bcfa9fc0b223c49baca3ac64ed6025355b07a67be93e482386a74748afa8e442

Resubmissions

07/03/2024, 09:34

240307-lj9bhsgc99 7

07/03/2024, 09:31

240307-lhafssgc68 7

07/03/2024, 09:29

240307-lf3dssgc37 7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EkexClient.exe
Size

16.7MB
MD5

f41449ea10867dbadbeb9984997d1667
SHA1

69f2eb0752463eaad10cb18a2fff9e2fce79648a
SHA256

bcfa9fc0b223c49baca3ac64ed6025355b07a67be93e482386a74748afa8e442
SHA512

931d9c513b76a612ecc980291d26db8cd97f632147bea5d53d8a0fe02c955e24d7e6492e20d4102e208f46432400e8c61b8d2fce1106d49e8c040929de479230
SSDEEP

393216:oh9S2nnx837Xf+h2Jp5MLurEUWjljEh01tlypd7XiWCQaa:y9Dnxq7WhpdbJ91byr+VQaa

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2248	EkexClient.exe
2248	EkexClient.exe
2248	EkexClient.exe
2248	EkexClient.exe
2248	EkexClient.exe
2248	EkexClient.exe
2248	EkexClient.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a425-147.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2248	1708	EkexClient.exe	28
PID 1708 wrote to memory of 2248	1708	EkexClient.exe	28
PID 1708 wrote to memory of 2248	1708	EkexClient.exe	28

C:\Users\Admin\AppData\Local\Temp\EkexClient.exe
"C:\Users\Admin\AppData\Local\Temp\EkexClient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\EkexClient.exe
  "C:\Users\Admin\AppData\Local\Temp\EkexClient.exe"
  2⤵
  - Loads dropped DLL
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17082\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
ac4df73c97799aa9f5bec3c5fd78937e

SHA1
6a95f8f24b6faf92580be7d2b587eb43714937e8

SHA256
796896827a8eb53cfc40e49ffd56ce4c5e40671c94b8102f97dce67a351e997c

SHA512
4db9636f306bf851678d4ad12c7b33dfeaeecf65393ac9f843dc5cb7382532644475a653d708dbd1cb6bae4db1b5273e84ce76ee0941649cb02ebca9e7afb44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
5bf0d34b49a16004c9b2297502c736da

SHA1
60d30cad05932086fafd87890b40ea798ff5143e

SHA256
94d0ea1ff3707665bbbe9942d000e497306504575bee4e687fa8a51a29b841e6

SHA512
9feaf1e7b602370edb67a2dfa627b09a96aa905b946ffe2af2d595288ed784d43d8e4bb1d29f23f459535b5892d38088dfd9a73fdf636dc21b6d9143f56e77a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
21077a051ef0f7a06f11b2270920bb9b

SHA1
6d3ae3eabf83c8206ff3eea1c73ac02e1e649de4

SHA256
fb37e0ad35ca4446e9edafdf5c2ac55cae0b40f3a609f6fa63688d2f5bc90df4

SHA512
3bdded7681618d62e430e4ead2101b5e6cc39866eaeb1bb5330234006d86eb884f388cbd3a4e56dbcad02f9573a69f4d9164dbfb58d773fc92bb810b1bf0075f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
d5cb714b845fbd16f4139412417653bf

SHA1
f3316169ae8909cb2dbf9769d7e253a09b4590d0

SHA256
eb299c380b9149f65ce7be6945a2a2eb0e63bfa87a27759e456b7050eb744cdb

SHA512
f6444115e5de000e13ed0cd13a4adf686974c78b48bd2cf8c1fea8e05f5f5494dae2e74b7706c7651ad4c0cfbeee108fb786878629650d1ed2b8f31d3881e4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
7cf41ccd6d1f252d16475a116d9a8f1d

SHA1
3167fca636a5d3306a22924f4edb0aaff6eecbb4

SHA256
049c9a49353416701a0672985800734e515be2b5f5445fb5fb3813845460008e

SHA512
6f7ea04d7d25396e0bf776140cacc42a31e355453d158ca4d88b3b03d0662fe4c9d20b006bb17087375d3d8b87d9f9c70c9c7508e370883033f6cf6a552ad15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\python312.dll

Filesize
1.8MB

MD5
2889fb28cd8f2f32997be99eb81fd7eb

SHA1
adfeb3a08d20e22dde67b60869c93291ca688093

SHA256
435430e3abfde589d8535bc24a4b1d4147a4971dbe59e9377603974c07a1b637

SHA512
aaa33b8178a8831008ea6ad39b05189d55aa228a20a2315e45df6e2ff590c94478cfc76c9adb762689edb021ecdf98df3e7074d8d65c1c477273056b7509f8ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\ucrtbase.dll

Filesize
1.1MB

MD5
b0ceb85c5e954f543abc076fa8de17f9

SHA1
0969b9819d72e24139d1f931c27710e814581d27

SHA256
1e316042bf54883cde951203633b087c2dcfdb2195af0526fb9d686541b14950

SHA512
36d9182a73edcd14949f93dfefd47f513fce5760efb8fa8a111af9001a0752f2dc90a92374aaafa9f58ff58f6603ee9e6efdd49ff5359fe6e69f2e1ef7a6cd73

Download Submit
memory/2248-149-0x000007FEF5460000-0x000007FEF5B39000-memory.dmp

Filesize
6.8MB

Download