Overview

overview

7

Static

static

3

hentai_and_nudes.exe

windows7-x64

7

hentai_and_nudes.exe

windows10-2004-x64

7

Resubmissions

11-07-2024 18:33

240711-w7glhsyfjn 7

11-07-2024 18:33

240711-w665sa1fme 7

11-07-2024 18:09

240711-wrsnvazhng 10

11-07-2024 14:38

240711-rzygvatajf 10

Analysis

  • max time kernel
    839s
  • max time network
    840s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hentai_and_nudes.exe

  • Size

    8.4MB

  • MD5

    e3ffdd51eee6c10338d01f5101deaa15

  • SHA1

    3146e8075fe05e6747890b5a70a725d4481801ce

  • SHA256

    5f04be7f8b2d882931ab4d8ae975c74c9a02f30dbf5b3d728d32d23bb257fd7b

  • SHA512

    6d98ec5d4a2574547f4fe871369c5e0e32f463c6342f14b8ece001883ba76610daecd6316b691787a11c7506549b4216d8cb7816035771a3add6d8ee9c06d5ab

  • SSDEEP

    196608:uINGefFRHvUWvogWOxu9kXwvdbD64uLnH0W8/LaSzy8s+5BZN/:BGCFRHd3bAlbiUW83zLZN

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
    "C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
      "C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
      2⤵
      • Loads dropped DLL
      PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22522\python310.dll
    Filesize

    1.4MB

    MD5

    f007dc39991423fd64d2d07aaf4da099

    SHA1

    80ad619b4f59f57023064c8b6b3afdaba7e7f698

    SHA256

    b644b9dea990ec5dcd2d9c4b8690d6ff1fb6e4a60f2420dd2f1b3cde483dfb30

    SHA512

    47bf62b06ab55e1ecc397c0097c217dd6ad38588dcb7703f8b7fc4a5020fede5d6b24d9ab4ebd378017240329a0cc3aef20a226451c5a20fa9f4bec2bbc43dcb

    Download Submit

  • memory/1316-947-0x000007FEF5E70000-0x000007FEF62DA000-memory.dmp

    Filesize

    4.4MB

    Download