
SHA1

a382d97cadd7fa70a1524fa4e030333bd428539d
SHA256

77748dc3c4a0f60adde19cdff38f7746c12e032971049f16608dfbc61df465ff
SHA512

355e204fddd1868cd78899ab7fa28aad4006fff80f47d038189494088eb442efd81424ab1601b8825444b55da6621d5e9848e3901541188d8d84223d96fd81d2
SSDEEP

196608:byFUpbDO6DjzpLRUZtO0oAinb4hglJf0W8/Laenx77SQs5FpjBX9DVCVYM:zpb3dCEb4qlJcW83x7GRPpx3u

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000014c4a-67.dat	upx
behavioral1/files/0x0006000000014c4a-68.dat	upx

Loads dropped DLL 7 IoCs

pid	Process
1108	Drone.exe
1108	Drone.exe
1108	Drone.exe
1108	Drone.exe
1108	Drone.exe
1108	Drone.exe
1108	Drone.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1108	1520	Drone.exe	29
PID 1520 wrote to memory of 1108	1520	Drone.exe	29
PID 1520 wrote to memory of 1108	1520	Drone.exe	29

C:\Users\Admin\AppData\Local\Temp\Drone.exe
"C:\Users\Admin\AppData\Local\Temp\Drone.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\Drone.exe
  "C:\Users\Admin\AppData\Local\Temp\Drone.exe"
  2⤵
  - Loads dropped DLL
  PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
34004faa65345221d342763a2d9d2c76

SHA1
6e8948cf23c7c5093d427d6704bad894602a6e85

SHA256
323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

SHA512
1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
3ea156612d26e640e871fb39c90dd9bd

SHA1
98f72761bcc7a6511876c0930a00625972980aae

SHA256
18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

SHA512
ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
0dabba3f149f39b970d55e286f050778

SHA1
26d601128e83ac9718d6a8981d4dc7d02760339a

SHA256
0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

SHA512
7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
c22f816975c4032a6cc945b888cf1e14

SHA1
79e99924554dd12aea74fb346a66debbee3230b7

SHA256
39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

SHA512
09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
7331299924ffdc94d1d62ce3d5da8199

SHA1
07743d83abd9a9ca0fcdb879d7b0ab388ee04945

SHA256
d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

SHA512
9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\python310.dll

Filesize
1.4MB

MD5
99cb804abc9a8f4cb8d08d77e515dcb7

SHA1
0d833cb729f3d5c845491b61b47018c82065f4ad

SHA256
8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

SHA512
43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15202\ucrtbase.dll

Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
34004faa65345221d342763a2d9d2c76

SHA1
6e8948cf23c7c5093d427d6704bad894602a6e85

SHA256
323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

SHA512
1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
3ea156612d26e640e871fb39c90dd9bd

SHA1
98f72761bcc7a6511876c0930a00625972980aae

SHA256
18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

SHA512
ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
0dabba3f149f39b970d55e286f050778

SHA1
26d601128e83ac9718d6a8981d4dc7d02760339a

SHA256
0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

SHA512
7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
c22f816975c4032a6cc945b888cf1e14

SHA1
79e99924554dd12aea74fb346a66debbee3230b7

SHA256
39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

SHA512
09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
7331299924ffdc94d1d62ce3d5da8199

SHA1
07743d83abd9a9ca0fcdb879d7b0ab388ee04945

SHA256
d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

SHA512
9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\python310.dll

Filesize
1.4MB

MD5
99cb804abc9a8f4cb8d08d77e515dcb7

SHA1
0d833cb729f3d5c845491b61b47018c82065f4ad

SHA256
8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

SHA512
43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15202\ucrtbase.dll

Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads