066578d81356949b4f434d0402a24c6d0778c18e9763ba6c6582da161b966c5c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Suferal.exe
Size

77.0MB
MD5

1fe2f43a7e280f928f07ccb99d3f7b2f
SHA1

c0a3c4ef0766e358fc1f1e8c431e4c3e1d7d78c0
SHA256

066578d81356949b4f434d0402a24c6d0778c18e9763ba6c6582da161b966c5c
SHA512

47075a3af5f15388570f9edcaa4bbdaa517b37879236c2c4ddc9fdc36e03d03432af21820b17c510ca5f5bed793ac9d3b37d1c70c123fbe281031db09b539327
SSDEEP

1572864:nviEZjbVWSk8IpG7V+VPhqYdfME7pjx9oiYweyJuCZUdgOMWhHpSzFwZvkOEB:nvZZVWSkB05awcfbtHpunMgHKwkOK

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Suferal.exe

pid process

2792 Suferal.exe
2792 Suferal.exe
2792 Suferal.exe
2792 Suferal.exe
2792 Suferal.exe
2792 Suferal.exe
2792 Suferal.exe

pid	process
2792	Suferal.exe
2792	Suferal.exe
2792	Suferal.exe
2792	Suferal.exe
2792	Suferal.exe
2792	Suferal.exe
2792	Suferal.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI20882\python312.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Suferal.exe

description	pid	process	target process
PID 2088 wrote to memory of 2792	2088	Suferal.exe	Suferal.exe
PID 2088 wrote to memory of 2792	2088	Suferal.exe	Suferal.exe
PID 2088 wrote to memory of 2792	2088	Suferal.exe	Suferal.exe

C:\Users\Admin\AppData\Local\Temp\Suferal.exe
"C:\Users\Admin\AppData\Local\Temp\Suferal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088

C:\Users\Admin\AppData\Local\Temp\Suferal.exe
"C:\Users\Admin\AppData\Local\Temp\Suferal.exe"
2⤵
- Loads dropped DLL
PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20882\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
733f77237efc58e2ffcb6e84e5244aff

SHA1
c41f330cbbc4f8dc06b13c5326d4ad19860c11c9

SHA256
8730943f943280775c72c0cda866b6f971e02a2d97ae0d978706f9131fbffccf

SHA512
52d67a01887b75a61608d29d172e7c8c9f1dd05080a72fecd80e9928512e984063f6228390788a508199f6a510209466c441d20b6cc680f639c9313bf8bcc514

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
844b76aadf40102a14548ad512a1938f

SHA1
dbf5bdaf45859e34b23c71ab93b0df13322f4599

SHA256
0bffd9d1cd6440b4dd0333e64b39eb24af378cced8c4849fb430e42ea19ff10f

SHA512
9c1a4ef8c5213ef092ffae5d55b0bf5985be5e6060d4f8d14aee71eb2e58fe14c3a40ccccdbfbb2f4f846488280aaf2e4e443b6957f35094c421116a4f995e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
87dd6f4b71bc0a7dfcdc5bb4052b25e5

SHA1
9dc5c6cb25eacdde4cb528f433aef7c433403d49

SHA256
eccfcc2e215bf43760a48371d3d45067d9f5413c19e60c310b05ded333ca4491

SHA512
3e1ef65959ab675cf14be9af5c4d8d443d37462b227a92618f94318bf4141f2f30f2964dd0286d3016dde22d72ca845acb87ce301947c5fecbdad392225de781

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
335235651d05b50f7ef7bbd041024dc7

SHA1
e5b77f81c8c4787195fa5ca38571240af3c99ef0

SHA256
f1f46d16ec16dd633d883f6699ad4ceb252b10e6e8ca918f27090d3c84a10c33

SHA512
6fa42d77319b01619cf249cc65085492275114e94bd450d70da67f745fa650a54a72257b127ef9dddc9cce15d8022fe3b95787e990a605026fab83bc9cf19e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
f08e0c87b8cf36ef483a9db229b63052

SHA1
10baed51e3d18e0288e9705d8debf46248ef75f5

SHA256
d81add19e434fcb48e57f77d9b42ff163bcb7b35315bcc9e1681b49ba5470ba9

SHA512
218b0648a0badbb1ab4b44b9e2d6a4f227aa4df0580291355fb73c6def79ca25a4d7227788ab35f2241844de11597170b5f7d6a0006aa8015aacbab76b2406bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\python312.dll

Filesize
1.8MB

MD5
f8a73b023a10c10a060bea2b1134050d

SHA1
58ccd5d0f26bc52f4ea5ba2df035661da7d980b4

SHA256
c905061019b513e576ad98585c71f876c4cebd1da51906c6123980e3b33ab5e2

SHA512
fab9a6be342fcbec07093552d59101ef1f0536c87114297154455ff73afb95de30318fd3d33906fffbaa8f3964aa443a8b386cbc7b586d91f1ca05567db98453

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20882\ucrtbase.dll

Filesize
987KB

MD5
ecbf2ce278d058f01aa75034554fe756

SHA1
cd9c3b692e35bf6904afc3a8fc11ff516c342ea9

SHA256
20b6eeb53c3e6c67b11f8d65748fd0252c0b9d80757882a00714bc9e8850766b

SHA512
10e77d7aedf17e7b671224ad0867b3cf2322609471048095b2918a19b913068fec67c08e095875579c8ae95ab01a2390698975043d49ab5a68ab3dcd35786e66

Download Submit
memory/2792-1305-0x000007FEF5EC0000-0x000007FEF6599000-memory.dmp

Filesize
6.8MB

Download