Overview

overview

8

Static

static

3

ExInjector...v4.zip

windows7-x64

1

ExInjector...v4.zip

windows10-2004-x64

1

ExInjector...er.exe

windows7-x64

7

ExInjector...er.exe

windows10-2004-x64

8

exxexexex.pyc

windows7-x64

3

exxexexex.pyc

windows10-2004-x64

3

ExInjector...V4.exe

windows7-x64

7

ExInjector...V4.exe

windows10-2004-x64

8

exxexexex.pyc

windows7-x64

3

exxexexex.pyc

windows10-2004-x64

3

ExInjector...me.txt

windows7-x64

1

ExInjector...me.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 13:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ExInjector Beta v4/AutoUpdater.exe

  • Size

    40.4MB

  • MD5

    b5376b0ac908c1ff23f00ba4b4823f87

  • SHA1

    89f270e1404a76594b0780d70a7ab9491b1e0de3

  • SHA256

    6957aa3b521d1ddcc4a512e2fe7aa93eabf58e9a53a4acd4866c4930a881de28

  • SHA512

    49c1704611beec9469cb47c74fa285404afe33b442a2aa64dd0a4efdb5bc2cf523096d1fca9044f81d7e9ea8488f7ee8b9f3b7d015aee1bec4167bf69d555d40

  • SSDEEP

    393216:zWvz+q3V1VUIC3L+9qz8GvD7fEU2IGY/Vt1Wom6:Sz+q37/O+9q4GL7fEvILpm6

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExInjector Beta v4\AutoUpdater.exe
    "C:\Users\Admin\AppData\Local\Temp\ExInjector Beta v4\AutoUpdater.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Users\Admin\AppData\Local\Temp\ExInjector Beta v4\AutoUpdater.exe
      "C:\Users\Admin\AppData\Local\Temp\ExInjector Beta v4\AutoUpdater.exe"
      2⤵
      • Loads dropped DLL
      PID:3060
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:488

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI16282\python312.dll
            Filesize

            1.7MB

            MD5

            86d9b8b15b0340d6ec235e980c05c3be

            SHA1

            a03bdd45215a0381dcb3b22408dbc1f564661c73

            SHA256

            12dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6

            SHA512

            d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2

            Download Submit

          • memory/3060-90-0x000007FEF5D70000-0x000007FEF6440000-memory.dmp

            Filesize

            6.8MB

            Download