d9a7a433ddc5ff71e433b1ebad3b378144d3b9d8540a32ce457fc55db6c6548c

Analysis

max time kernel
0s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c927bdc2453159860c4ea2f7caa4829.exe
Size

1.0MB
MD5

3c927bdc2453159860c4ea2f7caa4829
SHA1

6f72a48428acb7a93ef04bbc0917c4b8f5ec48bb
SHA256

d9a7a433ddc5ff71e433b1ebad3b378144d3b9d8540a32ce457fc55db6c6548c
SHA512

fe2aa5844e2c7bce4c5fcb095b520f13e81957513ac00ebbae59626f46caf685770c20c7674f729657346e5a3b405d2875d4c946bea4145bd223a755ef57fab6
SSDEEP

24576:DxCnB5605J0labh+LCOVRvzdzQ1B/tNCIyknd3Y:kb605Klabh+L71JzQX//Cvm3Y

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2992	vdm0.88.exe
3052	EA Games Generic Multi Keygen fff-ea179.exe

Loads dropped DLL 3 IoCs

pid	Process
2784	3c927bdc2453159860c4ea2f7caa4829.exe
2784	3c927bdc2453159860c4ea2f7caa4829.exe
2784	3c927bdc2453159860c4ea2f7caa4829.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2784-2-0x0000000000400000-0x000000000052B000-memory.dmp	upx
behavioral1/memory/2784-14-0x0000000000400000-0x000000000052B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2992	2784	3c927bdc2453159860c4ea2f7caa4829.exe	20
PID 2784 wrote to memory of 2992	2784	3c927bdc2453159860c4ea2f7caa4829.exe	20
PID 2784 wrote to memory of 2992	2784	3c927bdc2453159860c4ea2f7caa4829.exe	20
PID 2784 wrote to memory of 2992	2784	3c927bdc2453159860c4ea2f7caa4829.exe	20
PID 2784 wrote to memory of 3052	2784	3c927bdc2453159860c4ea2f7caa4829.exe	19
PID 2784 wrote to memory of 3052	2784	3c927bdc2453159860c4ea2f7caa4829.exe	19
PID 2784 wrote to memory of 3052	2784	3c927bdc2453159860c4ea2f7caa4829.exe	19
PID 2784 wrote to memory of 3052	2784	3c927bdc2453159860c4ea2f7caa4829.exe	19

C:\Users\Admin\AppData\Local\Temp\3c927bdc2453159860c4ea2f7caa4829.exe
"C:\Users\Admin\AppData\Local\Temp\3c927bdc2453159860c4ea2f7caa4829.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\EA Games Generic Multi Keygen fff-ea179.exe
  "C:\Users\Admin\AppData\Local\Temp\EA Games Generic Multi Keygen fff-ea179.exe"
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Users\Admin\AppData\Local\Temp\vdm0.88.exe
  "C:\Users\Admin\AppData\Local\Temp\vdm0.88.exe"
  2⤵
  - Executes dropped EXE
  PID:2992

C:\Windows\SysWOW64\slvhost.exe
C:\Windows\system32\slvhost.exe 784 "C:\Users\Admin\AppData\Local\Temp\vdm0.88.exe"
1⤵
PID:2728
- C:\Windows\SysWOW64\slvhost.exe
  C:\Windows\system32\slvhost.exe 800 "C:\Windows\SysWOW64\slvhost.exe"
  2⤵
  PID:1780
- - C:\Windows\SysWOW64\slvhost.exe
    C:\Windows\system32\slvhost.exe 812 "C:\Windows\SysWOW64\slvhost.exe"
    3⤵
    PID:1924
  - - C:\Windows\SysWOW64\slvhost.exe
      C:\Windows\system32\slvhost.exe 804 "C:\Windows\SysWOW64\slvhost.exe"
      4⤵
      PID:3020
    - - C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 332 "C:\Windows\SysWOW64\slvhost.exe"
        5⤵
        
        PID:2720
      - C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 476 "C:\Windows\SysWOW64\slvhost.exe"
        6⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 816 "C:\Windows\SysWOW64\slvhost.exe"
        7⤵
        
        PID:568
        
        C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 832 "C:\Windows\SysWOW64\slvhost.exe"
        8⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 824 "C:\Windows\SysWOW64\slvhost.exe"
        9⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\slvhost.exe
        
        C:\Windows\system32\slvhost.exe 840 "C:\Windows\SysWOW64\slvhost.exe"
        10⤵
        
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\EA Games Generic Multi Keygen fff-ea179.exe

Filesize
153KB

MD5
ee1eafcf810f721d145e6131232c679d

SHA1
74c25c16718e2951eeadbad6df1c825df46ccec7

SHA256
dbde192834e5a815a195e677b212b0c7ea828633a51a3613c6a9912ba762529d

SHA512
ddb769ca93308a6f30649caeea78417fb5a7c729ee69fb16fc5a7248d0ec9b0ecff277daa84c2ca69f0ddb54c658fb8402ea1fdaab6600cdfc56f8d7037cb68e

Download Submit
\Users\Admin\AppData\Local\Temp\vdm0.88.exe

Filesize
387KB

MD5
7a1a01b9946cac8836c3ba0db993edb9

SHA1
8386decbd34891e54261cbf5c53df2e1b890bf6a

SHA256
5033862e17206bd89b52a8b251c3cc9522ae0e919581003b4ab3e0731907e987

SHA512
7eaee6195c0776bd1ddf9b68b45fedfca5dc16522825d0b0305219a6a4738aaaf74a096a9030ff65cbcd8afba49c053353a434a42d1cb1e56374bc26ab1b78c4

Download Submit
memory/568-347-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1708-305-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1708-342-0x0000000002500000-0x0000000002509000-memory.dmp

Filesize
36KB

Download
memory/1708-345-0x0000000003670000-0x0000000003832000-memory.dmp

Filesize
1.8MB

Download
memory/1708-341-0x0000000001F20000-0x0000000001FBA000-memory.dmp

Filesize
616KB

Download
memory/1708-340-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1708-334-0x0000000002500000-0x0000000002509000-memory.dmp

Filesize
36KB

Download
memory/1708-309-0x0000000001F20000-0x0000000001FBA000-memory.dmp

Filesize
616KB

Download
memory/1780-127-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-185-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-124-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-135-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-140-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-113-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-147-0x0000000001FD0000-0x0000000001FD9000-memory.dmp

Filesize
36KB

Download
memory/1780-141-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-139-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-138-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-137-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-134-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-129-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-152-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-154-0x00000000005D0000-0x000000000066A000-memory.dmp

Filesize
616KB

Download
memory/1780-158-0x00000000036F0000-0x00000000038B2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-161-0x00000000036F0000-0x00000000038B2000-memory.dmp

Filesize
1.8MB

Download
memory/1780-183-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1924-209-0x0000000000720000-0x0000000000729000-memory.dmp

Filesize
36KB

Download
memory/1924-222-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1924-196-0x0000000000720000-0x0000000000729000-memory.dmp

Filesize
36KB

Download
memory/1924-167-0x0000000001F50000-0x0000000001FEA000-memory.dmp

Filesize
616KB

Download
memory/1924-163-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1924-202-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1924-203-0x0000000001F50000-0x0000000001FEA000-memory.dmp

Filesize
616KB

Download
memory/1924-207-0x0000000000720000-0x0000000000729000-memory.dmp

Filesize
36KB

Download
memory/1924-223-0x0000000001F50000-0x0000000001FEA000-memory.dmp

Filesize
616KB

Download
memory/1924-197-0x0000000000720000-0x0000000000729000-memory.dmp

Filesize
36KB

Download
memory/2720-300-0x00000000020F0000-0x00000000020F9000-memory.dmp

Filesize
36KB

Download
memory/2720-328-0x0000000001F90000-0x000000000202A000-memory.dmp

Filesize
616KB

Download
memory/2720-262-0x0000000001F90000-0x000000000202A000-memory.dmp

Filesize
616KB

Download
memory/2720-290-0x00000000020F0000-0x00000000020F9000-memory.dmp

Filesize
36KB

Download
memory/2720-289-0x00000000020F0000-0x00000000020F9000-memory.dmp

Filesize
36KB

Download
memory/2720-258-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2720-295-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2720-296-0x0000000001F90000-0x000000000202A000-memory.dmp

Filesize
616KB

Download
memory/2720-302-0x00000000020F0000-0x00000000020F9000-memory.dmp

Filesize
36KB

Download
memory/2720-326-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-89-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-112-0x00000000021C0000-0x00000000021C9000-memory.dmp

Filesize
36KB

Download
memory/2728-114-0x00000000021C0000-0x00000000021C9000-memory.dmp

Filesize
36KB

Download
memory/2728-108-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-107-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-97-0x00000000022E0000-0x00000000022F5000-memory.dmp

Filesize
84KB

Download
memory/2728-91-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-103-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-104-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-76-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-126-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-121-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-117-0x0000000003580000-0x0000000003742000-memory.dmp

Filesize
1.8MB

Download
memory/2728-101-0x00000000021C0000-0x00000000021C9000-memory.dmp

Filesize
36KB

Download
memory/2728-79-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-119-0x0000000003580000-0x0000000003742000-memory.dmp

Filesize
1.8MB

Download
memory/2728-88-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-92-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-68-0x0000000001FD0000-0x000000000206A000-memory.dmp

Filesize
616KB

Download
memory/2728-72-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-102-0x00000000021C0000-0x00000000021C9000-memory.dmp

Filesize
36KB

Download
memory/2728-84-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-86-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2728-90-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2784-2-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2784-14-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2784-16-0x0000000002C70000-0x0000000002E32000-memory.dmp

Filesize
1.8MB

Download
memory/2992-50-0x0000000002080000-0x0000000002095000-memory.dmp

Filesize
84KB

Download
memory/2992-61-0x00000000020A0000-0x00000000020A9000-memory.dmp

Filesize
36KB

Download
memory/2992-81-0x0000000001F00000-0x0000000001F9A000-memory.dmp

Filesize
616KB

Download
memory/2992-19-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-28-0x0000000001F00000-0x0000000001F9A000-memory.dmp

Filesize
616KB

Download
memory/2992-66-0x00000000020A0000-0x00000000020A9000-memory.dmp

Filesize
36KB

Download
memory/2992-18-0x0000000001F00000-0x0000000001F9A000-memory.dmp

Filesize
616KB

Download
memory/2992-32-0x0000000001F00000-0x0000000001F9A000-memory.dmp

Filesize
616KB

Download
memory/2992-36-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-41-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-85-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-40-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-39-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-43-0x0000000001F00000-0x0000000001F9A000-memory.dmp

Filesize
616KB

Download
memory/2992-37-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-42-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2992-70-0x00000000035B0000-0x0000000003772000-memory.dmp

Filesize
1.8MB

Download
memory/3020-256-0x00000000006D0000-0x00000000006D9000-memory.dmp

Filesize
36KB

Download
memory/3020-212-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3020-281-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3020-282-0x0000000000800000-0x000000000089A000-memory.dmp

Filesize
616KB

Download
memory/3020-253-0x00000000006D0000-0x00000000006D9000-memory.dmp

Filesize
36KB

Download
memory/3020-249-0x0000000000800000-0x000000000089A000-memory.dmp

Filesize
616KB

Download
memory/3020-247-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3020-216-0x0000000000800000-0x000000000089A000-memory.dmp

Filesize
616KB

Download
memory/3020-242-0x00000000006D0000-0x00000000006D9000-memory.dmp

Filesize
36KB

Download
memory/3052-105-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3052-25-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/3052-21-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/3052-106-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download