bcd9913c07e5dd977facaafd039e9b27a89b985a4439bf485e548cc5296bba86

General

Target

6631515e685cb5f2ffd7c67c3f3e34e7.exe
Size

97KB
MD5

6631515e685cb5f2ffd7c67c3f3e34e7
SHA1

04010e8559bf8a464663aae3b5586587c0718bc6
SHA256

bcd9913c07e5dd977facaafd039e9b27a89b985a4439bf485e548cc5296bba86
SHA512

446a8dffd08c486e4010a169f8deb4205bb4b5c82622ec73fe80fd4763b0226f2a5ac12a19fdb35e5c0e1263472d72a2b3c9d459c161e6288e3410b9866934d4
SSDEEP

1536:3UUUUUUUUUUHdTD+vvvvvvvvvh+UUUUUUUC9mIkkkkkkTyhhhhhhhMbguez:blN9RkkkkkkTLbYz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/files/0x0038000000016d32-6.dat	upx
behavioral1/memory/2284-20-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-21-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-22-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-23-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-24-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-25-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-26-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-27-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-28-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-29-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-30-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-31-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2284-32-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\UT2004 + fix.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\DAoC_serial.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\Sims 2(cheat).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Doom 3(serial).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\UT2004 + fix.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Silent Hill 4 + cheat.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\DAoC_serial.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Half-Life 2 + serial.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 + serial.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Sims 2 cdfix.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\Sims 2 cdfix.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\UT2004(nocd).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\UT2004(cdfix).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Sims 2(cheat).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4 + cheat.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\UT2004(cdfix).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File created	C:\Windows\win32dc\Counter-Strike + fix.exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe
File opened for modification	C:\Windows\win32dc\Doom 3(serial).exe	6631515e685cb5f2ffd7c67c3f3e34e7.exe

C:\Users\Admin\AppData\Local\Temp\6631515e685cb5f2ffd7c67c3f3e34e7.exe
"C:\Users\Admin\AppData\Local\Temp\6631515e685cb5f2ffd7c67c3f3e34e7.exe"
1⤵
- Drops file in Windows directory
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Sims 2 cdfix.exe

Filesize
98KB

MD5
e7ce4c743b7bd5d60f9139f23b1ab7ff

SHA1
7ebc877f582f329bcc1db0a37331851a469974e6

SHA256
dcb693233defb3bcdc13c35ba18cae1df8a176a5977147162d2e891a81c0be0c

SHA512
5864db1dbc5c928a5e77c12cbb6a055098f9abf0ad7fe63e30b178f4faa581541386438b1364fae98c0acab06f69dd7b195595f9cc5ff1ba59e71becd1f30b06

Download Submit
memory/2284-24-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-20-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-21-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-22-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-23-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-25-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-26-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-27-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-28-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-29-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-30-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-31-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2284-32-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads