ca8997d17113e3b682ccdc61e3a227d05a0bde432529b92553276ce64cff5aea

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe
Size

72.1MB
MD5

fc37a63fa3bb55628399ca35678867c3
SHA1

b3cd21446bfb702835acf4dfa24d631fddc12618
SHA256

ca8997d17113e3b682ccdc61e3a227d05a0bde432529b92553276ce64cff5aea
SHA512

772769e4b512009e39649e6b2f7aa6df28a89676f58b8fd7b705177a27988b9387c8673742726940144d027ff9ec54ff50e795550b60e5b2bee50cfb0c27ff2b
SSDEEP

1572864:Pky1ZRkyqqPmYJqekzw3JU1jjPVZOuyc52s:sy1ldTJqFP/Otc52s

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
520	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp

Loads dropped DLL 4 IoCs

pid	Process
520	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp
520	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp
520	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp
520	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 520	4816	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe	81
PID 4816 wrote to memory of 520	4816	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe	81
PID 4816 wrote to memory of 520	4816	AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe	81

C:\Users\Admin\AppData\Local\Temp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe
"C:\Users\Admin\AppData\Local\Temp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\is-D5OER.tmp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D5OER.tmp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp" /SL5="$600EC,74964919,210944,C:\Users\Admin\AppData\Local\Temp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\1.png

Filesize
11KB

MD5
459b6e0d44473b2647e4981068ddaeef

SHA1
63d03aa6c1a3d73d411a404ae9056384c7522071

SHA256
f8730715df615601b4abbccdb5fdb1feffea3072dc361391cc86a9cf9e2d3ecb

SHA512
e5f9c5e11c408e5d420d7c9a48b6f2b18ac97f600aa273a451e7e22421d3886593da5b43c1575da75e9b3fff1aa209ee4ba7d6cf8f34021515006689c7a17f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\Installer net.png

Filesize
11KB

MD5
1c5bfe3b17ae62449e5f9e42b762f33b

SHA1
47f77205abb1318baf5e3add0670b7ee9fbb8f24

SHA256
567a2d3cea865f672b63e6ff44fc7091173a79fa840c9d20286ecd5429029823

SHA512
07e8c8f38e4e8477248092656af2e6844e325e301647a84efd2435d9cf3e5876e17dc1baaf18435f7a90459a6ce35b47fee36f3098b74604e48c87072210cced

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\Portable.png

Filesize
23KB

MD5
89475a0f65e50ee9c484967ebc348ab7

SHA1
06ba9bcdada628fc6b0a77437c8f700004ae4648

SHA256
5f9ca566d37e1f25d19bbf5f885862808cb6b3d1a4dbcca5af812a58ae6fedf9

SHA512
d062a31dc8cacc15159e96b18f8aaa01c4457cacc7e0f6cf78b78bc30600dadfc3d12932d6ba72b03197df7d3c2d86757c474774bca3c430d7d0c8710713b0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\eng.jpg

Filesize
704B

MD5
4ad999118697c0735eed9b5437e2ddd9

SHA1
6f4c6026e3e31f8eaac4ab9ba633cdc64541a2c1

SHA256
ee6d8d45a073ff7c69012cf34b1fa4dafed071e709f64143d57a42be5bb6e7f4

SHA512
bf62bca3fa087cedf89c93a2a4952922e6ccf4c1ad356e68db33aae59bc10309fc37d778180ad20f48c8473a9c44fde3614a19c7e762c85588af0ca83c93ecaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\iswin7logo.dll

Filesize
74KB

MD5
7363a2a5949c9f613cde458b89deecb5

SHA1
fb25bad5d2625210c4cb47a9c24b853e63d52ae0

SHA256
196390762f6393024e0c5d33b037d497c5a8cfdd6c406719c05b0081d7e45cb5

SHA512
323f8eb42f355a0dc2df2b5b2d7711842c688f770e4ea8cb671228c60e8f2dbd92468e248a824822a08ee557075b7aaa8e42ca7b870f49c4385c6b2e9227a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\port neaktiv.png

Filesize
11KB

MD5
893aa141cf93c75adeeb0f4e7ec917bc

SHA1
36bb3105e25671d2aa0da41e6f906f5bc24119f9

SHA256
f87de21bac4f7ee32d32f65c6754f57057bcb8b00376f13a9275e86b722c2fd9

SHA512
0a630b83b4ad69ccd0a5d48999e8702e3d8e72208a50e0b3efaecaca87d71995b8bc55c1a19918cff75710ad086d552a57bd1e861e7db2303959dc3ba2e7fb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5E9R6.tmp\stac.png

Filesize
15KB

MD5
eaec12cf0e741d23cbf1a100e7dee23e

SHA1
d4e20ea202eccedb63c35ee138726fadf16abd9f

SHA256
b38e0315691adf47090665ec21aee0c0cb5014246cfe0edf0c1f1ff36c45d2ac

SHA512
344c5f14efc854f579e925928ff3b95e213f4cf325e1d80359d7ea756b11f11d756338a921a370f6308abe78981f8f5808f4941b4646d31c7ee1819bb8216c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5OER.tmp\AIDA64 Extreme Engineer Business Edition Network Audit 7.30.6900 RePack (& Portable) by Dodakaedr.tmp

Filesize
1.5MB

MD5
385d91cf579df150130e7d2a0d7af02f

SHA1
040905212940d47814df2b7685dc4cf69f4f3edf

SHA256
b7c164581f471db0cf94edc05f1372b7854b6de6f0179401a30737a770cc634b

SHA512
de2222fe233882b875676a2f49eb3f7296172e9363f884dcc30099818af615076c0b9c5fe403ee6bde50d8d8850762ab92e24af52bd773934203fedac61d00c8

Download Submit
memory/520-31-0x0000000003440000-0x000000000344F000-memory.dmp

Filesize
60KB

Download
memory/520-6-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/520-61-0x0000000003440000-0x000000000344F000-memory.dmp

Filesize
60KB

Download
memory/520-60-0x0000000000400000-0x000000000058C000-memory.dmp

Filesize
1.5MB

Download
memory/4816-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/4816-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4816-59-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads