f46c9f5d1819ad3c5d8a784bda596a88b3d8710112408df2c37f5514aa4b38d7

Resubmissions

25/11/2023, 07:12

231125-h1rk9ahh8s 8

25/11/2023, 07:09

231125-hytylahh71 7

Analysis

max time kernel
843s
max time network
848s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
25/11/2023, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

standalone_chat_edition.exe
Size

17.7MB
MD5

fa1cb3092966569de4ed558cec811d5e
SHA1

5457b5eec1f64e95300c40fe9ea5d33bf9996838
SHA256

f46c9f5d1819ad3c5d8a784bda596a88b3d8710112408df2c37f5514aa4b38d7
SHA512

a43077af44d640447da5375608bd091252fdc87ec95955649d6fe4acbf112c2d300a3a65fb5b700a67f79bc57d0fe069e87b01f53b85468b10e25cad42f3c518
SSDEEP

393216:nQXspRv7xeTLHOshouIkPyFTtRL5UWFk1spX8yLz:nQcpRj8LuwouOFTtRLQe

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe
856	standalone_chat_edition.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001d38b-330.dat	upx
behavioral1/files/0x000400000001d38b-331.dat	upx
behavioral1/memory/856-332-0x000007FEF5DF0000-0x000007FEF63D9000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 856	2188	standalone_chat_edition.exe	29
PID 2188 wrote to memory of 856	2188	standalone_chat_edition.exe	29
PID 2188 wrote to memory of 856	2188	standalone_chat_edition.exe	29

C:\Users\Admin\AppData\Local\Temp\standalone_chat_edition.exe
"C:\Users\Admin\AppData\Local\Temp\standalone_chat_edition.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\standalone_chat_edition.exe
  "C:\Users\Admin\AppData\Local\Temp\standalone_chat_edition.exe"
  2⤵
  - Loads dropped DLL
  PID:856

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
d92e6a007fc22a1e218552ebfb65da93

SHA1
3c9909332e94f7b7386664a90f52730f4027a75a

SHA256
03bd3217eae0ef68521b39556e7491292db540f615da873dd8da538693b81862

SHA512
b8b0e6052e68c08e558e72c168e4ff318b1907c4dc5fc1cd1104f5cae7cc418293013dabbb30c835a5c35a456e1cb22cc352b7ae40f82b9b7311bb7419d854c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
de5695f26a0bcb54f59a8bc3f9a4ecef

SHA1
99c32595f3edc2c58bdb138c3384194831e901d6

SHA256
e9539fce90ad8be582b25ab2d5645772c2a5fb195e602ecdbf12b980656e436a

SHA512
df635d5d51cdea24885ae9f0406f317ddcf04ecb6bfa26579bb2e256c457057607844ded4b52ff1f5ca25abe29d1eb2b20f1709cf19035d3829f36bbe31f550f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
74c264cffc09d183fcb1555b16ea7e4b

SHA1
0b5b08cdf6e749b48254ac811ca09ba95473d47c

SHA256
a8e2fc077d9a7d2faa85e1e6833047c90b22c6086487b98fc0e6a86b7bf8bf09

SHA512
285afbcc39717510ced2ed096d9f77fc438268ecaa59cff3cf167fcc538e90c73c67652046b0ee379e0507d6e346af79d43c51a571c6dd66034f9385a73d00d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
cb39eea2ef9ed3674c597d5f0667b5b4

SHA1
c133dc6416b3346fa5b0f449d7cc6f7dbf580432

SHA256
1627b921934053f1f7d2a19948aee06fac5db8ee8d4182e6f071718d0681f235

SHA512
2c65014dc045a2c1e5f52f3fea4967d2169e4a78d41fe56617ce9a4d5b30ebf25043112917ff3d7d152744ddef70475937ae0a7f96785f97dcefafe8e6f14d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\python311.dll

Filesize
1.6MB

MD5
0530156b6dabd7c2148bcc721eb4449f

SHA1
9ccafc5a17d3a25951ee14806241e8e38236d767

SHA256
739c60648ee4a3ac7ea7f37ec730e67898b149fc5b9f4cdef5ab0b69c5664170

SHA512
d919f92bd7a2c385fd77e58678aaaad5261d8ccad1fd84b42412acd275959efa7926ff85ef44f98a59199fbbf1bcdc6a1efef1516decf102c263c7311a3faf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21882\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
d92e6a007fc22a1e218552ebfb65da93

SHA1
3c9909332e94f7b7386664a90f52730f4027a75a

SHA256
03bd3217eae0ef68521b39556e7491292db540f615da873dd8da538693b81862

SHA512
b8b0e6052e68c08e558e72c168e4ff318b1907c4dc5fc1cd1104f5cae7cc418293013dabbb30c835a5c35a456e1cb22cc352b7ae40f82b9b7311bb7419d854c7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
de5695f26a0bcb54f59a8bc3f9a4ecef

SHA1
99c32595f3edc2c58bdb138c3384194831e901d6

SHA256
e9539fce90ad8be582b25ab2d5645772c2a5fb195e602ecdbf12b980656e436a

SHA512
df635d5d51cdea24885ae9f0406f317ddcf04ecb6bfa26579bb2e256c457057607844ded4b52ff1f5ca25abe29d1eb2b20f1709cf19035d3829f36bbe31f550f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
74c264cffc09d183fcb1555b16ea7e4b

SHA1
0b5b08cdf6e749b48254ac811ca09ba95473d47c

SHA256
a8e2fc077d9a7d2faa85e1e6833047c90b22c6086487b98fc0e6a86b7bf8bf09

SHA512
285afbcc39717510ced2ed096d9f77fc438268ecaa59cff3cf167fcc538e90c73c67652046b0ee379e0507d6e346af79d43c51a571c6dd66034f9385a73d00d1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
cb39eea2ef9ed3674c597d5f0667b5b4

SHA1
c133dc6416b3346fa5b0f449d7cc6f7dbf580432

SHA256
1627b921934053f1f7d2a19948aee06fac5db8ee8d4182e6f071718d0681f235

SHA512
2c65014dc045a2c1e5f52f3fea4967d2169e4a78d41fe56617ce9a4d5b30ebf25043112917ff3d7d152744ddef70475937ae0a7f96785f97dcefafe8e6f14d9c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\python311.dll

Filesize
1.6MB

MD5
0530156b6dabd7c2148bcc721eb4449f

SHA1
9ccafc5a17d3a25951ee14806241e8e38236d767

SHA256
739c60648ee4a3ac7ea7f37ec730e67898b149fc5b9f4cdef5ab0b69c5664170

SHA512
d919f92bd7a2c385fd77e58678aaaad5261d8ccad1fd84b42412acd275959efa7926ff85ef44f98a59199fbbf1bcdc6a1efef1516decf102c263c7311a3faf01

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21882\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
memory/856-332-0x000007FEF5DF0000-0x000007FEF63D9000-memory.dmp

Filesize
5.9MB

Download
memory/856-644-0x000007FEF5DF0000-0x000007FEF63D9000-memory.dmp

Filesize
5.9MB

Download