Malware Analysis Report

2025-05-05 21:17

Sample ID 240510-1pg7jsbe6w
Target Diabolic Generator.exe
SHA256 d8606962465e8c21ade31d09c3193c7438129cc5174e43fff62472cb9c777075
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d8606962465e8c21ade31d09c3193c7438129cc5174e43fff62472cb9c777075

Threat Level: Shows suspicious behavior

The file Diabolic Generator.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 21:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 21:49

Reported

2024-05-10 21:51

Platform

win7-20240419-en

Max time kernel

65s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\diabolic.exe N/A
N/A N/A C:\Users\Admin\Desktop\diabolic.exe N/A
N/A N/A C:\Users\Admin\Desktop\diabolic.exe N/A
N/A N/A C:\Users\Admin\Desktop\diabolic.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe

"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"

C:\Users\Admin\Desktop\diabolic.exe

"C:\Users\Admin\Desktop\diabolic.exe"

C:\Users\Admin\Desktop\diabolic.exe

"C:\Users\Admin\Desktop\diabolic.exe"

C:\Users\Admin\Desktop\diabolic.exe

"C:\Users\Admin\Desktop\diabolic.exe"

C:\Users\Admin\Desktop\diabolic.exe

"C:\Users\Admin\Desktop\diabolic.exe"

Network

N/A

Files

\Users\Admin\Desktop\diabolic.exe

MD5 1d868a796ddb538c6dae29530c6cecd5
SHA1 c72c987ec9e710763b521036ae229ea90f1b5aae
SHA256 b20f4ee8eb36c3ab08e9be6201f151253eb782ab4a6eea5a22f6d5e685339618
SHA512 65aa9496c7a63a1b23bee3be5241fb2aedd6cb400d780a21b0dd479bbcaf5aba4a9b49d636d9263fa257dd74a42520c5173229833afae2b8e6c0baa942333837

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python38.dll

MD5 eec355a6e9586f823a4f12bed11e6c80
SHA1 33627398cb32f4fbb162f38f7c277ad5b13a99ba
SHA256 560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f
SHA512 7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

C:\Users\Admin\AppData\Local\Temp\_MEI22402\VCRUNTIME140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

C:\Users\Admin\AppData\Local\Temp\_MEI22402\base_library.zip

MD5 877f89f4a141da5810ae8df658dae577
SHA1 df17d4bf2fa8bc3ce9a85f635ee8cfe640cdd3d2
SHA256 f009edc33aea2ee2dc1e9ed32e27ddda6204c45c87a6f722b883c76eb394555f
SHA512 988a3daf5df93fe509886c4af86039493667ba83957d41a48615101d3bbcd8b2c319ae59e59cc83a6765f33558e396294f8e9e349f8c21131c0f10a2bad6f212

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_ctypes.pyd

MD5 4786508ffadc542bd677f45af820fdb9
SHA1 fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7
SHA256 64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e
SHA512 ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

C:\Users\Admin\AppData\Local\Temp\_MEI22402\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_socket.pyd

MD5 bc7b1b0112427976b83911e607213c37
SHA1 f4c7eb5b46ebe015a13de59f17ca158c01a377f4
SHA256 85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc
SHA512 18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040

C:\Users\Admin\AppData\Local\Temp\_MEI22402\select.pyd

MD5 bb6e9825bd4a98e0700d96b59ec64f68
SHA1 afd51547dad9cd7fac0efbda76b5e2388a027681
SHA256 bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac
SHA512 2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_bz2.pyd

MD5 712a8dba2916f0261a1290a8e3d85ebf
SHA1 27dbfa5de547c30c457855594272545dafaeb39d
SHA256 d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82
SHA512 662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_lzma.pyd

MD5 fea0e77f594207b8af1d240a16c6650e
SHA1 dd48f108074eade8c0f84916d619bce4a97c07bb
SHA256 d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0
SHA512 3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff

C:\Users\Admin\AppData\Local\Temp\_MEI22402\PIL\_imaging.cp38-win_amd64.pyd

MD5 4bdf10382db4369c5f779bdf68d203ff
SHA1 5297002ae657d981c1dc9c67231da8371c6e4d6c
SHA256 334375da85840776cb4f663b6cd09297a6e3281ef43b1186bc61058e7699122a
SHA512 84afaae2eace1ec6fb50887495e7a08772bf54ca1453f15aa414c67ee94285b339d4e7da348faf5dee9e9a24b4371a9f65f1e5323cf5332c7e50274d4b4c1f58

C:\Users\Admin\AppData\Local\Temp\_MEI22402\MSVCP140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Users\Admin\AppData\Local\Temp\_MEI22402\PIL\_imagingft.cp38-win_amd64.pyd

MD5 b45db71a9739ea4f9de8fc5b1d7eac57
SHA1 d0e31e671a181f4409644f421679626074580274
SHA256 d545aad2f89e1748a5178876ce1f058595ebb53694ba375fee9cf2ad2cbf2a88
SHA512 3d4eec4befe319ea8245286f992b3a1f79fa67d04d1f5a1bf94bf45e93ef591b878e4188e54cba98c1b32ea96afb33c5b37e5e44543950edab93c80d02995715

C:\Users\Admin\Desktop\done\fotos\perso-front.png

MD5 c6a11e0f8736dc953c75a43d92de4db2
SHA1 43e90cff4c41046efcb8e9571dd26f417c80abea
SHA256 fad9b083eac53c3337e86facfb76af55ed34a40fdd8b964a2f5a67c88f5639ab
SHA512 e879f41d10d10206a1b29120a94999a9551b18798fc7d4e0ff9186c99d0fa5f47878c944a91321f89f87246f768458ff8097ca536889be024173e8e3f275bb44

C:\Users\Admin\Desktop\done\proofs\schwarze_unterlage\back_proof.jpg

MD5 23f6e59fc09d12103b1478ed36875a60
SHA1 2990be08d0485cba88b22a4b5eb0111d7ff04811
SHA256 edbf31fd6e880df8cfadb5a965ae9edaf8df56fc5664a461e9d8df008499c8f5
SHA512 6a8980ddce9fc032b5b5b7b4ffeba0fb3d7b2e56141779549279628440eb74fd4beded1ed8c08e1316b42b78fd0ef2dd62a2e4840bda2c1707340f2aa6b8a251

C:\Users\Admin\Desktop\done\proofs\schwarze_unterlage\front_proof.jpg

MD5 6a66919f0507297db233c8215de7ec01
SHA1 8023c10c9eb1de550c43ec1c287c491b347254e6
SHA256 270dc30f05e348b51d59a920f6f3cd700fe73b532a43b5ea4517cf920f798361
SHA512 726cee0866c9a73dca9958860864b2d88d847c020e9c5343a849466283bd8a5702c37677a9b74700a2e8e65e4a6c73f5f2c54c7bd4db75c43db5de9a4b1370ba

C:\Users\Admin\Desktop\done\proofs\karton_unterlage\back_proof.jpg

MD5 531e317c1e22e01e0b4d4098c4a69462
SHA1 30b47499887cfeef70d1d78d1f0bffcd766eec3d
SHA256 06b3b72c5d99f69ccf55b86ae1eae3213ad212dc1cbb80697d4e3f5e484bf62f
SHA512 a24228397d20f9ec1a0f8df6e61ab17cbfb3976d65bf61e33d17001f4c0d9c97323102acaeec2f01207e3fbaea6492ae52e76d30e615851ee9c46906bfefb741

C:\Users\Admin\Desktop\done\proofs\karton_unterlage\front_proof.jpg

MD5 fe55f9666d0f05829c2ddb8ebcfadd4a
SHA1 3e75c8de0b843552ee52761819db9903f5b45c54
SHA256 3b7a186df2e71cffcf23d09cd504319e7e1ea98f6c230934dff709175a975b7f
SHA512 9eca46c75b5b63de3b005658443b8543249981e93886fa96177f55193c2a2deeb09fb4fed1b8fd5306ba32e2b7b09e8643726463125e0ff22219167ab274dff1

C:\Users\Admin\Desktop\done\proofs\stein_unterlage\back_proof.jpg

MD5 806e462756c56f6f556a5c8d0e12647c
SHA1 6ae473f415c8ba755783d8a18c914059077c4dff
SHA256 eb74763998280779287abb7aaa76be04b96e983ca284c475808545d1fc2fda98
SHA512 487bb801ef2c054f9adc80316f42ea1cea5375b0758a4fa69403fce6448f8588a8a5dde96167926b0766f60d4f23043a13e81267e2d44b9819034f20a4e1635f

C:\Users\Admin\Desktop\done\proofs\stein_unterlage\front_proof.jpg

MD5 1f155fa59d4182a7d0409d8eaaa27a73
SHA1 585e9acfbdc720effc4c26093799d39fb65361a6
SHA256 c430e04ec5b27bf2fae5ecee0b7ec2080c71472f4afffe98469a8450cf990d59
SHA512 09da1c3aa6faabcf835da0841f22123b781b4feb62a510d154091bd35714d4cf5731f4e6e47434f4914b4079e5ac6f106755c576a6c28e19b0977e0416d11075

C:\Users\Admin\Desktop\done\scans\back_scan.png

MD5 2ed24e1fd433020766ff29a4d6a336c0
SHA1 66874ac4a1a46fb620bc5278f755d67ded1e9149
SHA256 97a5576f4b098883005d1c47a2f398694dce720f11346422c5c3f636ff56733c
SHA512 adc4543a120e953bf359a43a47bd9f4c9cbcd2c3613a2e7c25913ee5fb3f347bac7a47693010b7da4db1f5d53263aa7d79048474265d62ac7c4426d52704c961

C:\Users\Admin\Desktop\done\proofs\tisch_unterlage\back_proof.jpg

MD5 744f4592bbcc07ba9e9c075c4e46124c
SHA1 d3d5c6ab01e71516b41d8c29d6ed4c2a2e1f932e
SHA256 8ffa80c57ae0e680839c8d2b0c625a7fe4883f64d5b0d067792c026e2103460d
SHA512 5d47ce43bda45774e7daa5f9fd4bb06c73f20bbd9b845d8f01e0d615e247067accb753020f52f1ff9f208fd8d68892d3fb159e645f319f42c9cc9dc037428fcc

C:\Users\Admin\Desktop\done\proofs\ordner_unterlage\perso-back.jpg

MD5 51353a66c9690f7945e02e9df772c0d1
SHA1 1cbb3ec07f6e3dbbcb9e1c387b9976a2d86f396b
SHA256 6b8aea8c0a91cb4e8c0074c354c24b6f0046660bddc6c8c880b1312b0985b497
SHA512 07b7bba67b2639c2b7251d67c504ba814b42b1315ede81496554465739a1ead8c598986dffe9fbe046e917fcf8e49589a9b653f0312a65322cfffb4d51890ac2

C:\Users\Admin\Desktop\done\proofs\ordner_unterlage\perso-front.jpg

MD5 3d2a24d7cd9734205bd5f250f5416b3d
SHA1 474d1e8bf129458c7c7b73b9833df5a8407bf171
SHA256 444fb51792352c91728a94350cf8be39f8152bd0670461bdbe9af6a39aac6bff
SHA512 3d0d5288b17b18bc31acb9498071b6c0b45dfdbaa9b5a178a3ba00df8e96f7a0a304f292cb50f80a060f766106edd43249504e967c7c42099fc602a6ad04b1cb

C:\Users\Admin\Desktop\done\proofs\papier_unterlage\back_proof.jpg

MD5 948079511b1bbcad08d8cf553af73105
SHA1 4b99fad0afb64248c3068f215de0418b25c766fb
SHA256 8f59125d8bd22a27b9f1f715f8e9430b3036ca87b7ad0d48e3e006a39d6f0a46
SHA512 bfb0e7f214c6f7c7803128ec852c0a5a6818bc7bead65728c06d26f0107184107963203d16e45b7e6fcdd6e5cc8ef1a839632ef87e9747b78318e41fe758e3a7

C:\Users\Admin\Desktop\done\fotos\perso-back.png

MD5 3a04497de5d93ad6aa38acfad2b00215
SHA1 bfe9b38ca1c3903ef1497acc6ce5cba90ae943b6
SHA256 9f48f1df014bcaa01e5779591afbeb156e001325dd9070716ef303df0d666e5c
SHA512 8a09681d20ef7aa222e471fd12ff76bc9c1fb5c10810a40e60283923b51d23950c93958472821b805926bca2f6404dfa5e800175f9dcd6a3cf2312f279cb81c1

C:\Users\Admin\Desktop\done\scans\front_scan.png

MD5 6892dcf9cbecf6c9d00d51a437185f5e
SHA1 1eff690586bb53db10f54d21876fc28d9b1e714b
SHA256 bd92378e6a563dbc566bf8ca4cd771b85273518dc0c2f5d3d18d5200e4d94d81
SHA512 ae097bf53c1ec6996a6504973dca4951f49c14dceb841a92b1a0e887e6574e6529e4d6de2ae87b0f21444599329d52e96d6e46ef948b6a60fece39114912f8b1

C:\Users\Admin\Desktop\done\proofs\papier_unterlage\front_proof.jpg

MD5 8a108d71cd8d0535a3f804c89cbc46e8
SHA1 eb5d94080b58642cb40ac8a8b4e97f838d1ba8c6
SHA256 8281e94263ff2fce03bf62ca0a4a8306337f12ef205e1f579495ac88dc7425b0
SHA512 c2bf1d0cd445604f7074a63beeef90680010505ebccb93543606b295aa00203f42665e6799b424677b54be131d5e33b8ab90cf5dcec0c3573953b604c546644b

C:\Users\Admin\Desktop\done\proofs\tisch_unterlage\front_proof.jpg

MD5 29a0786f1e9cbeebfd6e1e331236c4ba
SHA1 4fbf541630aa936e378bc86bd05bac57d1fbcff0
SHA256 34cb81cf8b1bb2583f3f06bbd36c6d12a0045cef3ecd52df20797a9cc08a6260
SHA512 120adb14edc1ed86571f0414efa6ebc44e1f21d3d7cad52aa0c51918c1285127a59f9f827911a9b0fc505957038e5923649ed4b81ccd845aae10c692838da5f0

C:\Users\Admin\AppData\Local\Temp\_MEI22402\_decimal.pyd

MD5 64f63438e6d05ddbbff020bb517326aa
SHA1 1a902846832889e23cd1b98785b9a85709489a30
SHA256 c2241fc45e94e2950c7bceaa097c3fafbc0e8e764bf2869ea5e27ebf4829a619
SHA512 e3e801b35350366973464af4ee0490fd4efff2814f7b34094e23df8bfb9a67f1c6ef2e6a628606226dce956b11d43d73924ab0787ca05b56dfb7ad3beff3555a

C:\Users\Admin\Desktop\other\custom_passfoto\foto_11.png

MD5 fe62027ae2696e4edec40011d6c9f9f6
SHA1 fbeda7ded9016773f73202e9b80a0481c6b2c1e1
SHA256 38a249d51b28dbcc3c16193eb705ec5717e5225cdfb8de9c341fdcfeb5c03e49
SHA512 41a4370993ca381419b70bdd4f7ba57fcd62096f95db08d85a970fcaa84052c5dfb9154aea742896690fa31f9f1cbba3b2d9f2d4c915b712e043a1aa1fa670e8

C:\Users\Admin\Desktop\other\raw\raw_front_holo.png

MD5 d0fb8a61414c06f4832e0dba7fb1cc15
SHA1 aee2da91997cc7906e5b730f697b66dd8109ba27
SHA256 d79f5dcd51de2ba6e0af301d43acfc6da08fde8fcf1ae9f56024462389dfd1dc
SHA512 960f8444002c671d5edba19e14a45f1d6e5d99c26f71d29123ef6a4a5639303c36699a21d24df4a157934a0a63f25326f8c03d0636ee769a748b3e402059391c

C:\Users\Admin\Desktop\config\config.txt

MD5 b58b8a5163c6f8dced78b3f7ca00472f
SHA1 95b975403610b954a3787cca97b0b68652f2f319
SHA256 2dcab3d2940b72432fa51a5fc64d4b1ae4b3f04f1bd39c0e6dc0507fa500f61a
SHA512 816d6e34b92b4b101fa822cebb9162c4b77ec6fe29ab0c58006813c3ad6ddb2916533e2f797b0c47d860985a998bbea9e31b5b5d54a4897bb574c50c4a043990

C:\Users\Admin\Desktop\other\raw\overlap.png

MD5 da2f0a5603a0c4d7e410191eb9a36a54
SHA1 a28aead33e410f8031de3904291742eadfe0d1b2
SHA256 b58775beea180130b705d2a37286d2f28ce43d19a695c9353659fb553f9ac239
SHA512 1e1a45711b5a92bced17ee13965ae79d02bfbdc8cae2db9decf5ed1eac22d17df2bbe607abed1bdae3a92556ffd9c8c7d72729c37b0f69b1df08fcac1bec3180

C:\Users\Admin\Desktop\other\fonts\signature3.ttf

MD5 3b06d971eee4af0e700f9b479a0e7a64
SHA1 d8e3e3bac6a1e434c65d089e5c22cd9badccbdaa
SHA256 57a4db4252fa6cf2087174ede8f31e2f6a6d20201e1897306e5f24b986c89f9b
SHA512 ef783e15eef0ea60beaa1f4be23c37a9e414eecdcb647764dabf7216f0d8d5bfb81c9c982a4cafc6c906018629115fa950371a398ea90f4488c35e93aff7eac5

C:\Users\Admin\Desktop\other\fonts\Ocrb.ttf

MD5 8537d6f7f34e9e3e62ff447282905227
SHA1 7079d6ded57e56895472ab419de1977920a48902
SHA256 af5138f1fec1d4b8d8e5f5e62617b26d04392cde5501eb9f17e5b7ff31b2d3f1
SHA512 aae757614eba0404c169955c3b2255baae0e5f9e7c23607485cddd1ddbf4ad7567b02fa63fcca673e90c3b7e0ab2d3a6bf676f065a5ff01f775015bbfdb5748c

C:\Users\Admin\Desktop\other\fonts\OcrB2.ttf

MD5 af1ab953d5a17d3b8c1502a8a171c5f7
SHA1 14ffc3495fad44c14bdf0da36dad4571c6ad562a
SHA256 7ad4aa4e7ae1a21a4795d1badde3f6fce0bfd1131417e43c1324896889f67089
SHA512 19ba54e772bcc925bfb38564fde1612413aa8641183d7021e141476a3a2ad7e2d1bda82061291df6fd370b615e9da5ed006dd25bab88d9322be8abc6bdebe5a9

C:\Users\Admin\Desktop\other\fonts\ocrbb.ttf

MD5 fc3b8143000f0e6f34aeb41dd1d410ba
SHA1 e2c31dec3ab043bcb052f52cf75e40f6582830dc
SHA256 0def887850db9ae5796dc66064185f1c435a1465ddf420efe145751eff8f1bf1
SHA512 994d4e4ba821caff75826093fe9cdb08b5ad958617016aa2c8aa4efa826712cb69ff6fa1b1bd475f1c05c1d0e02d6bf13e9509331997d92ce5cfef3d508f7f7c

C:\Users\Admin\Desktop\other\fonts\saxmono.ttf

MD5 6a2c1ed911eb2e29268c60eb27eac92c
SHA1 139352943dcc0f0b2033f50468ed9c47442834ce
SHA256 dc91e53afbce578a64953c3599613603e0590bbf4d5fa9818d3ca378488dbc04
SHA512 553b98e4cca9f41a823f75aaf1eee184dd5629cf9c48dcbce1c548439af1a19579d7fca181d6e544920268942664a2f5a5e06dbd773c74b9fc322970cc80f0c7

C:\Users\Admin\Desktop\done\fotos\perso-front.png

MD5 06d54faa1cbe7d861d92b7ba00fe19cc
SHA1 46a7b342906d3bc6650a1b04307db2e75447b287
SHA256 2bf87893b56976e33c63d2b7cae5177e6a819c3068eda9bf6c12f3682c525c00
SHA512 1e1334752a31347bbead0a00274c5450b4577b7915d1b4899bf6565b698f1ead2418acba2828afedf09fbaa358e6e5f2f05d20d2b2036159ea8175db1026e114

C:\Users\Admin\Desktop\done\proofs\papier_unterlage\front_proof.jpg

MD5 b289075bf4b40c64423b6a6276f13490
SHA1 734b4504753c6fe7f81b6727e4eb8980e891c290
SHA256 965b6cea7bdf36c0647dcfe720917fc09231f6dfcc8d177d32dec9ef3419f5b9
SHA512 2d845f9d89e354413578c1cc4320649608e3355d2cf89c31c1b89cdb9933bef642fbd6f2ed9426715c60a9c6f63c90323d283e0a7bb6ac6b3cbdb31ab5852103

C:\Users\Admin\Desktop\done\fotos\perso-back.png

MD5 0a98220398a6b2c3aa44131e991ed853
SHA1 f65d1bdd1c2c2a10740618c20cccc9634dc978f6
SHA256 50ae3005a75ea63d20d15f915e6becd6f03e55038173a06e7585db5cab9179e5
SHA512 ec59f0bf757b806f2bd3d87eda3cab6e83661427f6803707653e9a92987f2f8a65321f2bcccbb38af627e9e418d3db4010e9ec3e9c5032e74d277175d200c439

C:\Users\Admin\Desktop\done\proofs\karton_unterlage\front_proof.jpg

MD5 ab02de7eb87c63c3e40adaf1654fc834
SHA1 0dd98291df08b10ba2eac217d19cde4a9fcadaa4
SHA256 6163c1aab3f09de314f975b4dbebab40e573020f76108e964aea589633557ca0
SHA512 89f8ff07e99f3d03ce9d1fee670558f1870eb4b36a1e4896a543b78856fbc2f88161d4aa7d91a3f3420c3665ff61a126cb6959b8daafb9699f3b89b914cedf92

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 21:49

Reported

2024-05-10 21:56

Platform

win10v2004-20240508-en

Max time kernel

321s

Max time network

328s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe

"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\3327415b6daa497d9f9f578fc8654dce /t 3456 /p 3240

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe

"C:\Users\Admin\AppData\Local\Temp\Diabolic Generator.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A