aa5f1188b6ee04b295860df6da0ee047395bd566508aa570249a07919cdf0db8

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

37.2MB
MD5

31125c6581ea8f49e9e42c6d9d6b8240
SHA1

a18eb575c3a1b8fa27de21603008c4e204eecd81
SHA256

aa5f1188b6ee04b295860df6da0ee047395bd566508aa570249a07919cdf0db8
SHA512

9a4c84d6ad4c547f614df3521e2fb0f4ad2b5c885b31aa0cd14d43abb48ef3f8c935e3b498c26e5f6a4262d6d37e867f5a4a3f41e32aa09477b61e64fb80ea75
SSDEEP

786432:8RQBrRSY+R46huYqwAO4YoMGD6Oafw2827HokWhSnuvluwhNnlxM:8ROrRR+R4WurwAO49QY2LtW0nuDhNnnM

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

main.exe

pid process

2844 main.exe
2844 main.exe
2844 main.exe
2844 main.exe
2844 main.exe
2844 main.exe
2844 main.exe

pid	process
2844	main.exe
2844	main.exe
2844	main.exe
2844	main.exe
2844	main.exe
2844	main.exe
2844	main.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI23442\python311.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description	pid	process	target process
PID 2344 wrote to memory of 2844	2344	main.exe	main.exe
PID 2344 wrote to memory of 2844	2344	main.exe	main.exe
PID 2344 wrote to memory of 2844	2344	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23442\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
e6b0bfdc2a7d1f78ef3d1396ffc4bdc4

SHA1
eeba46491e45d08c114f20c62e46149b2451e311

SHA256
0377bc9cb4b16f1a9542b0b6879de48e9f5b6731a231bbf47087b025596e25a5

SHA512
f903e2efb8b4e6195d4218adbd5dc491e2c83e5c943f0ef34e9575b7398e8e9cfdbada8933ab91dcc45a32e480e9b745e664951114b2511a79b3419bb5f4bdb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
327b8dbe3e777c74a38cf00efaddecea

SHA1
67c3ce374c22a2e02b46fd90b18307519c41f419

SHA256
0a7e52e026b508bf15d467bba217fec9667a059885d30b1f76de94e29ed4c0bc

SHA512
e1495c0c026311f19680da93e73d373eec64253f808ec4346597e2f45a91cedcc693cb5fdd95569fa8cdfcc5a7bce79357a95c0a08fb0618d76d68089f43000e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
30e30760b6dac6bcd78a609b4c9ad289

SHA1
1a35b6d6d9647701c2998c4f1462def9a745af3a

SHA256
62e13dfa9eda56d7b46328f05f8b3c8144f9a777fe80812fddc2a7b855372bc7

SHA512
216352f7cacdd650f679f9b10acbf8560e9ab85e0547e07996eadd96a04885fe0d8671a32666013dd3cb20f771734136916ab67c68a0f670ce591125eca4e4e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
febccad96bebeab0a0fba7d8be5b8472

SHA1
bf6e2a548a312496539e1780aac5653c134659cd

SHA256
691443c7db5c0e499a6a85363a2f8f4c97e93de378e36d307742b6acd3bc4fe5

SHA512
802db20a82432fcd955d1ae4fa791fe74ba464832a4bb4c3a6400a19d075e847acff475446d7756bd7c752937742f6505df4fe7152056e335af21d3e289607c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
aecf6fb286ebb136b20e2b08f129d6dd

SHA1
a77ead7b9af5720001536a673047050ca0776e25

SHA256
8c16e98f5f9137c8321a8df4d336750df529e151dd16b636b0ded00c8662d0ab

SHA512
402539733a80c00d5f8150a470b7099bca05822486517af9d0cfa7267118cc74611980963f716b354ca2c868892a537ef2dcb65c2c76991579c4611c1cdadbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\python311.dll

Filesize
1.6MB

MD5
1e76961ca11f929e4213fca8272d0194

SHA1
e52763b7ba970c3b14554065f8c2404112f53596

SHA256
8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

SHA512
ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23442\ucrtbase.dll

Filesize
985KB

MD5
bcfaceeac46f8dc7b6fd1221f68705b9

SHA1
bd46f5f4ce5fcfe98d0bd2aef06073ab1964993d

SHA256
b99cc3d012f09c494ccd90e25188b16cadffd70153020c7c8f074fd06defa5af

SHA512
395b99fa23da2d4ee900a8d01d16f6eaeab8496c978343a5687cae8cbdde7dbc6b580deee5ef8487b4205b2d0f9e6ebf52b184418e4b7e5c2cda0cc089ec59bf

Download Submit
memory/2844-65-0x000007FEF5C40000-0x000007FEF622A000-memory.dmp

Filesize
5.9MB

Download