e4dcae47d980f156136b6b9034db1de86447c7d8b4973476a68c0548f8708f8d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4dcae47d980f156136b6b9034db1de86447c7d8b4973476a68c0548f8708f8d.exe
Size

12.8MB
MD5

25fd659ed9559f1bf9914b70f7693e53
SHA1

e0e17453e1dfd1fe81d4b52153f23aa4992a87c7
SHA256

e4dcae47d980f156136b6b9034db1de86447c7d8b4973476a68c0548f8708f8d
SHA512

689d12542d13105d8f9a38df3dfbf5706c16c758b175ee80fca3cdbf947830523b7c46ee8db7862a9c47252c7405a000791654ad7803279d7611e9095ada3074
SSDEEP

393216:IoGyGITC+gIpFGhOV9B9hjJmwqa9sy8f/:IHhITBpFem79R8wvWv/

Score

9^/10

oss_ak upx

Malware Config

Signatures

detect oss ak 2 IoCs

oss ak information detected.

oss_ak

Processes:

resource	yara_rule
behavioral1/memory/2064-167-0x0000000001020000-0x0000000004047000-memory.dmp	detect_ak_stuff
behavioral1/memory/2064-168-0x0000000001020000-0x0000000004047000-memory.dmp	detect_ak_stuff

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2064-0-0x0000000001020000-0x0000000004047000-memory.dmp	upx
behavioral1/memory/2064-167-0x0000000001020000-0x0000000004047000-memory.dmp	upx
behavioral1/memory/2064-168-0x0000000001020000-0x0000000004047000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\e4dcae47d980f156136b6b9034db1de86447c7d8b4973476a68c0548f8708f8d.exe
"C:\Users\Admin\AppData\Local\Temp\e4dcae47d980f156136b6b9034db1de86447c7d8b4973476a68c0548f8708f8d.exe"
1⤵
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\config\CrackDict\Elasticsearch-pass.txt
Filesize
75B

MD5
c78d86e3ec6038f3e1ab6a7d0f4c449a

SHA1
6a0ac926e48e1947c5456fef1038c8c5328abb66

SHA256
6c09e4ebabb5b0752d17630700784aa637bd1db0e7d4540a1582bb93b36122fd

SHA512
907423e3a3990e53ce88cee61f45f8bc00c9c7684fedf1c5c25a63a2d57bf34f0a64abbb5b5f2849a99646912a64d7c7b4474b67bb26859a8fa680c928f5ffde

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\LDAPS-pass.txt
Filesize
378B

MD5
d73991d50902727a3a89717188d8b82c

SHA1
7a9d18d4b8a1e11d11366ff221126cce27407490

SHA256
aa7f59e2247e8d87c8a534a3b911e256e412e85f3790511c9e070a5c0c4de57c

SHA512
b8c89e4721ca96a55a5c45f72ff03557701cb8a02b60f0ab4e4631f3cb18f09ae4986e08bb9475121e3a1d64b1badf273132e3b41628114d56e97d52a0efeb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\POP3-pass.txt
Filesize
647B

MD5
5441e5159032a9a8c26448cc454b2370

SHA1
aa0f8c8ccbf13c489f3ef15afaedef8a469c0d71

SHA256
8f533fab5b00e5d5d41e135311c7bb0560dce9b7814daab23b11fd727ec6a235

SHA512
35bc6d0a5c518a5851d07369c67e6b755e559951a6fa7146f508c17615639d06ce2e60d714c968e1d933ead63063f48dbf0c0cd96a13ee62597fdc6fc246533e

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\Redis-user.txt
Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\RouterOS-user.txt
Filesize
17B

MD5
fb8a9623fd5b1d8c31228677d7b1aaa6

SHA1
8ae061dbdb1df384dcfb5a06684c0c6a9c361df6

SHA256
b73c856da26ebcc11a6325b6279190e36949766c7e02f95628e5a80c61b6d79d

SHA512
a05086e85ede707f89f8be9099175e011ecfef9fbc1a960d0a98f141476fb45ba6a71d500a1e988ef4712f65e31b2554bc8ff41e65ea83a147d5fa7300e3b9cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\SMTP-user.txt
Filesize
17B

MD5
1bd45dc5fcd63654825aa693e0407326

SHA1
3a4567c70aba378d04bc4eff545c28ddc82fb5c4

SHA256
0ceaf90a3e635efcd84c5b45e7586db66136a9f4511cd4aea2072580667fbc25

SHA512
e20f89b18f88df404b63172f6bda7a03b8e63f47542ba09ba98e8255d84e3b68a8a03bcb67fdd4ace7833a786eb2ee1c896c946116aa893e95fb24306e36b6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\SNMP-pass.txt
Filesize
648B

MD5
688652a8bdc1e5236fe249b8329e151f

SHA1
820b082e4aba175d3dddfa5ef4ec0a73a49d6330

SHA256
adb16a26d84ac2ced75863678373025555c3a11b447c2cb06ac52a93d5d5e08d

SHA512
66b3a8269ad1b49b0139d0e880a80c07fbc98a23164307a2095d2e735cdd54524be6c68067a7f818aa7924551caa7028e7ea231386c956be83c8efb632f149aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\config\CrackDict\Webdav-pass.txt
Filesize
582B

MD5
4cf29adaad3ef5aeae5ae8113bb703d7

SHA1
e6f01ad6ee1c541a2c54897dce4afff3711f8d41

SHA256
fb5831d6c6b82ec8ae328aefc6a1af4e60427b541463190f97d9bd92ecd1b8f3

SHA512
d15ba884536294e8b720cf735a3edce7bc1583279969e2d160e8cf02e230e2caad6f1cc68cced4748af361b21aef995f57f1ddfdc5d75cc4fce4e9c14b30f2b2

Download Submit
memory/2064-0-0x0000000001020000-0x0000000004047000-memory.dmp

Filesize
48.2MB

Download
memory/2064-167-0x0000000001020000-0x0000000004047000-memory.dmp

Filesize
48.2MB

Download
memory/2064-168-0x0000000001020000-0x0000000004047000-memory.dmp

Filesize
48.2MB

Download