5a000dfadc5854935e75024fc35aeaa461d8f9ac997730310fe19638006745ac | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-de
resource tags

arch:x64arch:x86image:win7-20231215-delocale:de-deos:windows7-x64systemwindows
submitted
13/02/2024, 02:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ultraddos.exe
Size

12.5MB
MD5

9d847ce73c7b1392348732f66790dc28
SHA1

1c3de96158925d938aabb6b0098f9db260895a3f
SHA256

5a000dfadc5854935e75024fc35aeaa461d8f9ac997730310fe19638006745ac
SHA512

66e5d505ac87ca9c3fe14efbd8ca3c68ae4893afc8ef53a261d4246ebe9b28129e8691800bca8df9a5416c80ac2aac1086be2e328e690848676fb87c27f3d44d
SSDEEP

393216:JU9lz21WCx1InEroXgfEqirRRo5tN3ZWU03xToggqiD+iU4:+C1Vx+ErUswvstN37+gqc93

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
572	ultraddos.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 572	2936	ultraddos.exe	29
PID 2936 wrote to memory of 572	2936	ultraddos.exe	29
PID 2936 wrote to memory of 572	2936	ultraddos.exe	29

C:\Users\Admin\AppData\Local\Temp\ultraddos.exe
"C:\Users\Admin\AppData\Local\Temp\ultraddos.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\ultraddos.exe
  "C:\Users\Admin\AppData\Local\Temp\ultraddos.exe"
  2⤵
  - Loads dropped DLL
  PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29362\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit