Analysis

  • max time kernel
    76s
  • max time network
    71s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 13:59

General

  • Target

    boostup_boost_tool_cracked/main.exe

  • Size

    23.7MB

  • MD5

    b0ca3bcda1a2313d0903c5dcc7f75a18

  • SHA1

    14bb5e524b33ea9f1a78ec409ad7f65dc31ab9a2

  • SHA256

    1db745ceb709e87ca5bd10c65f53ade4bf07832cf37adc11d8b85b993fd1665d

  • SHA512

    26af4dca463409f4a029ba41ac84a6856b91f625d901bb296274ce747c7bb82a22ce9c170bd2a0f8ab4d32d2952e712c7f09753fe1a25d1cce95f2e59774acc2

  • SSDEEP

    393216:GrTkVIf0xOIZdjfFqLkNuJSHUtMkrEylHan+abmAT3gYTti16f9+gYlr2Iki99Br:GfkqfSOMDYLkUS0t5rPlH7W9ti16+gY8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 27 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\boostup_boost_tool_cracked\main.exe
    "C:\Users\Admin\AppData\Local\Temp\boostup_boost_tool_cracked\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\main.exe
      "C:\Users\Admin\AppData\Local\Temp\boostup_boost_tool_cracked\main.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4688
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:3596
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c
          3⤵
            PID:2516

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd
        Filesize

        120KB

        MD5

        22c4892caf560a3ee28cf7f210711f9e

        SHA1

        b30520fadd882b667ecef3b4e5c05dc92e08b95a

        SHA256

        e28d4e46e5d10b5fdcf0292f91e8fd767e33473116247cd5d577e4554d7a4c0c

        SHA512

        edb86b3694fff0b05318decf7fc42c20c348c1523892cce7b89cc9c5ab62925261d4dd72d9f46c9b2bda5ac1e6b53060b8701318b064a286e84f817813960b19

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem
        Filesize

        275KB

        MD5

        78d9dd608305a97773574d1c0fb10b61

        SHA1

        9e177f31a3622ad71c3d403422c9a980e563fe32

        SHA256

        794d039ffdf277c047e26f2c7d58f81a5865d8a0eb7024a0fac1164fea4d27cf

        SHA512

        0c2d08747712ed227b4992f6f8f3cc21168627a79e81c6e860ee2b5f711af7f4387d3b71b390aa70a13661fc82806cc77af8ab1e8a8df82ad15e29e05fa911bf

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll
        Filesize

        771KB

        MD5

        bfc834bb2310ddf01be9ad9cff7c2a41

        SHA1

        fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

        SHA256

        41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

        SHA512

        6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tls_client\dependencies\tls-client-64.dll
        Filesize

        15.7MB

        MD5

        6b0b5bb89d4fab802687372d828321b4

        SHA1

        a6681bee8702f7abbca891ac64f8c4fb7b35fbb5

        SHA256

        ec4f40c5f1ac709313b027c16face4d83e0dafdbc466cff2ff5d029d00600a20

        SHA512

        50c857f4a141ad7db8b6d519277033976bf97c9a7b490186a283403c05cb83b559a596efaf87ca46bc66bdf6b80636f4622324551c9de2c26bebfdbb02209d34

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32security.pyd
        Filesize

        133KB

        MD5

        0007e4004ee357b3242e446aad090d27

        SHA1

        4a26e091ca095699e6d7ecc6a6bfbb52e8135059

        SHA256

        10882e7945becf3e8f574b61d0209dd7442efd18ab33e95dceececc34148ab32

        SHA512

        170fa5971f201a18183437fc9e97dcd5b11546909d2e47860a62c10bff513e2509cb4082b728e762f1357145df84dcee1797133225536bd15fc87b2345659858

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\yaml\_yaml.pyd
        Filesize

        228KB

        MD5

        e383f5064e9afe76cd25b49d00ffa275

        SHA1

        5073f97495ae0694bf79865852eda271a309f50f

        SHA256

        a0c62c035cd131ce1e574742d91d415de761a5c5d5c35a4f36a41b8e0b0ab195

        SHA512

        34c4b567c628d0c14f330dae8dd069b08940e087666666db9aa4497680f3111ab580f4ac702d726a7d6ab85fd4e9b27a952800a2b5271edb50374a30f15bc5b5

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd
        Filesize

        513KB

        MD5

        baf4db7977e04eca7e4151da57dc35d6

        SHA1

        80c70496375037ca084365e392d903dea962566c

        SHA256

        1a2ec2389c1111d3992c788b58282aaf1fc877b665b195847faf58264bf9bc33

        SHA512

        9b04f24ee61efa685c3af3e05000206384ec531a120209288f8fdc4fb1ec186c946fd59e9eb7381e9077bfbcfc7168b86a71c12d06529e70a7f30e44658a4950

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\VCRUNTIME140.dll
        Filesize

        106KB

        MD5

        4585a96cc4eef6aafd5e27ea09147dc6

        SHA1

        489cfff1b19abbec98fda26ac8958005e88dd0cb

        SHA256

        a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

        SHA512

        d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_asyncio.pyd
        Filesize

        63KB

        MD5

        cee78dc603d57cb2117e03b2c0813d84

        SHA1

        095c98ca409e364b8755dc9cfd12e6791bf6e2b8

        SHA256

        6306be660d87ffb2271dd5d783ee32e735a792556e0b5bd672dc0b1c206fdadc

        SHA512

        7258560aa557e3e211bb9580add604b5191c769594e17800b2793239df45225a82ce440a6b9dcf3f2228ed84712912affe9bf0b70b16498489832df2dee33e7e

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_bz2.pyd
        Filesize

        82KB

        MD5

        28ede9ce9484f078ac4e52592a8704c7

        SHA1

        bcf8d6fe9f42a68563b6ce964bdc615c119992d0

        SHA256

        403e76fe18515a5ea3227cf5f919aa2f32ac3233853c9fb71627f2251c554d09

        SHA512

        8c372f9f6c4d27f7ca9028c6034c17deb6e98cfef690733465c1b44bd212f363625d9c768f8e0bd4c781ddde34ee4316256203ed18fa709d120f56df3cca108b

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_decimal.pyd
        Filesize

        247KB

        MD5

        baaa9067639597e63b55794a757ddeff

        SHA1

        e8dd6b03ebef0b0a709e6cccff0e9f33c5142304

        SHA256

        6cd52b65e11839f417b212ba5a39f182b0151a711ebc7629dc260b532391db72

        SHA512

        7995c3b818764ad88db82148ea0ce560a0bbe9594ca333671b4c5e5c949f5932210edbd63d4a0e0dc2daf24737b99318e3d5daaee32a5478399a6aa1b9ee3719

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_hashlib.pyd
        Filesize

        63KB

        MD5

        c888ecc8298c36d498ff8919cebdb4e6

        SHA1

        f904e1832b9d9614fa1b8f23853b3e8c878d649d

        SHA256

        21d59958e2ad1b944c4811a71e88de08c05c5ca07945192ab93da5065fac8926

        SHA512

        7161065608f34d6de32f2c70b7485c4ee38cd3a41ef68a1beacee78e4c5b525d0c1347f148862cf59abd9a4ad0026c2c2939736f4fc4c93e6393b3b53aa7c377

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_lzma.pyd
        Filesize

        155KB

        MD5

        d386b7c4dcf589e026abfc7196cf1c4c

        SHA1

        c07ce47ce0e69d233c5bdd0bcac507057d04b2d4

        SHA256

        ad0440ca6998e18f5cc917d088af3fea2c0ff0febce2b5e2b6c0f1370f6e87b1

        SHA512

        78d79e2379761b054df1f9fd8c5b7de5c16b99af2d2de16a3d0ac5cb3f0bd522257579a49e91218b972a273db4981f046609fdcf2f31cf074724d544dac7d6c8

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_overlapped.pyd
        Filesize

        49KB

        MD5

        d3be208dc5388225162b6f88ff1d4386

        SHA1

        8effdb606b6771d5fdf83145de0f289e8ad83b69

        SHA256

        ce48969ebebdc620f4313eba2a6b6cda568b663c09d5478fa93826d401abe674

        SHA512

        9e1c3b37e51616687eecf1f7b945003f6eb4291d8794fea5545b4a84c636007eb781c18f6436039df02a902223ac73efac9b2e44ddc8594db62feb9997475da3

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_queue.pyd
        Filesize

        31KB

        MD5

        50842ce7fcb1950b672d8a31c892a5d1

        SHA1

        d84c69fa2110b860da71785d1dbe868bd1a8320f

        SHA256

        06c36ec0749d041e6957c3cd7d2d510628b6abe28cee8c9728412d9ce196a8a2

        SHA512

        c1e686c112b55ab0a5e639399bd6c1d7adfe6aedc847f07c708bee9f6f2876a1d8f41ede9d5e5a88ac8a9fbb9f1029a93a83d1126619874e33d09c5a5e45a50d

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_socket.pyd
        Filesize

        77KB

        MD5

        2c0ec225e35a0377ac1d0777631bffe4

        SHA1

        7e5d81a06ff8317af52284aedccac6ebace5c390

        SHA256

        301c47c4016dac27811f04f4d7232f24852ef7675e9a4500f0601703ed8f06af

        SHA512

        aea9d34d9e93622b01e702defd437d397f0e7642bc5f9829754d59860b345bbde2dd6d7fe21cc1d0397ff0a9db4ecfe7c38b649d33c5c6f0ead233cb201a73e0

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_ssl.pyd
        Filesize

        172KB

        MD5

        66e78727c2da15fd2aac56571cd57147

        SHA1

        e93c9a5e61db000dee0d921f55f8507539d2df3d

        SHA256

        4727b60962efacfd742dca21341a884160cf9fcf499b9afa3d9fdbcc93fb75d0

        SHA512

        a6881f9f5827aceb51957aaed4c53b69fcf836f60b9fc66eeb2ed84aed08437a9f0b35ea038d4b1e3c539e350d9d343f8a6782b017b10a2a5157649abbca9f9a

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\_uuid.pyd
        Filesize

        24KB

        MD5

        3a09b6db7e4d6ff0f74c292649e4ba96

        SHA1

        1a515f98946a4dccc50579cbcedf959017f3a23c

        SHA256

        fc09e40e569f472dd4ba2ea93da48220a6b0387ec62bb0f41f13ef8fab215413

        SHA512

        8d5ea9f7eee3d75f0673cc7821a94c50f753299128f3d623e7a9c262788c91c267827c859c5d46314a42310c27699af5cdfc6f7821dd38bf03c0b35873d9730f

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\charset_normalizer\md.pyd
        Filesize

        10KB

        MD5

        25e5dd43a30808f30857c6e46e6bc8df

        SHA1

        679cb7169813a9a0224f03624984645ea18aabe6

        SHA256

        62639a735008dd068142c0efca7f3d0f96f4959a52278fcf70012946e8552974

        SHA512

        904855da98f610a6ebe18ba76f7130a7f9a0ba5da0364fbc9ce79127728597c473aa85f8c0ccaf9f0af81da8f4e6ad7b722890839ee03f381e50177301661cc3

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\charset_normalizer\md__mypyc.pyd
        Filesize

        110KB

        MD5

        f4192b63f194d4b4e420e319f08fd398

        SHA1

        03e2f59492e05f899cb5399a4971b3ee700f00c1

        SHA256

        0be6ce456259ec228b1e42b8406d6eecf4c9fc4c96b9c3dc6255695f539bfdca

        SHA512

        447f4909a742e3f2abbe37c2f02d1e9106ded7be5c1d3c1bcbe3985d61791c2eac85bfc9870518fb6d99c7bd32a73c99e9961b797aeee95756f59bf0d2038009

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\libcrypto-3.dll
        Filesize

        4.9MB

        MD5

        51e8a5281c2092e45d8c97fbdbf39560

        SHA1

        c499c810ed83aaadce3b267807e593ec6b121211

        SHA256

        2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

        SHA512

        98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\libffi-8.dll
        Filesize

        38KB

        MD5

        0f8e4992ca92baaf54cc0b43aaccce21

        SHA1

        c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

        SHA256

        eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

        SHA512

        6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\main.exe
        Filesize

        42.1MB

        MD5

        49d08125658272ff5c325f8789b6e6ee

        SHA1

        33629d347573c8ae2c7f34fadf70cd91fdb4dcb2

        SHA256

        fce000dc1908a48dec2c9b16d4ab4aca97bbefc0118a41fcd36a03228acaa40c

        SHA512

        68ba097ccc0d324ac9ec43f9ab3056e4c7d05519a69353994062b60ad44a0d31955a8845b5e4d2fdfa90b7646d552a30e56ec4746dae521fe05b74f248ce43f0

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\python311.dll
        Filesize

        5.5MB

        MD5

        65e381a0b1bc05f71c139b0c7a5b8eb2

        SHA1

        7c4a3adf21ebcee5405288fc81fc4be75019d472

        SHA256

        53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

        SHA512

        4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\pywintypes311.dll
        Filesize

        131KB

        MD5

        90b786dc6795d8ad0870e290349b5b52

        SHA1

        592c54e67cf5d2d884339e7a8d7a21e003e6482f

        SHA256

        89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

        SHA512

        c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\select.pyd
        Filesize

        29KB

        MD5

        8472d39b9ee6051c961021d664c7447e

        SHA1

        b284e3566889359576d43e2e0e99d4acf068e4fb

        SHA256

        8a9a103bc417dede9f6946d9033487c410937e1761d93c358c1600b82f0a711f

        SHA512

        309f1ec491d9c39f4b319e7ce1abdedf11924301e4582d122e261e948705fb71a453fec34f63df9f9abe7f8cc2063a56cd2c2935418ab54be5596aadc2e90ad3

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\unicodedata.pyd
        Filesize

        1.1MB

        MD5

        57f8f40cf955561a5044ddffa4f2e144

        SHA1

        19218025bcae076529e49dde8c74f12e1b779279

        SHA256

        1a965c1904da88989468852fdc749b520cce46617b9190163c8df19345b59560

        SHA512

        db2a7a32e0b5bf0684a8c4d57a1d7df411d8eb1bc3828f44c95235dd3af40e50a198427350161dff2e79c07a82ef98e1536e0e013030a15bdf1116154f1d8338

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\vcruntime140_1.dll
        Filesize

        48KB

        MD5

        7e668ab8a78bd0118b94978d154c85bc

        SHA1

        dbac42a02a8d50639805174afd21d45f3c56e3a0

        SHA256

        e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

        SHA512

        72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

      • C:\Users\Admin\AppData\Local\Temp\onefile_2452_133635384415940006\websockets\speedups.pyd
        Filesize

        11KB

        MD5

        99480b51453f6f78ee60954cac18454d

        SHA1

        4cb835152039ffcbd398f8b24fed39aae92566ed

        SHA256

        ebd0130532db4ea3ecb1d52a85d166714c0cd2817145e4d2616e780c6614bc43

        SHA512

        2b35860408dda6eb9e9ae6900e46bc2ea05e2338b62de2f484ee1b86135da4e0a849cba6bae28a52771692e54bd4779cbd69343edb13d70b387f44d7ed0aed73

      • memory/2452-83-0x00007FF6B5C70000-0x00007FF6B7430000-memory.dmp
        Filesize

        23.8MB

      • memory/2452-126-0x00007FF6B5C70000-0x00007FF6B7430000-memory.dmp
        Filesize

        23.8MB

      • memory/4688-85-0x00007FFE5B860000-0x00007FFE5C7EC000-memory.dmp
        Filesize

        15.5MB

      • memory/4688-84-0x00007FF698460000-0x00007FF69AF26000-memory.dmp
        Filesize

        42.8MB

      • memory/4688-99-0x00007FF698460000-0x00007FF69AF26000-memory.dmp
        Filesize

        42.8MB

      • memory/4688-111-0x00007FF698460000-0x00007FF69AF26000-memory.dmp
        Filesize

        42.8MB

      • memory/4688-117-0x00007FFE5B860000-0x00007FFE5C7EC000-memory.dmp
        Filesize

        15.5MB

      • memory/4688-116-0x00007FF698460000-0x00007FF69AF26000-memory.dmp
        Filesize

        42.8MB