Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 18:34

General

  • Target

    9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe

  • Size

    72.9MB

  • MD5

    cfd1558fd24236712a03d60cc94aa02e

  • SHA1

    f37da01783982b7b305996a23f8951693eb78f72

  • SHA256

    9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c

  • SHA512

    17b94007bad5190fe8f401db483523a66285bf29a890f88b3a8555e272397c5571c88fcdf6cd03509f89d0c0d914f784bae502e7adb9fa06d1bdb1a65d5e057c

  • SSDEEP

    1572864:VUQpj29GSk8IpG7V+VPhqIpE7WmjRMkiY4MHHLeqPNLtD4WviZpOkV6:VUq+GSkB05awITmdMfMHVLtMuiSQ6

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe
    "C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe
      "C:\Users\Admin\AppData\Local\Temp\9dddc3892790516ad713109cce19d0b0ef3f5e5a16e0f44bcb3d887a7bbd955c.exe"
      2⤵
      • Loads dropped DLL
      PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\api-ms-win-core-file-l1-2-0.dll

    Filesize

    11KB

    MD5

    765a243d3a24dc86b832edf0cb5bf6e1

    SHA1

    86dbf2de0617d9589cd7f2f2507fbdab7c5c922a

    SHA256

    76c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec

    SHA512

    0e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\api-ms-win-core-file-l2-1-0.dll

    Filesize

    11KB

    MD5

    be64a8905c905581884c987c60f02de0

    SHA1

    204330902966b5b19552d058c228163a0e425d64

    SHA256

    fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1

    SHA512

    de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    14KB

    MD5

    5e5b3246910237da716c8b189dc740fd

    SHA1

    acd1b12a7a5463f2212ba50a1af563073f3eb7aa

    SHA256

    ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52

    SHA512

    e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    12KB

    MD5

    9e7441ef965b380b75b82a1c9cd3884e

    SHA1

    274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f

    SHA256

    8ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f

    SHA512

    efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    12KB

    MD5

    b83d28b1babea99ee95d5e81ea61fb1c

    SHA1

    f4d492ece484e75b5cdcf680f8c8280b1ae52118

    SHA256

    baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e

    SHA512

    dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\python310.dll

    Filesize

    1.4MB

    MD5

    d53251f4484a0092b00b9451423a5e38

    SHA1

    0e15a558ec6ae369147ae07a828c0f9d68dceabe

    SHA256

    9e1dc8da1ed1d0aeacf2b636bd20704d683d0ff15ac0be0c16616a247a9c070b

    SHA512

    ef9ce3c61d2f4b128eb092e9ae32c4433994aa7ba6f6a25e59c2cbd7afb35155becf8941a8c13e17a57902b7bb5022c06bc1dc5e8ccc1c47d22dbe8c39037649

  • C:\Users\Admin\AppData\Local\Temp\_MEI29282\ucrtbase.dll

    Filesize

    986KB

    MD5

    f7409ff2f0ea3a7b6a18709d4fda563a

    SHA1

    902eea6263811f6866d2a1df4d3bd7686083d221

    SHA256

    a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a

    SHA512

    e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a

  • memory/2040-1231-0x000007FEF5C00000-0x000007FEF606E000-memory.dmp

    Filesize

    4.4MB