Overview

overview

8

Static

static

3

Place v2 f...re.lnk

windows7-x64

3

Place v2 f...re.lnk

windows10-2004-x64

3

build.dll

windows7-x64

1

build.dll

windows10-2004-x64

1

crack.exe

windows7-x64

1

crack.exe

windows10-2004-x64

1

map.exe

windows7-x64

8

map.exe

windows10-2004-x64

spoof/robl...s!.rtf

windows7-x64

4

spoof/robl...s!.rtf

windows10-2004-x64

1

spoof/spoof.exe

windows7-x64

1

spoof/spoof.exe

windows10-2004-x64

1

v2/auth/au...or.exe

windows7-x64

1

v2/auth/au...or.exe

windows10-2004-x64

1

v2/auth/runtime.dll

windows7-x64

1

v2/auth/runtime.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crack.exe

  • Size

    3.4MB

  • MD5

    a827295f4df3c5ba4eae2c68b555ab18

  • SHA1

    04a24b11e1eaa40d221ae960160dfb4bd39effbd

  • SHA256

    f801b0b197f0b4b3244441aa7428acf34c2a034201a00d8d4d8eab0d3b647908

  • SHA512

    8a53a730bc1bd78b1f108fe1e22d03dbb9f6802092ec31291befedcac7016b3ddc37206b2fca72dafc20d4cb83c5fd68d39cb38f6b69c18a4df10285e6dfc1d0

  • SSDEEP

    49152:S6D0LjBn8/PkyiZYq6cVERznwOnqswS/KtJ78JEmm8PKXnqrADkMT0IZdC:y/VeJwYUQXqpAVmmm8PwntT0IZdC

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\crack.exe
    "C:\Users\Admin\AppData\Local\Temp\crack.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3672
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start CompPkgSrv.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4192
      • C:\Windows\system32\CompPkgSrv.exe
        CompPkgSrv.exe
        3⤵
          PID:2260
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c pause
        2⤵
          PID:4796

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3672-0-0x00007FF94B0F0000-0x00007FF94B2E5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3672-1-0x00007FF94B0E0000-0x00007FF94B0E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3672-2-0x0000000000700000-0x0000000000732000-memory.dmp

        Filesize

        200KB

        Download

      • memory/3672-3-0x00007FF94B0F0000-0x00007FF94B2E5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3672-4-0x0000000000700000-0x0000000000732000-memory.dmp

        Filesize

        200KB

        Download