4fc5d68b743a3e9d96adab6520e57da5d2260f34f804397fb27685fe1be84d42

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1fb8351dc897af2cfa8759d18c63c6c.exe
Size

484KB
MD5

c1fb8351dc897af2cfa8759d18c63c6c
SHA1

14bf19f1f6296b65601f57a84d0b2f32690d7c97
SHA256

4fc5d68b743a3e9d96adab6520e57da5d2260f34f804397fb27685fe1be84d42
SHA512

eef0028bc67793b96acb3c0eb167c7e286df5ce62a38e7e9089121b83855438b913730790755b371d4814a08fb72176e730b8eb38eb12b3de8c3ffd96efb5119
SSDEEP

6144:5dkkkkkkZ6ZXAdkkkkkkZ6ZndkkkkkkZ6ZXAdkkkkkkZ6Zy4DPpOnT:576lA76Z76lA76CnT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2508-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2508-1-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/files/0x00320000000144f0-6.dat	upx
behavioral1/memory/2508-20-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\Silent Hill 4_fix.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4 + serial.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\Sims 2 patch.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\DAoC crack.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\DAoC crack.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Quake3(fix).exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\Quake3(fix).exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942_fix.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\FlatOut_codes.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Silent Hill 4_fix.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\FlatOut cheat.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\BattleField 1942_fix.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\FlatOut_codes.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Quake3 hack.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Doom 3(cdfix).exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File opened for modification	C:\Windows\win32dc\FlatOut cheat.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Silent Hill 4 + serial.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe
File created	C:\Windows\win32dc\Sims 2 patch.exe	c1fb8351dc897af2cfa8759d18c63c6c.exe

C:\Users\Admin\AppData\Local\Temp\c1fb8351dc897af2cfa8759d18c63c6c.exe
"C:\Users\Admin\AppData\Local\Temp\c1fb8351dc897af2cfa8759d18c63c6c.exe"
1⤵
- Drops file in Windows directory
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Silent Hill 4 + serial.exe

Filesize
484KB

MD5
ee2fa8165ffed4e3e175d5c5dfcd5f60

SHA1
5e39e32344b555edcfbf6e78456e5f4fc29e0c66

SHA256
c1d28613d50c28dce8eadcd0c1e91d84f0063a4183fb61742f9e7ae5bbc2e5b1

SHA512
bb1f5687180748414b11678a8719e90b6a62f72c00360065d4e80e97db7375fcc29a5d63d5453da9c8784026ac4d963e561531ac3bbd8ab3703ae03f43dfaa0d

Download Submit
memory/2508-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2508-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2508-20-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads