c520b9e0d0c8c90221ad0c01c8050282c9e1e2148f35d818f4d41cd9583eefa2

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hack_Exploit (crack)_.exe
Size

10.3MB
MD5

b2b4bce402256d8e2c0c3b1acbf37b95
SHA1

0ab0ee029442eeec453ccdba27f02a6a8ba5aa71
SHA256

c520b9e0d0c8c90221ad0c01c8050282c9e1e2148f35d818f4d41cd9583eefa2
SHA512

416da774d97626e18b17ca01f83237ba49c308d371b5c068265df07e4cfd959bcb4f2d78fa2053bda18cc36be22c33f491829275ac1798e00b4a55413db1d005
SSDEEP

196608:bUAv5dnca6qpNurErvI9pWjgyvoaYrE41JIuIqoxko:Yu5NcaljurEUWjdo/H1J9oGo

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2584	hack_Exploit (crack)_.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015cce-33.dat	upx
behavioral1/files/0x0006000000015cce-34.dat	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
1680	hack_Exploit (crack)_.exe
1680	hack_Exploit (crack)_.exe
2584	hack_Exploit (crack)_.exe
2584	hack_Exploit (crack)_.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2584	1680	hack_Exploit (crack)_.exe	29
PID 1680 wrote to memory of 2584	1680	hack_Exploit (crack)_.exe	29
PID 1680 wrote to memory of 2584	1680	hack_Exploit (crack)_.exe	29

C:\Users\Admin\AppData\Local\Temp\hack_Exploit (crack)_.exe
"C:\Users\Admin\AppData\Local\Temp\hack_Exploit (crack)_.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Users\Admin\AppData\Local\Temp\hack_Exploit (crack)_.exe
  "C:\Users\Admin\AppData\Local\Temp\hack_Exploit (crack)_.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16802\python311.dll

Filesize
1.6MB

MD5
b167b98fc5c89d65cb1fa8df31c5de13

SHA1
3a6597007f572ea09ed233d813462e80e14c5444

SHA256
28eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76

SHA512
40a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16802\python311.dll

Filesize
672KB

MD5
e152cbec2f2b4a82df26e12c57b2f94a

SHA1
fd87328cb82b03f075e1d462ad6fc65fe774f8c3

SHA256
b373ad568e156b5e277e16fa9d1f223b87efb2ed514577bd3e6ca3940ea98866

SHA512
e959d6e97ef64681eca66345cd17fca2fb7b9dd58210cafe2fb42a8d7412d23d586f6e9c44c5a0322b54a8dedf4930e98d46fcb9b6e6700c8dd8b3006b1cda6d

Download Submit
memory/1680-2-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/1680-1-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/1680-3-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/1680-4-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/1680-26-0x00000000770B0000-0x00000000770C0000-memory.dmp

Filesize
64KB

Download
memory/1680-27-0x0000000003A10000-0x00000000048A6000-memory.dmp

Filesize
14.6MB

Download
memory/1680-60-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/1680-0-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/1680-43-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/2584-30-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2584-32-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/2584-31-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/2584-35-0x000007FEF56C0000-0x000007FEF5CB0000-memory.dmp

Filesize
5.9MB

Download
memory/2584-36-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/2584-37-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2584-29-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download
memory/2584-28-0x000000013F5C0000-0x0000000140456000-memory.dmp

Filesize
14.6MB

Download