9dadaba0f07cac5be454ee9786e6cc941139ad8f71c8c41a61b6bcf817cb55e9

Analysis

max time kernel
154s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xUltimate-d9pc-x86/xUltimate-d9pc.exe
Size

11.4MB
MD5

cccdbd689ed89d899552590f883aa0b1
SHA1

ce65cee756b70db8e2ca625b7b01884ece55baed
SHA256

681bbae32ae9f1be6405032dab3012db2aef519e3a80cd991fab1a513438a638
SHA512

7f5a904a04471960c1bdb24ab4af5c08b3aa50c507775f769c41ad13619666422866a4625236381c4433c034acaf7d3921756e717c185dee5360d03e0f086005
SSDEEP

196608:qc6RqvqjfyLkBfRosPZz8L3yJdKkT+OqHkfRsb39:qbUSD2kB5osPZoLCJdK0ekf0

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4580	aapt.exe
1608	7z.exe

Loads dropped DLL 1 IoCs

pid	Process
1608	7z.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4692	2160	xUltimate-d9pc.exe	80
PID 2160 wrote to memory of 4692	2160	xUltimate-d9pc.exe	80
PID 2160 wrote to memory of 4692	2160	xUltimate-d9pc.exe	80
PID 4692 wrote to memory of 4676	4692	cmd.exe	81
PID 4692 wrote to memory of 4676	4692	cmd.exe	81
PID 4692 wrote to memory of 4676	4692	cmd.exe	81
PID 4692 wrote to memory of 4580	4692	cmd.exe	82
PID 4692 wrote to memory of 4580	4692	cmd.exe	82
PID 4692 wrote to memory of 4580	4692	cmd.exe	82
PID 4692 wrote to memory of 1608	4692	cmd.exe	83
PID 4692 wrote to memory of 1608	4692	cmd.exe	83
PID 4692 wrote to memory of 1608	4692	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe
"C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\~FE3B.bat" "C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\xUltimate-d9pc.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c dir /x/b/a:d
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\aapt.exe
    "C:\Users\Admin\AppData\Local\aapt" package -f -M "C:\Users\Admin\AppData\Local\AndroidManifest.xml" -F temp.apk -I "C:\Users\Admin\AppData\Local\android.jar" -S example1\res
    3⤵
    - Executes dropped EXE
    PID:4580
- - C:\Users\Admin\AppData\Local\7z.exe
    "C:\Users\Admin\AppData\Local\7z" x temp.apk res\ -o.\done\example1 -y
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\7z.dll

Filesize
709KB

MD5
ca41d56630191e61565a343c59695ca1

SHA1
774584ff54b38da5d3b3ee02e30908dacab175c5

SHA256
6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12

SHA512
7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1

Download Submit
C:\Users\Admin\AppData\Local\7z.dll

Filesize
709KB

MD5
ca41d56630191e61565a343c59695ca1

SHA1
774584ff54b38da5d3b3ee02e30908dacab175c5

SHA256
6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12

SHA512
7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1

Download Submit
C:\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
C:\Users\Admin\AppData\Local\7z.exe

Filesize
146KB

MD5
93c7b7a3e3051bbb9630e41425cfdb3c

SHA1
849c937ed5a429448f3f6d1b6519a7d76308d05d

SHA256
c0791fe9d96325f3cf42b263fd1f5fff65f734fa3b64fd4c597234653a26a711

SHA512
64363951ffc0fe9d17b4b0b98dc9e851db79e7cdd34c55e7984503b0f637b2027a96769d40f2012f60bcc7addae9387ea1dd45545dfb33ffd4a574010f1f0d62

Download Submit
C:\Users\Admin\AppData\Local\AndroidManifest.xml

Filesize
149B

MD5
1d765ffa1790c1527b00231c460f4a9a

SHA1
e9e5b5b568ed5407a6a510d2413af95493530927

SHA256
964c338026da6ade76c667cd98159ec615f7b9d8b98e20ec38a077f6aec22e78

SHA512
8b5abc25856c0a1c9d2f8ff90d51933110de2927436a8a136c353b9812b5da9189d3cd883729dfc25b6a8b6d6be6f6e2d4a67ed90300e34622ffad2ee3db453d

Download Submit
C:\Users\Admin\AppData\Local\Temp\xUltimate-d9pc-x86\temp.apk

Filesize
314B

MD5
f5d2cf05acc5e0e745cdc7295b6c0f57

SHA1
e383b2add4eb2c5868d167186cf23eda4972431c

SHA256
5a6aae9a55b4a03399e8875278e2d6f2463f5ddd1bf4816d2101f8e4e1c2f6b8

SHA512
9ddae410e0907ced8de9bfe3a09421197bbb030d1dabbabc09dc8d903493277aaa58a2351b77ad0cb8d94d747fcb5802801a0cf0be31fc1321af1ae5b92713b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~FE3B.bat

Filesize
685B

MD5
87c45d47de2ffa839451a914b2f38434

SHA1
8d57337f1f745d8387cfd064f4b78ea504b1447c

SHA256
eaefafc76d316b13308685216827cd672dddaf059862e466dca835e4a5e6fd04

SHA512
af6980e248003d90a621808e900e93fa8ea243222e05a35658e357ffd37f9197395898e68172ab5d9b76085fefef13570a529f41d900065b88155cd005f0fe10

Download Submit
C:\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
C:\Users\Admin\AppData\Local\aapt.exe

Filesize
5.2MB

MD5
d9387bcc466c4509d863474200d139ef

SHA1
c628ef03dd139b588d644588728d9c292d952a60

SHA256
58f757154bb7cd72f56fb2ef78894ef93d1dd1be802b3aa45d670934f7cf2db2

SHA512
93d3c64d50551430f033f73af8a27041c5b6603377eddcc042c667ef9cbd27922daed3fb041913827880fd065770a1298dfeda3eb41ffecb00af9cdbdedb6925

Download Submit
C:\Users\Admin\AppData\Local\android.jar

Filesize
5.2MB

MD5
25e567aeb14498d926d4d0b158eea9a0

SHA1
19159c56979c7f3e24610098a4dd2bf1ed33085f

SHA256
327195c8647eb254bb74acc6648474955120cee561a3ca6c58c026454aa11f5e

SHA512
475212323fb9870a228d31ced30a3c47e2b0c6f331f27cc3bcce7b911acd25e334c7046f6aa32c3e8b5ec5a3d42d1a8850de1204af7b15c66ed4a57541512cef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads