Analysis Overview
SHA256
b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c
Threat Level: Shows suspicious behavior
The file b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-09 07:36
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 07:36
Reported
2024-06-09 07:39
Platform
win7-20240419-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c.exe
"C:\Users\Admin\AppData\Local\Temp\b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c.exe"
Network
Files
memory/3000-0-0x0000000000400000-0x000000000041A000-memory.dmp
C:\My Downloads\BORLAND Delphi 7 ISO - Full Downloader.exe
| MD5 | eed6102f4ba24d0effa273e9349a08ff |
| SHA1 | 97374fe3eebd356a87c80f86a4084207b3d69b87 |
| SHA256 | ebe3716a4b2849cbe71c669f207bc05d3ef82b39bc59b900d54a8c955ca4852d |
| SHA512 | b36164ed2d1d664d4f72abaa43d27ddb1ec1b7853bab9a247cb7a22f39661b3ff4e5b760b6627ea37b2599447cd859da5efd09cc55fe5018c2e94be0e24a053e |
memory/3000-101-0x0000000000400000-0x000000000041A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 07:36
Reported
2024-06-09 07:39
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c.exe
"C:\Users\Admin\AppData\Local\Temp\b7f9ae563a1b998fa69bb59e74679a48ac01f623da12472cc4291e4b92fa562c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
memory/4592-0-0x0000000000400000-0x000000000041A000-memory.dmp
C:\My Downloads\Critical Point Manga game Key Generator.exe
| MD5 | fd84ed755b7338e47f38cd994bbed915 |
| SHA1 | 153bfca547a747784b10280c877d6ea669626c12 |
| SHA256 | 2cdac341c569c7e4ee2bca386c0898c34540570e49c75f6399091cf9323cc9c1 |
| SHA512 | 1b180d6a4cf2ccaa6cd878c0cc2a08be4df8b11dd1c9df9ae13356e5c741fb521cf6e2ddde6af2aafd0361fc6db349dddfe2a3779c5d1b5d368179b1b5ae0326 |
memory/4592-101-0x0000000000400000-0x000000000041A000-memory.dmp