fc28ba9563494faac36798fac806db2119ba1281e8adbec9154e5631615f19c4

Analysis

max time kernel
181s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

win7x64exe.exe
Size

4.8MB
MD5

dcd97f0f0c5450955d2c0c0b9965d132
SHA1

3002c430d00cc04b1a2edf5514842b4246ecbc41
SHA256

fc28ba9563494faac36798fac806db2119ba1281e8adbec9154e5631615f19c4
SHA512

6b93b37d2bcc60b790757dd40faea3a8b9e3cb8f402ee4df51528689e41c35dbea2a73d8dd2402462cb27faae48561320b89044ae9f970589a2ec933d0e3e714
SSDEEP

98304:bmqaRSCo7GNUOiGyUu+jtt7dk5XNLV9B2vEbP4iuVUAI0Nn:bvNCooFfTu+j/hEXpmEbPTiIK

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
3644	win7x64exe.exe
3644	win7x64exe.exe
3644	win7x64exe.exe
3644	win7x64exe.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023270-54.dat	upx
behavioral2/memory/3644-58-0x00007FFC138B0000-0x00007FFC13C84000-memory.dmp	upx
behavioral2/files/0x0006000000023240-60.dat	upx
behavioral2/memory/3644-62-0x00007FFC20A50000-0x00007FFC20A78000-memory.dmp	upx
behavioral2/memory/3644-63-0x00007FFC138B0000-0x00007FFC13C84000-memory.dmp	upx
behavioral2/memory/3644-64-0x00007FFC20A50000-0x00007FFC20A78000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	3644	win7x64exe.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 3644	3384	win7x64exe.exe	92
PID 3384 wrote to memory of 3644	3384	win7x64exe.exe	92

C:\Users\Admin\AppData\Local\Temp\win7x64exe.exe
"C:\Users\Admin\AppData\Local\Temp\win7x64exe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Users\Admin\AppData\Local\Temp\win7x64exe.exe
  "C:\Users\Admin\AppData\Local\Temp\win7x64exe.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI33842\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33842\_ctypes.pyd

Filesize
57KB

MD5
c4cc9041b070ca68d635b1ec814c89ab

SHA1
f59840deb37a293373b93b4b24ac540e0b6cc615

SHA256
5dbfa97ad514a03ef3510ddbfce0b93fa84b6f1e26e4963eae874e4b13f306e6

SHA512
5aded8ff5b4da41283449cdc1ae818f9c4001b4dd641e022ab08549e94f7cbdc99d40b8d5d42999b00e01e7020c63bf136262f83b3b5ed776164e89c3cc4dcd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33842\base_library.zip

Filesize
999KB

MD5
0fa25c5ceb3e00ac8288e071216e5a1a

SHA1
bc47d89306a3569925d8e93078924f1840220654

SHA256
f8eef43b339f8a3aeeb57bf48036e26eccda7c487bb71f94cc5f76517f561531

SHA512
e8d19dd71bdd3a77ae567b55d73d4a8b34d8bdb5984d5cf40b86232bc01d40af7afc3f794b618c56bd91bc8b9592dbe774c08f82d6f8f9e83d73e1627ee9998f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33842\python37.dll

Filesize
1.2MB

MD5
fbbc397e4303f57c0c868802737edd7e

SHA1
511eea5f86c2d09cbeb084439703aa7664fdb27f

SHA256
3ab7ece99de440645514c9f9bb995dd528b9a71c0b7f0261198f333624ab3d84

SHA512
cfcf77acc6368dbb398c4ecf56fb8645c7965196f4a736ac338350e8a80d36d0844d6a85738de5432c1534ee9b50c818f691ebc16e8565883e4b36f2194844b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33842\ucrtbase.dll

Filesize
773KB

MD5
074b7cdb9c95864cfcf55b1f27531ca4

SHA1
8dd9829961e97dd4b9759f7e569476a31ba8f9e3

SHA256
dca2c575bf4c96acfe4c1e36d82c08341dd09f23218e27a736dbe01129f37811

SHA512
b6761151ef1e9f111a849ed28b116ad7066bff700191aa5b1b6234eff9c55311f0df3c7aad81b8ee5b24a1280ff74ee803d2c253b4b9e358bbe8959ecf5e1f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33842\ucrtbase.dll

Filesize
961KB

MD5
2381e189321ead521ff71e72d08a6b17

SHA1
0db7fea07b4bc14f0f9d71ecfa6ddf3097229875

SHA256
4918f2e631ef1ae34c7863fa4f3bd7663b2fdf0fa160c0de507ed343484ac806

SHA512
2d51d1de627deb852d5ce48315654dfb34115ea9f546f640bb2304cd763d4576eadff5cd7fd184a9b17bac8bf37309a0409034d6303662edfa1a6db69366b9e5

Download Submit
memory/3644-58-0x00007FFC138B0000-0x00007FFC13C84000-memory.dmp

Filesize
3.8MB

Download
memory/3644-62-0x00007FFC20A50000-0x00007FFC20A78000-memory.dmp

Filesize
160KB

Download
memory/3644-63-0x00007FFC138B0000-0x00007FFC13C84000-memory.dmp

Filesize
3.8MB

Download
memory/3644-64-0x00007FFC20A50000-0x00007FFC20A78000-memory.dmp

Filesize
160KB

Download