b3eac493af9af76dcea70745bc294b6fbb9ffdc7c0564e341f4666af6ff153e7

Analysis

max time kernel
170s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Keystrokes v1.05.exe
Size

7.9MB
MD5

5b3f3f9c2426de98004fd214b440f15c
SHA1

9f4b0384d2f6523e682a618927bdd7155fb70ffe
SHA256

b3eac493af9af76dcea70745bc294b6fbb9ffdc7c0564e341f4666af6ff153e7
SHA512

ef59f987473dc356866608499321e9b316e4f9a8f1dcfe29a4831e6d21c887cc3e424ed6a356620a82ef10ffce230380d9488beebc05deefbd46ee6c51d4cd97
SSDEEP

196608:EoiM2Hg5+iPa2BXvrRFNIPI9v40tOQveaNyDME82DUmjariDtu8:Hv2HgsiPacDfNN9lrveIUjja+D

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
3776	Keystrokes v1.05.exe
3776	Keystrokes v1.05.exe
3776	Keystrokes v1.05.exe
3776	Keystrokes v1.05.exe
3776	Keystrokes v1.05.exe
3776	Keystrokes v1.05.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000600000002322f-41.dat	upx
behavioral2/memory/3776-45-0x00007FFD73B50000-0x00007FFD73FD1000-memory.dmp	upx
behavioral2/memory/3776-52-0x00007FFD83750000-0x00007FFD8375F000-memory.dmp	upx
behavioral2/memory/3776-58-0x00007FFD830C0000-0x00007FFD830CE000-memory.dmp	upx
behavioral2/memory/3776-56-0x00007FFD82C80000-0x00007FFD82C9A000-memory.dmp	upx
behavioral2/memory/3776-51-0x00007FFD82CA0000-0x00007FFD82CC7000-memory.dmp	upx
behavioral2/files/0x0006000000023218-47.dat	upx
behavioral2/memory/3776-62-0x00007FFD82C80000-0x00007FFD82C9A000-memory.dmp	upx
behavioral2/memory/3776-60-0x00007FFD82CA0000-0x00007FFD82CC7000-memory.dmp	upx
behavioral2/memory/3776-59-0x00007FFD73B50000-0x00007FFD73FD1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 3776	4612	Keystrokes v1.05.exe	90
PID 4612 wrote to memory of 3776	4612	Keystrokes v1.05.exe	90

C:\Users\Admin\AppData\Local\Temp\Keystrokes v1.05.exe
"C:\Users\Admin\AppData\Local\Temp\Keystrokes v1.05.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Users\Admin\AppData\Local\Temp\Keystrokes v1.05.exe
  "C:\Users\Admin\AppData\Local\Temp\Keystrokes v1.05.exe"
  2⤵
  - Loads dropped DLL
  PID:3776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI46122\VCRUNTIME140.dll

Filesize
92KB

MD5
8701ecfaf4541be06b841900ee14c6d7

SHA1
e055eeccf7699d8770fdbc235a53bf0e147964e0

SHA256
9fe6a9c47103e06bb11121e30979de9e94cc74c314884325beab4ca54e043153

SHA512
1d7d29ee2f79e7c170a48e585f2d3f127246fe64913e99e7aba74393fc0f8278b125a67ba396cd56858f9923fc5600aee6f26e07e91efe72c45e058de273e00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46122\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46122\_ctypes.pyd

Filesize
56KB

MD5
b8f801273f7a5eb69d3c29f24a44d08c

SHA1
3a5a6e5a03aaf44a80d3798c48f4e38e62271cc1

SHA256
9a2dcd673697f0af45baf74b0e8151668a1553478214296c50e30a8ee491c023

SHA512
acc23f6ea88a6a0f0baba6e5541b362408e3de55d0bc051de8c84f4c95e9bd74e1ab7744551fede9e2cd8aaa0b31cc637af40a6e6b8dd2fdb434c582c5c256bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46122\base_library.zip

Filesize
92KB

MD5
91b0898d43f059356616474436c0861b

SHA1
6077b4d524c992303dff755f9eeebf91a3639b74

SHA256
90c24bbd1c2de746f59c6d3664300a96954a0a8feb3095b388dff2cde4f6dbcf

SHA512
d6e0c2835396cf0b3e6db4c071fbec5e06ae31eff71009c1b5660086e804b1ecf3860016e6b553f755359fab0fcd24c3400458d94e37fe66f92c6c8ad60e279c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46122\python39.dll

Filesize
94KB

MD5
77f6e91a27fc2c5c878980c763f1b32e

SHA1
5c288e3e69d32bb60b340f66ffadae751e1d5900

SHA256
2acc0d58a618c937280b64ed6ac9839c115523f806797bc2a68acb21abc63152

SHA512
f6214421f7c63a7bd527cc5df039e9b157f74587d279d03af6d0fd795a20c5e32b8c4208a96a81a196b99cad6e8ddeb896730fa31e6667381b89971393ceab89

Download Submit
memory/3776-45-0x00007FFD73B50000-0x00007FFD73FD1000-memory.dmp

Filesize
4.5MB

Download
memory/3776-52-0x00007FFD83750000-0x00007FFD8375F000-memory.dmp

Filesize
60KB

Download
memory/3776-58-0x00007FFD830C0000-0x00007FFD830CE000-memory.dmp

Filesize
56KB

Download
memory/3776-56-0x00007FFD82C80000-0x00007FFD82C9A000-memory.dmp

Filesize
104KB

Download
memory/3776-51-0x00007FFD82CA0000-0x00007FFD82CC7000-memory.dmp

Filesize
156KB

Download
memory/3776-62-0x00007FFD82C80000-0x00007FFD82C9A000-memory.dmp

Filesize
104KB

Download
memory/3776-60-0x00007FFD82CA0000-0x00007FFD82CC7000-memory.dmp

Filesize
156KB

Download
memory/3776-59-0x00007FFD73B50000-0x00007FFD73FD1000-memory.dmp

Filesize
4.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads