7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf

Resubmissions

04/02/2024, 11:56

240204-n4drfsgeb9 10

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 11:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

82.7MB
MD5

1377790410f933a3e9ae23e0514f6e99
SHA1

bb0144b3501eea4654d82415dcc7907293f02a07
SHA256

7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf
SHA512

7b16a37f6529f32b82d00d83c4925ce75f14268949781ef8435af7e3ca6f9917e00dbc55835d630669ff8df3a820b9fe95f43136dec161492b0fab1b0e6e8b01
SSDEEP

1572864:XQ82Fhy+6ZIl0B/CiiQTzNxw7R1gOBmKunPJQj95eSKR5yIVNFq+ar2GUjl0pS+:lihytm4/Ci7TzM7lAKCBejUV+/KX+

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2412	main.exe
2412	main.exe
2412	main.exe
2412	main.exe
2412	main.exe
2412	main.exe
2412	main.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001ceac-2357.dat	upx
behavioral1/files/0x000400000001ceac-2356.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2412	2392	main.exe	28
PID 2392 wrote to memory of 2412	2392	main.exe	28
PID 2392 wrote to memory of 2412	2392	main.exe	28

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-file-l1-2-0.dll

Filesize
1KB

MD5
3a2ca3d4bd6c2c023e9cbf7b0137ec5f

SHA1
ea222dcb72c0bdd99818aaa2b42c4264907b4f16

SHA256
40eff6917406a3e56c69f93dcafc0ab560c4207ad8fb7f989606bfd94815e196

SHA512
6687515387e5c91f6e5bcc2990cd44c1c487329e0e346503781eda743f695c5e5309e9e98e6b9737dfaea472ce19cb2f06886aca1fd41afb723495a8a3b1f92d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
3589557535bba7641da3d76eefb0c73d

SHA1
6f63107c2212300c7cd1573059c08b43e5bd9b95

SHA256
642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6

SHA512
7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
8KB

MD5
3a1d0d721f721d6b783f8d70ab4f5179

SHA1
e563af0b67dfc48879dbb1a6e83f8552c96b9dea

SHA256
6646ede0001b93a63937277d5604bc93b452b6b6ff42496baa1dddeb1a34a1fd

SHA512
f1c6b3c70a571c9f583edffd9cf34990c3e2e2aa3e4a79a22da4a99c2f66dbc68a33ab4600043a53198b596b6f57937f2d6ee635e303d3cc163ac9384c7a925e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\pyinstaller-5.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\python310.dll

Filesize
1.1MB

MD5
a74698bdd84fa580277b3d74ad530065

SHA1
1314b27f2de16696c0b2ce77412304747f889d0b

SHA256
6aff1714f59a577bf624ec7368886a7261e9cc6814ec6e347e73a2d81fbf3b86

SHA512
3d686f6cf078607cbac52793b20e50d92e96e785ea422c10c390ca199b75c9b9da8e57e0f4efbfbf4051b2d596869e0fe2996dd70944ecbcc3d11153a74404cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\ucrtbase.dll

Filesize
128KB

MD5
3febcbfbc14805eb77d4b9a6fa25a466

SHA1
800036ad9c8735322f873244c3c9da97a9ae994c

SHA256
58648f7625e5692bb71a37d8d7bcf4e0225c5a3e5e3c6c0a1082a63e500a1c1a

SHA512
cb8659ef4a0e30fa1e7fb916ae194c5971498098dd173b140b65acbcab2f49e61792276096f520b8dbc4ca76b61750f56ec32fd5c7c11fe18fd66b9382173ac9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-file-l1-2-0.dll

Filesize
7KB

MD5
1c9d5e8224310c26c92f4b7a08533cc8

SHA1
c2a66cdbfea13b1d5b8ff1173398d55508408aa6

SHA256
36e3c4b0062aeabc35b441a44e6f57ab6ba5d366e6e366b481b2c2545da4526b

SHA512
6002b1483e364f2081ae2128d38c3e79943ebde420f7da4eaa91509a20bb8f614f7bc19a8a4a963775d80647c0044074b6785e525115762d698aece8c66efff7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
2KB

MD5
db3537463d91a0a142e7fa6cda0da3af

SHA1
eca6b2ee15de4a67e07e4747cee749173dbed66f

SHA256
a167b90d2b7a205f98eb67bb8376d0ed7046b018b7008f14e594e492d881bec3

SHA512
c404076a7e8d94486671e2cc28c4f73d75f1b4e5697b4cff30c1a1159d6233142cecf2eb0daf8a4cf704b5658391babfbf780ebe52100a39d85c736b51c9fe6e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
b9a20c9223d3e3d3a0c359f001ce1046

SHA1
9710b9a8c393ba00c254cf693c7c37990c447cc8

SHA256
00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068

SHA512
a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\python310.dll

Filesize
1.0MB

MD5
1fe8b098f27ab9424d2b3222c7c36718

SHA1
03830b5d8cce38a4b4bb547cb937e6b3e3c2076b

SHA256
4cbf45ed665327923518938071f0e11e7706ea04a878254375d21518271d566d

SHA512
caa6784ccec235433b5e499dd1cb7657ab42d09d044158c34f620cb41ecfaf2db7b5572c7f7f1712aa2938d0404408b70ede7b7046b1fc51c13574ab83d4813a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23922\ucrtbase.dll

Filesize
483KB

MD5
e1dcb333154e8be5b450ef73ec9ecdf2

SHA1
940d6809ae0708684b52e1160348b5cdd2aba3c5

SHA256
f555762d6c6bf9dce1c36d1fcdbee6c5fc89e4153e9a8e57886cfe359d589b76

SHA512
f3d82135bff95a1afe861cd67cce7ae7952eab3ecdfbcd49d1fb31ad12b92a668dca018742208779a3730a8abe71b9a4e766c41e975207ced6943f73974cb818

Download Submit
memory/2412-2358-0x000007FEF5C80000-0x000007FEF60E6000-memory.dmp

Filesize
4.4MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads