5f04be7f8b2d882931ab4d8ae975c74c9a02f30dbf5b3d728d32d23bb257fd7b

Resubmissions

11/07/2024, 18:33

240711-w7glhsyfjn 7

11/07/2024, 18:33

240711-w665sa1fme 7

11/07/2024, 18:09

240711-wrsnvazhng 10

11/07/2024, 14:38

240711-rzygvatajf 10

Analysis

max time kernel
361s
max time network
363s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hentai_and_nudes.exe
Size

8.4MB
MD5

e3ffdd51eee6c10338d01f5101deaa15
SHA1

3146e8075fe05e6747890b5a70a725d4481801ce
SHA256

5f04be7f8b2d882931ab4d8ae975c74c9a02f30dbf5b3d728d32d23bb257fd7b
SHA512

6d98ec5d4a2574547f4fe871369c5e0e32f463c6342f14b8ece001883ba76610daecd6316b691787a11c7506549b4216d8cb7816035771a3add6d8ee9c06d5ab
SSDEEP

196608:uINGefFRHvUWvogWOxu9kXwvdbD64uLnH0W8/LaSzy8s+5BZN/:BGCFRHd3bAlbiUW83zLZN

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2908	hentai_and_nudes.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001960d-945.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2908	1968	hentai_and_nudes.exe	31
PID 1968 wrote to memory of 2908	1968	hentai_and_nudes.exe	31
PID 1968 wrote to memory of 2908	1968	hentai_and_nudes.exe	31

C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
"C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe
  "C:\Users\Admin\AppData\Local\Temp\hentai_and_nudes.exe"
  2⤵
  - Loads dropped DLL
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19682\python310.dll

Filesize
1.4MB

MD5
f007dc39991423fd64d2d07aaf4da099

SHA1
80ad619b4f59f57023064c8b6b3afdaba7e7f698

SHA256
b644b9dea990ec5dcd2d9c4b8690d6ff1fb6e4a60f2420dd2f1b3cde483dfb30

SHA512
47bf62b06ab55e1ecc397c0097c217dd6ad38588dcb7703f8b7fc4a5020fede5d6b24d9ab4ebd378017240329a0cc3aef20a226451c5a20fa9f4bec2bbc43dcb

Download Submit
memory/2908-947-0x000007FEF6470000-0x000007FEF68DA000-memory.dmp

Filesize
4.4MB

Download