9475d84b7704e5f856f251c061ed7bd3c858829ff1c80741c1b5c36af5471edc

Analysis

max time kernel
24s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Innovatoz/ressources/properties.exe
Size

17.3MB
MD5

ce24e869f11e4ea6f6eae1cef970dce8
SHA1

fc1c5a2682a7eb8e42059d7d1a32f416c1a780c6
SHA256

bdb0afa0902c1a0f80c3def4a4633d47c227cab70d8fae75186bde648e99b54c
SHA512

53be1778ce0cd55e1410758d0bf189c73b07c0bff3f6d7f1df4ae0a6e7ce866c4638fa470e06805aef8be385ab9bc75000f015d65792d2dc8e07024c58eceaf6
SSDEEP

393216:vZqPuYXgnAu0p9Bh3t6IDOE+gsYTgZRyQU0GD04FwYqi6y:IPuYXgnA9p9Bh30NZYCR9U0GDzFlZ6y

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

properties.exe

pid process

1884 properties.exe
1884 properties.exe
1884 properties.exe
1884 properties.exe
1884 properties.exe
1884 properties.exe
1884 properties.exe

pid	process
1884	properties.exe
1884	properties.exe
1884	properties.exe
1884	properties.exe
1884	properties.exe
1884	properties.exe
1884	properties.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI18882\python310.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI18882\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

properties.exe

description	pid	process	target process
PID 1888 wrote to memory of 1884	1888	properties.exe	properties.exe
PID 1888 wrote to memory of 1884	1888	properties.exe	properties.exe
PID 1888 wrote to memory of 1884	1888	properties.exe	properties.exe

C:\Users\Admin\AppData\Local\Temp\Innovatoz\ressources\properties.exe
"C:\Users\Admin\AppData\Local\Temp\Innovatoz\ressources\properties.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888

C:\Users\Admin\AppData\Local\Temp\Innovatoz\ressources\properties.exe
"C:\Users\Admin\AppData\Local\Temp\Innovatoz\ressources\properties.exe"
2⤵
- Loads dropped DLL
PID:1884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
1922e2b15c51f51698f604b937702f0a

SHA1
b92c5a537d8888ce1c6f288e07308f87b8dd4caf

SHA256
d3e9964432480257960bfb42663fb52c4327dbe77f90df0f357cfe43fbe78f79

SHA512
a83767ea1f6af48c6749cca5aae5ddf0c3f1f8dcd976b0bd39526c746ac36974897727bfcb1a69d1ddcceabd30cdd8a836f2d4921293242fb7c88e9396b91fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
60e01cba88eacc78d2cae59ba9df97e1

SHA1
35e013f8da3b157d6339ee3f9223a5623b482733

SHA256
d26830568c87104820cf2344f170efe1d23c9cfdabb95e96e9ec0429021d08b5

SHA512
8d397a65d4119adf9ae282809a55fadce4febeff2d2fd34e0de010403bee332fa37145df71fb6ff0dc1dbba5de12b7e80bda3fbb83b444a821e7611b84c74a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
24fe82af0485fe40efdccb0e8da647de

SHA1
29af53f48a715ae35f71355e05ee721eb7d70477

SHA256
327677a179acc3349ac3f78165a50988364aab7dc83a9bb599313f0c1b36be0d

SHA512
9678e6f82b4f7cbb28ff6176bc1300a5df29acdb156af96355804b766a72b59db200f454ac40ee4f5abfbce96c7f75aa140ada6858a4f05c3670b9fa2ea64745

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
06b85d3ff219627b2c92ada36368d85c

SHA1
b683bba7975bc383c55f48f0fadfe092be13a0e7

SHA256
412a5c6349c295291eb141381c78251afe567973d5ec35fa5c8591fb205353b9

SHA512
a600ef339cf473619cd3ae75f33694d251499d82605f112316802463bc68f51974ffcd530f97a2d8b9259439d630967c88fac28cc9dc71267b22172218ec8213

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
aacf489f2ee4611609b45d36d91aeb82

SHA1
cedf52169f8f15396685d0578cfeafea01a658e7

SHA256
ea3b6368d6f7e9b187e1133da7729bbf166e703847b9efcd3deac07e92913ec8

SHA512
b3bd0cdaf6c801a7f1989ff5bc8046498defa2b79433f0a29aa63c87dc7290a2db68a1fe6576ce64713a2ff9a7bb61fe51528a7b275658296a5f45a1c73e0449

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18882\ucrtbase.dll
Filesize
987KB

MD5
c0164c5af345b0d703a4b00eeece24fd

SHA1
c0f0ce7fec82bbcf3375b926ecd567d50e329f78

SHA256
95f7a7888299318b55bda2dff9d36dee6e794bf4180db927033a75b7da6b7fe0

SHA512
b7527b0517754811e71f5e0b081c62d57c56bc014a471eec74a8f5cb33467eeac9de2a921ff2c01ac2f2a37b776ff7deb9e2a2fd2ae9423aeb48b40cbb3567da

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
1922e2b15c51f51698f604b937702f0a

SHA1
b92c5a537d8888ce1c6f288e07308f87b8dd4caf

SHA256
d3e9964432480257960bfb42663fb52c4327dbe77f90df0f357cfe43fbe78f79

SHA512
a83767ea1f6af48c6749cca5aae5ddf0c3f1f8dcd976b0bd39526c746ac36974897727bfcb1a69d1ddcceabd30cdd8a836f2d4921293242fb7c88e9396b91fee

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
60e01cba88eacc78d2cae59ba9df97e1

SHA1
35e013f8da3b157d6339ee3f9223a5623b482733

SHA256
d26830568c87104820cf2344f170efe1d23c9cfdabb95e96e9ec0429021d08b5

SHA512
8d397a65d4119adf9ae282809a55fadce4febeff2d2fd34e0de010403bee332fa37145df71fb6ff0dc1dbba5de12b7e80bda3fbb83b444a821e7611b84c74a32

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
24fe82af0485fe40efdccb0e8da647de

SHA1
29af53f48a715ae35f71355e05ee721eb7d70477

SHA256
327677a179acc3349ac3f78165a50988364aab7dc83a9bb599313f0c1b36be0d

SHA512
9678e6f82b4f7cbb28ff6176bc1300a5df29acdb156af96355804b766a72b59db200f454ac40ee4f5abfbce96c7f75aa140ada6858a4f05c3670b9fa2ea64745

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
06b85d3ff219627b2c92ada36368d85c

SHA1
b683bba7975bc383c55f48f0fadfe092be13a0e7

SHA256
412a5c6349c295291eb141381c78251afe567973d5ec35fa5c8591fb205353b9

SHA512
a600ef339cf473619cd3ae75f33694d251499d82605f112316802463bc68f51974ffcd530f97a2d8b9259439d630967c88fac28cc9dc71267b22172218ec8213

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
aacf489f2ee4611609b45d36d91aeb82

SHA1
cedf52169f8f15396685d0578cfeafea01a658e7

SHA256
ea3b6368d6f7e9b187e1133da7729bbf166e703847b9efcd3deac07e92913ec8

SHA512
b3bd0cdaf6c801a7f1989ff5bc8046498defa2b79433f0a29aa63c87dc7290a2db68a1fe6576ce64713a2ff9a7bb61fe51528a7b275658296a5f45a1c73e0449

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\python310.dll
Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18882\ucrtbase.dll
Filesize
987KB

MD5
c0164c5af345b0d703a4b00eeece24fd

SHA1
c0f0ce7fec82bbcf3375b926ecd567d50e329f78

SHA256
95f7a7888299318b55bda2dff9d36dee6e794bf4180db927033a75b7da6b7fe0

SHA512
b7527b0517754811e71f5e0b081c62d57c56bc014a471eec74a8f5cb33467eeac9de2a921ff2c01ac2f2a37b776ff7deb9e2a2fd2ae9423aeb48b40cbb3567da

Download Submit
memory/1884-209-0x000007FEF65B0000-0x000007FEF6A1E000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads