Overview

overview

10

Static

static

10

1.exe

windows7-x64

1

400.exe

windows7-x64

10

Chase_Bank...or.exe

windows7-x64

10

ChromeSoft.exe

windows7-x64

7

Fake Windo...er.exe

windows7-x64

4

Injector(v_5.24).exe

windows7-x64

8

RCE.exe

windows7-x64

10

TemD.exe

windows7-x64

10

best.exe

windows7-x64

10

btf.exe

windows7-x64

8

build.exe

windows7-x64

6

crypted.exe

windows7-x64

1

download.exe

windows7-x64

7

dp.exe

windows7-x64

7

etbnoc.exe

windows7-x64

1

fran.exe

windows7-x64

10

fud.exe

windows7-x64

1

gift_generator.exe

windows7-x64

7

lol.exe

windows7-x64

10

mt20200012.exe

windows7-x64

1

nopax.exe

windows7-x64

10

porn.jpg.exe

windows7-x64

1

putty.exe

windows7-x64

10

t.exe

windows7-x64

10

vnc.exe

windows7-x64

7

yk.exe

windows7-x64

10

zztop.exe

windows7-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    14/12/2023, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChromeSoft.exe

  • Size

    991KB

  • MD5

    35a9b0b465f5518c5ede57b5a61e96bd

  • SHA1

    99870ddf8052eebf53925238510bda22a0666a19

  • SHA256

    44f0c8410f5308e7b9e23f056611997c4e3152d3a4f029bce26f6dae1fbc067f

  • SHA512

    49bb9ac046c4f6d597c2cb3446defc179eab25f594cd30d6ed81429fef95998838c3a321ff34410a3bd10a73b3c39428deff03617cf2865cae9322ee0c1df50a

  • SSDEEP

    24576:TUlZA/teq/PTCzG5hPSw24aSeNc5xnPB9Mb7u2mQHpep:TYZKtemTCC5h6J4QNcfPBub7Lmb

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChromeSoft.exe
    "C:\Users\Admin\AppData\Local\Temp\ChromeSoft.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2112-0-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2112-1-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2112-4-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2112-7-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2112-13-0x0000000000400000-0x0000000000522000-memory.dmp

    Filesize

    1.1MB

    Download