9dadaba0f07cac5be454ee9786e6cc941139ad8f71c8c41a61b6bcf817cb55e9

Analysis

max time kernel
300s
max time network
425s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xUltimate-d9pc-x86/xUltimate-d9pc.exe
Size

11.4MB
MD5

cccdbd689ed89d899552590f883aa0b1
SHA1

ce65cee756b70db8e2ca625b7b01884ece55baed
SHA256

681bbae32ae9f1be6405032dab3012db2aef519e3a80cd991fab1a513438a638
SHA512

7f5a904a04471960c1bdb24ab4af5c08b3aa50c507775f769c41ad13619666422866a4625236381c4433c034acaf7d3921756e717c185dee5360d03e0f086005
SSDEEP

196608:qc6RqvqjfyLkBfRosPZz8L3yJdKkT+OqHkfRsb39:qbUSD2kB5osPZoLCJdK0ekf0

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
628	aapt.exe
1492	7z.exe

Loads dropped DLL 5 IoCs

pid	Process
664	cmd.exe
664	cmd.exe
664	cmd.exe
664	cmd.exe
1492	7z.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 664	1028	xUltimate-d9pc.exe	28
PID 1028 wrote to memory of 664	1028	xUltimate-d9pc.exe	28
PID 1028 wrote to memory of 664	1028	xUltimate-d9pc.exe	28
PID 1028 wrote to memory of 664	1028	xUltimate-d9pc.exe	28
PID 664 wrote to memory of 572	664	cmd.exe	29
PID 664 wrote to memory of 572	664	cmd.exe	29
PID 664 wrote to memory of 572	664	cmd.exe	29
PID 664 wrote to memory of 572	664	cmd.exe	29
PID 664 wrote to memory of 628	664	cmd.exe	30
PID 664 wrote to memory of 628	664	cmd.exe	30
PID 664 wrote to memory of 628	664	cmd.exe	30
PID 664 wrote to memory of 628	664	cmd.exe	30
PID 664 wrote to memory of 1492	664	cmd.exe	31
PID 664 wrote to memory of 1492	664	cmd.exe	31
PID 664 wrote to memory of 1492	664	cmd.exe	31
PID 664 wrote to memory of 1492	664	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe
"C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\~39D6.bat" "C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c dir /x/b/a:d
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\aapt.exe
    "C:\Users\Admin\AppData\Local\aapt" package -f -M "C:\Users\Admin\AppData\Local\AndroidManifest.xml" -F temp.apk -I "C:\Users\Admin\AppData\Local\android.jar" -S example1\res
    3⤵
    - Executes dropped EXE
    PID:628
- - C:\Users\Admin\AppData\Local\7z.exe
    "C:\Users\Admin\AppData\Local\7z" x temp.apk res\ -o.\done\example1 -y
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\7z.dll

Filesize
709KB

MD5
ca41d56630191e61565a343c59695ca1

SHA1
774584ff54b38da5d3b3ee02e30908dacab175c5

SHA256
6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12

SHA512
7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1

Download Submit
C:\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
C:\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
C:\Users\Admin\AppData\Local\AndroidManifest.xml

Filesize
149B

MD5
1d765ffa1790c1527b00231c460f4a9a

SHA1
e9e5b5b568ed5407a6a510d2413af95493530927

SHA256
964c338026da6ade76c667cd98159ec615f7b9d8b98e20ec38a077f6aec22e78

SHA512
8b5abc25856c0a1c9d2f8ff90d51933110de2927436a8a136c353b9812b5da9189d3cd883729dfc25b6a8b6d6be6f6e2d4a67ed90300e34622ffad2ee3db453d

Download Submit
C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\temp.apk

Filesize
314B

MD5
631ee9117f8877b8ae9fe52b0f9b0c78

SHA1
a0e8b8406d64bc6adcc3c7372e6d0f341c834f56

SHA256
be83693f0aa999d697ab2a414f73e08976d805691aa678b9e5b2b0707d8659b9

SHA512
511e679b9d0d7e3446d119c285f062de0d2bf8c77c6e30891d7efc794364750fbf3bfa05b752dc45e7c2e859d63bdcb8a191ad752ee180678fb01661094a5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\~39D6.bat

Filesize
685B

MD5
87c45d47de2ffa839451a914b2f38434

SHA1
8d57337f1f745d8387cfd064f4b78ea504b1447c

SHA256
eaefafc76d316b13308685216827cd672dddaf059862e466dca835e4a5e6fd04

SHA512
af6980e248003d90a621808e900e93fa8ea243222e05a35658e357ffd37f9197395898e68172ab5d9b76085fefef13570a529f41d900065b88155cd005f0fe10

Download Submit
C:\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
C:\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
C:\Users\Admin\AppData\Local\android.jar

Filesize
5.2MB

MD5
25e567aeb14498d926d4d0b158eea9a0

SHA1
19159c56979c7f3e24610098a4dd2bf1ed33085f

SHA256
327195c8647eb254bb74acc6648474955120cee561a3ca6c58c026454aa11f5e

SHA512
475212323fb9870a228d31ced30a3c47e2b0c6f331f27cc3bcce7b911acd25e334c7046f6aa32c3e8b5ec5a3d42d1a8850de1204af7b15c66ed4a57541512cef

Download Submit
\Users\Admin\AppData\Local\7z.dll

Filesize
709KB

MD5
ca41d56630191e61565a343c59695ca1

SHA1
774584ff54b38da5d3b3ee02e30908dacab175c5

SHA256
6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12

SHA512
7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1

Download Submit
\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
memory/1028-54-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads