Malware Analysis Report

2025-03-15 03:19

Sample ID 231231-al1xdadbgm
Target Electron_Cracked_V3.zip
SHA256 837de720e6dcfad7492b45e465415dc5f01379ded27c2ee9c129fe510a769967
Tags
upx pyinstaller empyrean
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

837de720e6dcfad7492b45e465415dc5f01379ded27c2ee9c129fe510a769967

Threat Level: Known bad

The file Electron_Cracked_V3.zip was found to be: Known bad.

Malicious Activity Summary

upx pyinstaller empyrean

Detects Empyrean stealer

Empyrean family

UPX packed file

Loads dropped DLL

Looks up external IP address via web service

Unsigned PE

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-31 00:19

Signatures

Detects Empyrean stealer

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Empyrean family

empyrean

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2023-12-31 00:18

Reported

2023-12-31 00:22

Platform

win10v2004-20231222-en

Max time kernel

2s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

Network

Country Destination Domain Proto
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.26.8.44:443 ipapi.co tcp
US 8.8.8.8:53 44.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
IE 20.223.35.26:443 tcp
IE 20.223.35.26:443 tcp
IE 20.223.35.26:443 tcp
US 52.165.164.15:443 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 52.165.164.15:443 tcp

Files

memory/4596-156-0x00007FF8601B0000-0x00007FF86061E000-memory.dmp

memory/4596-191-0x00007FF8701C0000-0x00007FF8701EE000-memory.dmp

memory/4596-196-0x00007FF86FD80000-0x00007FF86FDAB000-memory.dmp

memory/4596-201-0x00007FF866A30000-0x00007FF866A72000-memory.dmp

memory/4596-206-0x00007FF86FF70000-0x00007FF86FF7A000-memory.dmp

memory/4596-219-0x00007FF85F760000-0x00007FF85FAD5000-memory.dmp

memory/4596-234-0x00007FF86FAC0000-0x00007FF86FB7C000-memory.dmp

memory/4596-242-0x00007FF85F5E0000-0x00007FF85F751000-memory.dmp

memory/4596-252-0x0000026812AF0000-0x0000026812E65000-memory.dmp

memory/4596-262-0x00007FF86B6C0000-0x00007FF86B6CE000-memory.dmp

memory/4596-266-0x00007FF860910000-0x00007FF86091C000-memory.dmp

memory/4596-274-0x00007FF860870000-0x00007FF860884000-memory.dmp

memory/4596-278-0x00007FF85F590000-0x00007FF85F5A9000-memory.dmp

memory/4596-279-0x00007FF85F5E0000-0x00007FF85F751000-memory.dmp

memory/4596-280-0x00007FF85F540000-0x00007FF85F589000-memory.dmp

memory/4596-277-0x00007FF860850000-0x00007FF860867000-memory.dmp

memory/4596-276-0x00007FF86FEB0000-0x00007FF86FECF000-memory.dmp

memory/4596-275-0x00007FF85F5B0000-0x00007FF85F5D2000-memory.dmp

memory/4596-273-0x00007FF860890000-0x00007FF8608A0000-memory.dmp

memory/4596-272-0x00007FF86FEF0000-0x00007FF86FF16000-memory.dmp

memory/4596-271-0x00007FF8608D0000-0x00007FF8608E2000-memory.dmp

memory/4596-270-0x00007FF8608A0000-0x00007FF8608B5000-memory.dmp

memory/4596-269-0x00007FF8608C0000-0x00007FF8608CC000-memory.dmp

memory/4596-268-0x00007FF8608F0000-0x00007FF8608FD000-memory.dmp

memory/4596-267-0x00007FF860900000-0x00007FF86090C000-memory.dmp

memory/4596-265-0x00007FF85FAE0000-0x00007FF85FB98000-memory.dmp

memory/4596-264-0x00007FF8614B0000-0x00007FF8614BB000-memory.dmp

memory/4596-263-0x00007FF869140000-0x00007FF86914B000-memory.dmp

memory/4596-261-0x00007FF86FE70000-0x00007FF86FE7B000-memory.dmp

memory/4596-260-0x00007FF85FBA0000-0x00007FF85FBCE000-memory.dmp

memory/4596-259-0x00007FF869930000-0x00007FF86993C000-memory.dmp

memory/4596-258-0x00007FF869E30000-0x00007FF869E3C000-memory.dmp

memory/4596-257-0x00007FF86FA40000-0x00007FF86FA4D000-memory.dmp

memory/4596-256-0x00007FF86FAA0000-0x00007FF86FAAC000-memory.dmp

memory/4596-255-0x00007FF85F760000-0x00007FF85FAD5000-memory.dmp

memory/4596-254-0x00007FF86FE80000-0x00007FF86FE8C000-memory.dmp

memory/4596-253-0x00007FF86FE90000-0x00007FF86FE9B000-memory.dmp

memory/4596-251-0x00007FF86FEA0000-0x00007FF86FEAC000-memory.dmp

memory/4596-250-0x00007FF866A10000-0x00007FF866A2C000-memory.dmp

memory/4596-249-0x00007FF86FED0000-0x00007FF86FEDB000-memory.dmp

memory/4596-248-0x00007FF86FEE0000-0x00007FF86FEEB000-memory.dmp

memory/4596-241-0x00007FF866A30000-0x00007FF866A72000-memory.dmp

memory/4596-239-0x00007FF86FEB0000-0x00007FF86FECF000-memory.dmp

memory/4596-235-0x00007FF860920000-0x00007FF860A38000-memory.dmp

memory/4596-232-0x00007FF86FEF0000-0x00007FF86FF16000-memory.dmp

memory/4596-230-0x00007FF8701C0000-0x00007FF8701EE000-memory.dmp

memory/4596-228-0x00007FF86FF20000-0x00007FF86FF2B000-memory.dmp

memory/4596-226-0x00007FF873D00000-0x00007FF873D14000-memory.dmp

memory/4596-223-0x00007FF870200000-0x00007FF870219000-memory.dmp

memory/4596-220-0x0000026812AF0000-0x0000026812E65000-memory.dmp

memory/4596-218-0x00007FF85FAE0000-0x00007FF85FB98000-memory.dmp

memory/4596-214-0x00007FF85FBA0000-0x00007FF85FBCE000-memory.dmp

memory/4596-306-0x00007FF85FAE0000-0x00007FF85FB98000-memory.dmp

memory/4596-313-0x00007FF85F5E0000-0x00007FF85F751000-memory.dmp

memory/4596-323-0x00007FF869E30000-0x00007FF869E3C000-memory.dmp

memory/4596-340-0x00007FF85F500000-0x00007FF85F51C000-memory.dmp

memory/4596-342-0x00007FF85F250000-0x00007FF85F4A2000-memory.dmp

memory/4596-341-0x00007FF86B610000-0x00007FF86B639000-memory.dmp

memory/4596-339-0x00007FF85F520000-0x00007FF85F531000-memory.dmp

memory/4596-338-0x00007FF85F540000-0x00007FF85F589000-memory.dmp

memory/4596-337-0x00007FF85F590000-0x00007FF85F5A9000-memory.dmp

memory/4596-336-0x00007FF860850000-0x00007FF860867000-memory.dmp

memory/4596-335-0x00007FF85F5B0000-0x00007FF85F5D2000-memory.dmp

memory/4596-334-0x00007FF860870000-0x00007FF860884000-memory.dmp

memory/4596-333-0x00007FF860890000-0x00007FF8608A0000-memory.dmp

memory/4596-332-0x00007FF8608A0000-0x00007FF8608B5000-memory.dmp

memory/4596-331-0x00007FF8608C0000-0x00007FF8608CC000-memory.dmp

memory/4596-330-0x00007FF8608D0000-0x00007FF8608E2000-memory.dmp

memory/4596-329-0x00007FF8608F0000-0x00007FF8608FD000-memory.dmp

memory/4596-328-0x00007FF860900000-0x00007FF86090C000-memory.dmp

memory/4596-327-0x00007FF860910000-0x00007FF86091C000-memory.dmp

memory/4596-326-0x00007FF8614B0000-0x00007FF8614BB000-memory.dmp

memory/4596-325-0x00007FF869140000-0x00007FF86914B000-memory.dmp

memory/4596-324-0x00007FF869930000-0x00007FF86993C000-memory.dmp

memory/4596-322-0x00007FF86B6C0000-0x00007FF86B6CE000-memory.dmp

memory/4596-321-0x00007FF86FA40000-0x00007FF86FA4D000-memory.dmp

memory/4596-320-0x00007FF86FAA0000-0x00007FF86FAAC000-memory.dmp

memory/4596-319-0x00007FF86FE70000-0x00007FF86FE7B000-memory.dmp

memory/4596-318-0x00007FF86FE80000-0x00007FF86FE8C000-memory.dmp

memory/4596-317-0x00007FF86FE90000-0x00007FF86FE9B000-memory.dmp

memory/4596-316-0x00007FF86FEA0000-0x00007FF86FEAC000-memory.dmp

memory/4596-315-0x00007FF86FED0000-0x00007FF86FEDB000-memory.dmp

memory/4596-314-0x00007FF86FEE0000-0x00007FF86FEEB000-memory.dmp

memory/4596-312-0x00007FF86FEB0000-0x00007FF86FECF000-memory.dmp

memory/4596-311-0x00007FF860920000-0x00007FF860A38000-memory.dmp

memory/4596-310-0x00007FF86FEF0000-0x00007FF86FF16000-memory.dmp

memory/4596-309-0x00007FF86FF20000-0x00007FF86FF2B000-memory.dmp

memory/4596-308-0x00007FF873D00000-0x00007FF873D14000-memory.dmp

memory/4596-307-0x00007FF85F760000-0x00007FF85FAD5000-memory.dmp

memory/4596-305-0x00007FF85FBA0000-0x00007FF85FBCE000-memory.dmp

memory/4596-304-0x00007FF866A10000-0x00007FF866A2C000-memory.dmp

memory/4596-303-0x00007FF86FF70000-0x00007FF86FF7A000-memory.dmp

memory/4596-302-0x00007FF866A30000-0x00007FF866A72000-memory.dmp

memory/4596-301-0x00007FF86FD80000-0x00007FF86FDAB000-memory.dmp

memory/4596-300-0x00007FF86FAC0000-0x00007FF86FB7C000-memory.dmp

memory/4596-298-0x00007FF8701F0000-0x00007FF8701FD000-memory.dmp

memory/4596-299-0x00007FF8701C0000-0x00007FF8701EE000-memory.dmp

memory/4596-297-0x00007FF870750000-0x00007FF87075D000-memory.dmp

memory/4596-296-0x00007FF870200000-0x00007FF870219000-memory.dmp

memory/4596-295-0x00007FF8703A0000-0x00007FF8703D4000-memory.dmp

memory/4596-294-0x00007FF8703E0000-0x00007FF87040D000-memory.dmp

memory/4596-293-0x00007FF870560000-0x00007FF870579000-memory.dmp

memory/4596-292-0x00007FF873990000-0x00007FF87399F000-memory.dmp

memory/4596-291-0x00007FF870700000-0x00007FF870724000-memory.dmp

memory/4596-290-0x00007FF8601B0000-0x00007FF86061E000-memory.dmp

memory/4596-212-0x00007FF870700000-0x00007FF870724000-memory.dmp

memory/4596-208-0x00007FF866A10000-0x00007FF866A2C000-memory.dmp

memory/4596-205-0x00007FF8601B0000-0x00007FF86061E000-memory.dmp

memory/4596-193-0x00007FF86FAC0000-0x00007FF86FB7C000-memory.dmp

memory/4596-192-0x00007FF8701F0000-0x00007FF8701FD000-memory.dmp

memory/4596-187-0x00007FF870750000-0x00007FF87075D000-memory.dmp

memory/4596-182-0x00007FF8703A0000-0x00007FF8703D4000-memory.dmp

memory/4596-178-0x00007FF870200000-0x00007FF870219000-memory.dmp

memory/4596-174-0x00007FF8703E0000-0x00007FF87040D000-memory.dmp

memory/4596-171-0x00007FF870560000-0x00007FF870579000-memory.dmp

memory/4596-167-0x00007FF873990000-0x00007FF87399F000-memory.dmp

memory/4596-166-0x00007FF870700000-0x00007FF870724000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27162\ucrtbase.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-31 00:18

Reported

2023-12-31 00:22

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\ElectronUI.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\ElectronUI.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\ElectronUI.exe"

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\ElectronUI.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\ElectronUI.exe"

Network

N/A

Files

memory/2720-165-0x000007FEF5630000-0x000007FEF5A9E000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI18482\api-ms-win-core-file-l1-2-0.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\_MEI18482\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

\Users\Admin\AppData\Local\Temp\_MEI18482\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

\Users\Admin\AppData\Local\Temp\_MEI18482\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

\Users\Admin\AppData\Local\Temp\_MEI18482\ucrtbase.dll

MD5 f285e9d34522f104e1f3f90bde0fd241
SHA1 b34219c27c2643f1ebd0fc891ac5aca411afc76e
SHA256 d02a895b98407750859e2dce074697ae65eeb5661973f8fea3c5177271f8ca59
SHA512 55f0f7fcaf5f1f1c183fc8cee2ecca2cb6eb9b207fb8ca5956389345778e1f696690f78862688c86536b0c9f71c8aaa48fcadba20981921fe41d45cd9768da9f

C:\Users\Admin\AppData\Local\Temp\_MEI18482\ucrtbase.dll

MD5 809a1407335dc40cec0c79e103a13f0b
SHA1 ec6db05d7762724a671c549971791871cb6878ec
SHA256 cb00125ca6487611bfe748fc4244534e671949f2a4cb988056aeafe00a8168a1
SHA512 f2e9eb3c2a0acdf05b9d85316c9675a648fc348902edc9a9316821d4081e9da82cdf0f657a46e95ee221aaa593f89a3c6412c9bbe31500add06c1705ad67cc06

memory/2720-166-0x000007FEF5630000-0x000007FEF5A9E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-31 00:18

Reported

2023-12-31 00:23

Platform

win10v2004-20231222-en

Max time network

153s

Command Line

N/A

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Processes

N/A

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 3.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 44.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 87.248.205.0:80 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 87.248.205.0:80 tcp
GB 87.248.205.0:80 tcp
GB 88.221.134.32:80 tcp
GB 88.221.134.32:80 tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
GB 88.221.134.32:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 88.221.134.32:80 tcp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 87.248.205.0:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-12-31 00:18

Reported

2023-12-31 00:22

Platform

win7-20231215-en

Max time kernel

122s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe

"C:\Users\Admin\AppData\Local\Temp\Electron_Cracked_V3\Particle.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27522\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI27522\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

C:\Users\Admin\AppData\Local\Temp\_MEI27522\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

C:\Users\Admin\AppData\Local\Temp\_MEI27522\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

C:\Users\Admin\AppData\Local\Temp\_MEI27522\api-ms-win-core-timezone-l1-1-0.dll

MD5 b9a20c9223d3e3d3a0c359f001ce1046
SHA1 9710b9a8c393ba00c254cf693c7c37990c447cc8
SHA256 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068
SHA512 a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

C:\Users\Admin\AppData\Local\Temp\_MEI27522\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI27522\python310.dll

MD5 69d4f13fbaeee9b551c2d9a4a94d4458
SHA1 69540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA512 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

memory/1916-165-0x000007FEF63E0000-0x000007FEF684E000-memory.dmp