ff33b0edf302dca30948ae6214dda0cb922c7523973aa87e8f61a46c3be5c752

Analysis

max time kernel
1558s
max time network
1594s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PrankPack-main/Pack/Prank Pack/Overlay 800x800 Penis Spin.exe
Size

7.5MB
MD5

118598960643743b3d289c119b8ee85d
SHA1

7b4ebac6841181b56c973b8488bf843874123f4a
SHA256

09937485f36f0d39599ca57d947373ef2484eb16bea9b39d595b3795d3b02636
SHA512

2a3f21b747f7a12209581606ffd54f6140bfba2e5b887bdb86c4b0189c81e6463e5c040c60f60f12b6f27bd1edf38782d62f809600cfcb00ed5bb08c816cab30
SSDEEP

196608:SXI/6YcFfBrebd0olJ7rGxUuMu6vzxDJlp6:SY/FyfBA7lsKNtvdPp6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

meat.exe

pid process

1860 meat.exe
Loads dropped DLL 3 IoCs

Processes:

meat.exe

pid process

1860 meat.exe
1860 meat.exe
1860 meat.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

meat.exe

pid process

1860 meat.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

meat.exe

pid process

1860 meat.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

meat.exe

pid process

1860 meat.exe

pid	process
1860	meat.exe

pid	process
1860	meat.exe
1860	meat.exe
1860	meat.exe

pid	process
1860	meat.exe

pid	process
1860	meat.exe

pid	process
1860	meat.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

Overlay 800x800 Penis Spin.execmd.exe

description	pid	process	target process
PID 2152 wrote to memory of 2192	2152	Overlay 800x800 Penis Spin.exe	cmd.exe
PID 2152 wrote to memory of 2192	2152	Overlay 800x800 Penis Spin.exe	cmd.exe
PID 2152 wrote to memory of 2192	2152	Overlay 800x800 Penis Spin.exe	cmd.exe
PID 2152 wrote to memory of 2192	2152	Overlay 800x800 Penis Spin.exe	cmd.exe
PID 2192 wrote to memory of 1860	2192	cmd.exe	meat.exe
PID 2192 wrote to memory of 1860	2192	cmd.exe	meat.exe
PID 2192 wrote to memory of 1860	2192	cmd.exe	meat.exe
PID 2192 wrote to memory of 1860	2192	cmd.exe	meat.exe

C:\Users\Admin\AppData\Local\Temp\PrankPack-main\Pack\Prank Pack\Overlay 800x800 Penis Spin.exe
"C:\Users\Admin\AppData\Local\Temp\PrankPack-main\Pack\Prank Pack\Overlay 800x800 Penis Spin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\169C.tmp\169D.tmp\169E.bat "C:\Users\Admin\AppData\Local\Temp\PrankPack-main\Pack\Prank Pack\Overlay 800x800 Penis Spin.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Roaming\meat.exe
meat.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1860

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\169C.tmp\169D.tmp\169E.bat
Filesize
30B

MD5
2abbb5426746949244681ee4d9e0b9ab

SHA1
51ade840ffba5192afe09ded6eb030521d322946

SHA256
fa870338abcbe4f77196cf25b0e68832932a0ba67e6a14396ba14203ec2406c4

SHA512
e35c8e2b965ad0a42a6f4a2295b7a110f54f77c643dc120c2412ad1fcd8325917eaa1d689749a703b5245e77d62959cd1b5eee6b5ac2b14a803f5729c86273b7

Download Submit
C:\Users\Admin\AppData\Roaming\meat.exe
Filesize
3.2MB

MD5
01887e51d2d9c85d36e14372aeb03be3

SHA1
7602d0346670d8532f57dcd525bfac5f2b1cdb32

SHA256
fae0e04c8d36bffc861e39f04e2779344d967ef9a8067b34c6fe7ac2a29d4518

SHA512
9d8c7a56091c5b1334e2c8736dc22a527e1003f257e6bc7f2dc44403dc5b4d19977069d0b8a3a78d6f1e9c5983de8cc7d8b22ba5bf2f29bd42456edf4f6bf83f

Download Submit
C:\Users\Admin\AppData\Roaming\meat.exe
Filesize
3.0MB

MD5
965617c38c25463166418df0a3f91e82

SHA1
b39df7610fb59c98f6b610336ea2ba330a1661f4

SHA256
0dd69126f723b508f4d482f1dd9a0294474792bcfe0cf9a35211e928d7881f90

SHA512
39e57a546932aacedcb3cb819aef86cde00d2603b3a5c4a9e4b331b36168a1cb3c497063d7b831c784b513797025fbc219725b75b1065cc43865c31cadb8b5fd

Download Submit
\Users\Admin\AppData\Local\Temp\mrt17F4.tmp\mmf2d3d9.dll
Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
\Users\Admin\AppData\Local\Temp\mrt17F4.tmp\mmfs2.dll
Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
\Users\Admin\AppData\Local\Temp\mrt17F4.tmp\mp3flt.sft
Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
memory/1860-25-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-22-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-20-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-28-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-27-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-26-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-17-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-24-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-23-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-19-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-21-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-32-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-35-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-34-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-18-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download
memory/1860-33-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-31-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-30-0x0000000074D70000-0x0000000074DE8000-memory.dmp

Filesize
480KB

Download
memory/1860-16-0x0000000000840000-0x0000000000945000-memory.dmp

Filesize
1.0MB

Download