73900925ee9112ef06e6d7420721d43dfbc8af69b194cb55fe005340486480f1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trolled.exe
Size

17.8MB
MD5

50074e3dbb379ccd08a00575fabc832e
SHA1

ce90a4d4d0019b3e0fed99b2b625d43403448080
SHA256

73900925ee9112ef06e6d7420721d43dfbc8af69b194cb55fe005340486480f1
SHA512

bd0c267838ede00f865a23b55d9990c970093ccc90b053145cb5ee1ace7e4dd8c29531e907b8a45e587f1aa53df42792d273ae569bc63bf729b8b87d89d24871
SSDEEP

393216:Jo9DmLFmQdXGm1/h2Jp5Mg5Fqy4gsENZpNV0vRJu1np:+98FmQd/hSGvEDV0JE

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

trolled.exe

pid process

564 trolled.exe
564 trolled.exe
564 trolled.exe
564 trolled.exe
564 trolled.exe
564 trolled.exe
564 trolled.exe

pid	process
564	trolled.exe
564	trolled.exe
564	trolled.exe
564	trolled.exe
564	trolled.exe
564	trolled.exe
564	trolled.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI3082\python310.dll	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

trolled.exe

pid process

564 trolled.exe

pid	process
564	trolled.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

trolled.exe

description	pid	process	target process
PID 308 wrote to memory of 564	308	trolled.exe	trolled.exe
PID 308 wrote to memory of 564	308	trolled.exe	trolled.exe
PID 308 wrote to memory of 564	308	trolled.exe	trolled.exe

C:\Users\Admin\AppData\Local\Temp\trolled.exe
"C:\Users\Admin\AppData\Local\Temp\trolled.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:308

C:\Users\Admin\AppData\Local\Temp\trolled.exe
"C:\Users\Admin\AppData\Local\Temp\trolled.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:564

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI3082\python310.dll
Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3082\ucrtbase.dll
Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3082\api-ms-win-core-file-l1-2-0.dll
Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3082\api-ms-win-core-file-l2-1-0.dll
Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3082\api-ms-win-core-localization-l1-2-0.dll
Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3082\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3082\api-ms-win-core-timezone-l1-1-0.dll
Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
memory/564-155-0x000007FEF6080000-0x000007FEF64EE000-memory.dmp

Filesize
4.4MB

Download
memory/564-156-0x000007FEF6080000-0x000007FEF64EE000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads