Overview

overview

10

Static

static

1

MultiCheck...al.exe

windows7-x64

7

MultiCheck...al.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 03:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiChecker by injuankanal.exe

  • Size

    86.0MB

  • MD5

    babe3da3eb741b6ed3ff61ff17e9b03a

  • SHA1

    a71a4e3efe15498ab248eaddf09241bea80330a0

  • SHA256

    f1b5484e2de6dd07f9d05819e5e969256cd18df1c96c794a9c0377c4ec177ffe

  • SHA512

    1d1fe46ab9132a0ea92183de92d1e80b65cb06ed9bb4754b92b8ea8e98f7e3392cb74179d4125fcf9e0cf9fb1b3dd302115f155ef0973cbd9ec3d8e31da7cf14

  • SSDEEP

    6144:lDKW1Fgbdl0TBBvjc/tebqa/95xaT390+8Jb1kek5H0usk7V1f7E:dh1Fk70TnvjcVNa15xaT39AbWeaUAD

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiChecker by injuankanal.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiChecker by injuankanal.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 600
      2⤵
      • Program crash
      PID:2756
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2476-1-0x0000000002280000-0x00000000022C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2476-0-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2476-2-0x00000000020D0000-0x0000000002110000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2476-3-0x00000000020D0000-0x0000000002110000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2476-4-0x0000000002430000-0x000000000246E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2476-5-0x00000000020D0000-0x0000000002110000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2476-8-0x00000000024E0000-0x00000000044E0000-memory.dmp

    Filesize

    32.0MB

    Download

  • memory/2476-9-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2476-10-0x00000000020D0000-0x0000000002110000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2476-12-0x00000000740C0000-0x00000000747AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3032-13-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3032-14-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3032-15-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3032-16-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.