Analysis Overview
SHA256
d8606962465e8c21ade31d09c3193c7438129cc5174e43fff62472cb9c777075
Threat Level: Shows suspicious behavior
The file Diabolic Generator.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Unsigned PE
Detects Pyinstaller
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 21:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 21:49
Reported
2024-05-10 21:51
Platform
win7-20240419-en
Max time kernel
65s
Max time network
17s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\diabolic.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\diabolic.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\diabolic.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\diabolic.exe | N/A |
Loads dropped DLL
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"
C:\Users\Admin\Desktop\diabolic.exe
"C:\Users\Admin\Desktop\diabolic.exe"
C:\Users\Admin\Desktop\diabolic.exe
"C:\Users\Admin\Desktop\diabolic.exe"
C:\Users\Admin\Desktop\diabolic.exe
"C:\Users\Admin\Desktop\diabolic.exe"
C:\Users\Admin\Desktop\diabolic.exe
"C:\Users\Admin\Desktop\diabolic.exe"
Network
Files
\Users\Admin\Desktop\diabolic.exe
| MD5 | 1d868a796ddb538c6dae29530c6cecd5 |
| SHA1 | c72c987ec9e710763b521036ae229ea90f1b5aae |
| SHA256 | b20f4ee8eb36c3ab08e9be6201f151253eb782ab4a6eea5a22f6d5e685339618 |
| SHA512 | 65aa9496c7a63a1b23bee3be5241fb2aedd6cb400d780a21b0dd479bbcaf5aba4a9b49d636d9263fa257dd74a42520c5173229833afae2b8e6c0baa942333837 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\python38.dll
| MD5 | eec355a6e9586f823a4f12bed11e6c80 |
| SHA1 | 33627398cb32f4fbb162f38f7c277ad5b13a99ba |
| SHA256 | 560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f |
| SHA512 | 7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\VCRUNTIME140.dll
| MD5 | 7942be5474a095f673582997ae3054f1 |
| SHA1 | e982f6ebc74d31153ba9738741a7eec03a9fa5e8 |
| SHA256 | 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c |
| SHA512 | 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\base_library.zip
| MD5 | 877f89f4a141da5810ae8df658dae577 |
| SHA1 | df17d4bf2fa8bc3ce9a85f635ee8cfe640cdd3d2 |
| SHA256 | f009edc33aea2ee2dc1e9ed32e27ddda6204c45c87a6f722b883c76eb394555f |
| SHA512 | 988a3daf5df93fe509886c4af86039493667ba83957d41a48615101d3bbcd8b2c319ae59e59cc83a6765f33558e396294f8e9e349f8c21131c0f10a2bad6f212 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\_ctypes.pyd
| MD5 | 4786508ffadc542bd677f45af820fdb9 |
| SHA1 | fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7 |
| SHA256 | 64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e |
| SHA512 | ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\_socket.pyd
| MD5 | bc7b1b0112427976b83911e607213c37 |
| SHA1 | f4c7eb5b46ebe015a13de59f17ca158c01a377f4 |
| SHA256 | 85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc |
| SHA512 | 18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\select.pyd
| MD5 | bb6e9825bd4a98e0700d96b59ec64f68 |
| SHA1 | afd51547dad9cd7fac0efbda76b5e2388a027681 |
| SHA256 | bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac |
| SHA512 | 2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\_bz2.pyd
| MD5 | 712a8dba2916f0261a1290a8e3d85ebf |
| SHA1 | 27dbfa5de547c30c457855594272545dafaeb39d |
| SHA256 | d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82 |
| SHA512 | 662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\_lzma.pyd
| MD5 | fea0e77f594207b8af1d240a16c6650e |
| SHA1 | dd48f108074eade8c0f84916d619bce4a97c07bb |
| SHA256 | d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0 |
| SHA512 | 3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\PIL\_imaging.cp38-win_amd64.pyd
| MD5 | 4bdf10382db4369c5f779bdf68d203ff |
| SHA1 | 5297002ae657d981c1dc9c67231da8371c6e4d6c |
| SHA256 | 334375da85840776cb4f663b6cd09297a6e3281ef43b1186bc61058e7699122a |
| SHA512 | 84afaae2eace1ec6fb50887495e7a08772bf54ca1453f15aa414c67ee94285b339d4e7da348faf5dee9e9a24b4371a9f65f1e5323cf5332c7e50274d4b4c1f58 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\MSVCP140.dll
| MD5 | c1b066f9e3e2f3a6785161a8c7e0346a |
| SHA1 | 8b3b943e79c40bc81fdac1e038a276d034bbe812 |
| SHA256 | 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd |
| SHA512 | 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\PIL\_imagingft.cp38-win_amd64.pyd
| MD5 | b45db71a9739ea4f9de8fc5b1d7eac57 |
| SHA1 | d0e31e671a181f4409644f421679626074580274 |
| SHA256 | d545aad2f89e1748a5178876ce1f058595ebb53694ba375fee9cf2ad2cbf2a88 |
| SHA512 | 3d4eec4befe319ea8245286f992b3a1f79fa67d04d1f5a1bf94bf45e93ef591b878e4188e54cba98c1b32ea96afb33c5b37e5e44543950edab93c80d02995715 |
C:\Users\Admin\Desktop\done\fotos\perso-front.png
| MD5 | c6a11e0f8736dc953c75a43d92de4db2 |
| SHA1 | 43e90cff4c41046efcb8e9571dd26f417c80abea |
| SHA256 | fad9b083eac53c3337e86facfb76af55ed34a40fdd8b964a2f5a67c88f5639ab |
| SHA512 | e879f41d10d10206a1b29120a94999a9551b18798fc7d4e0ff9186c99d0fa5f47878c944a91321f89f87246f768458ff8097ca536889be024173e8e3f275bb44 |
C:\Users\Admin\Desktop\done\proofs\schwarze_unterlage\back_proof.jpg
| MD5 | 23f6e59fc09d12103b1478ed36875a60 |
| SHA1 | 2990be08d0485cba88b22a4b5eb0111d7ff04811 |
| SHA256 | edbf31fd6e880df8cfadb5a965ae9edaf8df56fc5664a461e9d8df008499c8f5 |
| SHA512 | 6a8980ddce9fc032b5b5b7b4ffeba0fb3d7b2e56141779549279628440eb74fd4beded1ed8c08e1316b42b78fd0ef2dd62a2e4840bda2c1707340f2aa6b8a251 |
C:\Users\Admin\Desktop\done\proofs\schwarze_unterlage\front_proof.jpg
| MD5 | 6a66919f0507297db233c8215de7ec01 |
| SHA1 | 8023c10c9eb1de550c43ec1c287c491b347254e6 |
| SHA256 | 270dc30f05e348b51d59a920f6f3cd700fe73b532a43b5ea4517cf920f798361 |
| SHA512 | 726cee0866c9a73dca9958860864b2d88d847c020e9c5343a849466283bd8a5702c37677a9b74700a2e8e65e4a6c73f5f2c54c7bd4db75c43db5de9a4b1370ba |
C:\Users\Admin\Desktop\done\proofs\karton_unterlage\back_proof.jpg
| MD5 | 531e317c1e22e01e0b4d4098c4a69462 |
| SHA1 | 30b47499887cfeef70d1d78d1f0bffcd766eec3d |
| SHA256 | 06b3b72c5d99f69ccf55b86ae1eae3213ad212dc1cbb80697d4e3f5e484bf62f |
| SHA512 | a24228397d20f9ec1a0f8df6e61ab17cbfb3976d65bf61e33d17001f4c0d9c97323102acaeec2f01207e3fbaea6492ae52e76d30e615851ee9c46906bfefb741 |
C:\Users\Admin\Desktop\done\proofs\karton_unterlage\front_proof.jpg
| MD5 | fe55f9666d0f05829c2ddb8ebcfadd4a |
| SHA1 | 3e75c8de0b843552ee52761819db9903f5b45c54 |
| SHA256 | 3b7a186df2e71cffcf23d09cd504319e7e1ea98f6c230934dff709175a975b7f |
| SHA512 | 9eca46c75b5b63de3b005658443b8543249981e93886fa96177f55193c2a2deeb09fb4fed1b8fd5306ba32e2b7b09e8643726463125e0ff22219167ab274dff1 |
C:\Users\Admin\Desktop\done\proofs\stein_unterlage\back_proof.jpg
| MD5 | 806e462756c56f6f556a5c8d0e12647c |
| SHA1 | 6ae473f415c8ba755783d8a18c914059077c4dff |
| SHA256 | eb74763998280779287abb7aaa76be04b96e983ca284c475808545d1fc2fda98 |
| SHA512 | 487bb801ef2c054f9adc80316f42ea1cea5375b0758a4fa69403fce6448f8588a8a5dde96167926b0766f60d4f23043a13e81267e2d44b9819034f20a4e1635f |
C:\Users\Admin\Desktop\done\proofs\stein_unterlage\front_proof.jpg
| MD5 | 1f155fa59d4182a7d0409d8eaaa27a73 |
| SHA1 | 585e9acfbdc720effc4c26093799d39fb65361a6 |
| SHA256 | c430e04ec5b27bf2fae5ecee0b7ec2080c71472f4afffe98469a8450cf990d59 |
| SHA512 | 09da1c3aa6faabcf835da0841f22123b781b4feb62a510d154091bd35714d4cf5731f4e6e47434f4914b4079e5ac6f106755c576a6c28e19b0977e0416d11075 |
C:\Users\Admin\Desktop\done\scans\back_scan.png
| MD5 | 2ed24e1fd433020766ff29a4d6a336c0 |
| SHA1 | 66874ac4a1a46fb620bc5278f755d67ded1e9149 |
| SHA256 | 97a5576f4b098883005d1c47a2f398694dce720f11346422c5c3f636ff56733c |
| SHA512 | adc4543a120e953bf359a43a47bd9f4c9cbcd2c3613a2e7c25913ee5fb3f347bac7a47693010b7da4db1f5d53263aa7d79048474265d62ac7c4426d52704c961 |
C:\Users\Admin\Desktop\done\proofs\tisch_unterlage\back_proof.jpg
| MD5 | 744f4592bbcc07ba9e9c075c4e46124c |
| SHA1 | d3d5c6ab01e71516b41d8c29d6ed4c2a2e1f932e |
| SHA256 | 8ffa80c57ae0e680839c8d2b0c625a7fe4883f64d5b0d067792c026e2103460d |
| SHA512 | 5d47ce43bda45774e7daa5f9fd4bb06c73f20bbd9b845d8f01e0d615e247067accb753020f52f1ff9f208fd8d68892d3fb159e645f319f42c9cc9dc037428fcc |
C:\Users\Admin\Desktop\done\proofs\ordner_unterlage\perso-back.jpg
| MD5 | 51353a66c9690f7945e02e9df772c0d1 |
| SHA1 | 1cbb3ec07f6e3dbbcb9e1c387b9976a2d86f396b |
| SHA256 | 6b8aea8c0a91cb4e8c0074c354c24b6f0046660bddc6c8c880b1312b0985b497 |
| SHA512 | 07b7bba67b2639c2b7251d67c504ba814b42b1315ede81496554465739a1ead8c598986dffe9fbe046e917fcf8e49589a9b653f0312a65322cfffb4d51890ac2 |
C:\Users\Admin\Desktop\done\proofs\ordner_unterlage\perso-front.jpg
| MD5 | 3d2a24d7cd9734205bd5f250f5416b3d |
| SHA1 | 474d1e8bf129458c7c7b73b9833df5a8407bf171 |
| SHA256 | 444fb51792352c91728a94350cf8be39f8152bd0670461bdbe9af6a39aac6bff |
| SHA512 | 3d0d5288b17b18bc31acb9498071b6c0b45dfdbaa9b5a178a3ba00df8e96f7a0a304f292cb50f80a060f766106edd43249504e967c7c42099fc602a6ad04b1cb |
C:\Users\Admin\Desktop\done\proofs\papier_unterlage\back_proof.jpg
| MD5 | 948079511b1bbcad08d8cf553af73105 |
| SHA1 | 4b99fad0afb64248c3068f215de0418b25c766fb |
| SHA256 | 8f59125d8bd22a27b9f1f715f8e9430b3036ca87b7ad0d48e3e006a39d6f0a46 |
| SHA512 | bfb0e7f214c6f7c7803128ec852c0a5a6818bc7bead65728c06d26f0107184107963203d16e45b7e6fcdd6e5cc8ef1a839632ef87e9747b78318e41fe758e3a7 |
C:\Users\Admin\Desktop\done\fotos\perso-back.png
| MD5 | 3a04497de5d93ad6aa38acfad2b00215 |
| SHA1 | bfe9b38ca1c3903ef1497acc6ce5cba90ae943b6 |
| SHA256 | 9f48f1df014bcaa01e5779591afbeb156e001325dd9070716ef303df0d666e5c |
| SHA512 | 8a09681d20ef7aa222e471fd12ff76bc9c1fb5c10810a40e60283923b51d23950c93958472821b805926bca2f6404dfa5e800175f9dcd6a3cf2312f279cb81c1 |
C:\Users\Admin\Desktop\done\scans\front_scan.png
| MD5 | 6892dcf9cbecf6c9d00d51a437185f5e |
| SHA1 | 1eff690586bb53db10f54d21876fc28d9b1e714b |
| SHA256 | bd92378e6a563dbc566bf8ca4cd771b85273518dc0c2f5d3d18d5200e4d94d81 |
| SHA512 | ae097bf53c1ec6996a6504973dca4951f49c14dceb841a92b1a0e887e6574e6529e4d6de2ae87b0f21444599329d52e96d6e46ef948b6a60fece39114912f8b1 |
C:\Users\Admin\Desktop\done\proofs\papier_unterlage\front_proof.jpg
| MD5 | 8a108d71cd8d0535a3f804c89cbc46e8 |
| SHA1 | eb5d94080b58642cb40ac8a8b4e97f838d1ba8c6 |
| SHA256 | 8281e94263ff2fce03bf62ca0a4a8306337f12ef205e1f579495ac88dc7425b0 |
| SHA512 | c2bf1d0cd445604f7074a63beeef90680010505ebccb93543606b295aa00203f42665e6799b424677b54be131d5e33b8ab90cf5dcec0c3573953b604c546644b |
C:\Users\Admin\Desktop\done\proofs\tisch_unterlage\front_proof.jpg
| MD5 | 29a0786f1e9cbeebfd6e1e331236c4ba |
| SHA1 | 4fbf541630aa936e378bc86bd05bac57d1fbcff0 |
| SHA256 | 34cb81cf8b1bb2583f3f06bbd36c6d12a0045cef3ecd52df20797a9cc08a6260 |
| SHA512 | 120adb14edc1ed86571f0414efa6ebc44e1f21d3d7cad52aa0c51918c1285127a59f9f827911a9b0fc505957038e5923649ed4b81ccd845aae10c692838da5f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI22402\_decimal.pyd
| MD5 | 64f63438e6d05ddbbff020bb517326aa |
| SHA1 | 1a902846832889e23cd1b98785b9a85709489a30 |
| SHA256 | c2241fc45e94e2950c7bceaa097c3fafbc0e8e764bf2869ea5e27ebf4829a619 |
| SHA512 | e3e801b35350366973464af4ee0490fd4efff2814f7b34094e23df8bfb9a67f1c6ef2e6a628606226dce956b11d43d73924ab0787ca05b56dfb7ad3beff3555a |
C:\Users\Admin\Desktop\other\custom_passfoto\foto_11.png
| MD5 | fe62027ae2696e4edec40011d6c9f9f6 |
| SHA1 | fbeda7ded9016773f73202e9b80a0481c6b2c1e1 |
| SHA256 | 38a249d51b28dbcc3c16193eb705ec5717e5225cdfb8de9c341fdcfeb5c03e49 |
| SHA512 | 41a4370993ca381419b70bdd4f7ba57fcd62096f95db08d85a970fcaa84052c5dfb9154aea742896690fa31f9f1cbba3b2d9f2d4c915b712e043a1aa1fa670e8 |
C:\Users\Admin\Desktop\other\raw\raw_front_holo.png
| MD5 | d0fb8a61414c06f4832e0dba7fb1cc15 |
| SHA1 | aee2da91997cc7906e5b730f697b66dd8109ba27 |
| SHA256 | d79f5dcd51de2ba6e0af301d43acfc6da08fde8fcf1ae9f56024462389dfd1dc |
| SHA512 | 960f8444002c671d5edba19e14a45f1d6e5d99c26f71d29123ef6a4a5639303c36699a21d24df4a157934a0a63f25326f8c03d0636ee769a748b3e402059391c |
C:\Users\Admin\Desktop\config\config.txt
| MD5 | b58b8a5163c6f8dced78b3f7ca00472f |
| SHA1 | 95b975403610b954a3787cca97b0b68652f2f319 |
| SHA256 | 2dcab3d2940b72432fa51a5fc64d4b1ae4b3f04f1bd39c0e6dc0507fa500f61a |
| SHA512 | 816d6e34b92b4b101fa822cebb9162c4b77ec6fe29ab0c58006813c3ad6ddb2916533e2f797b0c47d860985a998bbea9e31b5b5d54a4897bb574c50c4a043990 |
C:\Users\Admin\Desktop\other\raw\overlap.png
| MD5 | da2f0a5603a0c4d7e410191eb9a36a54 |
| SHA1 | a28aead33e410f8031de3904291742eadfe0d1b2 |
| SHA256 | b58775beea180130b705d2a37286d2f28ce43d19a695c9353659fb553f9ac239 |
| SHA512 | 1e1a45711b5a92bced17ee13965ae79d02bfbdc8cae2db9decf5ed1eac22d17df2bbe607abed1bdae3a92556ffd9c8c7d72729c37b0f69b1df08fcac1bec3180 |
C:\Users\Admin\Desktop\other\fonts\signature3.ttf
| MD5 | 3b06d971eee4af0e700f9b479a0e7a64 |
| SHA1 | d8e3e3bac6a1e434c65d089e5c22cd9badccbdaa |
| SHA256 | 57a4db4252fa6cf2087174ede8f31e2f6a6d20201e1897306e5f24b986c89f9b |
| SHA512 | ef783e15eef0ea60beaa1f4be23c37a9e414eecdcb647764dabf7216f0d8d5bfb81c9c982a4cafc6c906018629115fa950371a398ea90f4488c35e93aff7eac5 |
C:\Users\Admin\Desktop\other\fonts\Ocrb.ttf
| MD5 | 8537d6f7f34e9e3e62ff447282905227 |
| SHA1 | 7079d6ded57e56895472ab419de1977920a48902 |
| SHA256 | af5138f1fec1d4b8d8e5f5e62617b26d04392cde5501eb9f17e5b7ff31b2d3f1 |
| SHA512 | aae757614eba0404c169955c3b2255baae0e5f9e7c23607485cddd1ddbf4ad7567b02fa63fcca673e90c3b7e0ab2d3a6bf676f065a5ff01f775015bbfdb5748c |
C:\Users\Admin\Desktop\other\fonts\OcrB2.ttf
| MD5 | af1ab953d5a17d3b8c1502a8a171c5f7 |
| SHA1 | 14ffc3495fad44c14bdf0da36dad4571c6ad562a |
| SHA256 | 7ad4aa4e7ae1a21a4795d1badde3f6fce0bfd1131417e43c1324896889f67089 |
| SHA512 | 19ba54e772bcc925bfb38564fde1612413aa8641183d7021e141476a3a2ad7e2d1bda82061291df6fd370b615e9da5ed006dd25bab88d9322be8abc6bdebe5a9 |
C:\Users\Admin\Desktop\other\fonts\ocrbb.ttf
| MD5 | fc3b8143000f0e6f34aeb41dd1d410ba |
| SHA1 | e2c31dec3ab043bcb052f52cf75e40f6582830dc |
| SHA256 | 0def887850db9ae5796dc66064185f1c435a1465ddf420efe145751eff8f1bf1 |
| SHA512 | 994d4e4ba821caff75826093fe9cdb08b5ad958617016aa2c8aa4efa826712cb69ff6fa1b1bd475f1c05c1d0e02d6bf13e9509331997d92ce5cfef3d508f7f7c |
C:\Users\Admin\Desktop\other\fonts\saxmono.ttf
| MD5 | 6a2c1ed911eb2e29268c60eb27eac92c |
| SHA1 | 139352943dcc0f0b2033f50468ed9c47442834ce |
| SHA256 | dc91e53afbce578a64953c3599613603e0590bbf4d5fa9818d3ca378488dbc04 |
| SHA512 | 553b98e4cca9f41a823f75aaf1eee184dd5629cf9c48dcbce1c548439af1a19579d7fca181d6e544920268942664a2f5a5e06dbd773c74b9fc322970cc80f0c7 |
C:\Users\Admin\Desktop\done\fotos\perso-front.png
| MD5 | 06d54faa1cbe7d861d92b7ba00fe19cc |
| SHA1 | 46a7b342906d3bc6650a1b04307db2e75447b287 |
| SHA256 | 2bf87893b56976e33c63d2b7cae5177e6a819c3068eda9bf6c12f3682c525c00 |
| SHA512 | 1e1334752a31347bbead0a00274c5450b4577b7915d1b4899bf6565b698f1ead2418acba2828afedf09fbaa358e6e5f2f05d20d2b2036159ea8175db1026e114 |
C:\Users\Admin\Desktop\done\proofs\papier_unterlage\front_proof.jpg
| MD5 | b289075bf4b40c64423b6a6276f13490 |
| SHA1 | 734b4504753c6fe7f81b6727e4eb8980e891c290 |
| SHA256 | 965b6cea7bdf36c0647dcfe720917fc09231f6dfcc8d177d32dec9ef3419f5b9 |
| SHA512 | 2d845f9d89e354413578c1cc4320649608e3355d2cf89c31c1b89cdb9933bef642fbd6f2ed9426715c60a9c6f63c90323d283e0a7bb6ac6b3cbdb31ab5852103 |
C:\Users\Admin\Desktop\done\fotos\perso-back.png
| MD5 | 0a98220398a6b2c3aa44131e991ed853 |
| SHA1 | f65d1bdd1c2c2a10740618c20cccc9634dc978f6 |
| SHA256 | 50ae3005a75ea63d20d15f915e6becd6f03e55038173a06e7585db5cab9179e5 |
| SHA512 | ec59f0bf757b806f2bd3d87eda3cab6e83661427f6803707653e9a92987f2f8a65321f2bcccbb38af627e9e418d3db4010e9ec3e9c5032e74d277175d200c439 |
C:\Users\Admin\Desktop\done\proofs\karton_unterlage\front_proof.jpg
| MD5 | ab02de7eb87c63c3e40adaf1654fc834 |
| SHA1 | 0dd98291df08b10ba2eac217d19cde4a9fcadaa4 |
| SHA256 | 6163c1aab3f09de314f975b4dbebab40e573020f76108e964aea589633557ca0 |
| SHA512 | 89f8ff07e99f3d03ce9d1fee670558f1870eb4b36a1e4896a543b78856fbc2f88161d4aa7d91a3f3420c3665ff61a126cb6959b8daafb9699f3b89b914cedf92 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 21:49
Reported
2024-05-10 21:56
Platform
win10v2004-20240508-en
Max time kernel
321s
Max time network
328s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3327415b6daa497d9f9f578fc8654dce /t 3456 /p 3240
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |