Overview

overview

10

Static

static

7

Macrium.Re...64.rar

windows11-21h2-x64

10

Macrium.Re...07.rar

windows11-21h2-x64

3

Cleaner.exe

windows11-21h2-x64

7

out.exe

windows11-21h2-x64

3

Readme.txt

windows11-21h2-x64

3

Macrium.Re...er.exe

windows11-21h2-x64

7

out.exe

windows11-21h2-x64

3

Macrium.Re...me.txt

windows11-21h2-x64

3

Macrium.Re...ch.zip

windows11-21h2-x64

1

Macrium_Re...ch.exe

windows11-21h2-x64

7

Macrium.Re...ch.exe

windows11-21h2-x64

7

Macrium.Re...up.xml

windows11-21h2-x64

1

Macrium.Re...ls.xml

windows11-21h2-x64

1

Macrium.Re...ffs_db

windows11-21h2-x64

3

Macrium.Re...me.txt

windows11-21h2-x64

3

Macrium.Re...64.exe

windows11-21h2-x64

1

Macrium.Re..._3.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    158s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/03/2024, 16:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Cleaner.exe

  • Size

    1.2MB

  • MD5

    4730239db03a288f88b2fcdba98ccd8c

  • SHA1

    90a332972128f91adece2e613f8ef6b19d984b8d

  • SHA256

    56b43a9f785921257e1e93a32f32ac8774d9218f3c475123cea577700ac37fe0

  • SHA512

    eeb342399a82d571e0f54829189dfc42a448d186ca4ad56d211ad906ee55f2545f4452a6e391531ef810a8d24d3d0b5949ebb8d43a2b86e08994b1a656b3e0ca

  • SSDEEP

    24576:j4GHnhIzOa51kAMI+i3zgK946teJzrfm+b/MYEK7cVsAZRD:8shdaKjik9fd/MZKgVs

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\Cleaner.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2948
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3872

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2948-0-0x0000000000350000-0x00000000005F6000-memory.dmp

            Filesize

            2.6MB

            Download

          • memory/2948-1-0x0000000000350000-0x00000000005F6000-memory.dmp

            Filesize

            2.6MB

            Download

          • memory/2948-2-0x0000000000350000-0x00000000005F6000-memory.dmp

            Filesize

            2.6MB

            Download