69f6908603cacaf9a1c516d043e3afea67d254ace853219a4b89d661c50fdac5

Analysis

max time kernel
18s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0636ff55708bd22f9c773b3627606140N.exe
Size

278KB
MD5

0636ff55708bd22f9c773b3627606140
SHA1

77b8715eeb393ac0b8c6ac01489172e206f4222e
SHA256

69f6908603cacaf9a1c516d043e3afea67d254ace853219a4b89d661c50fdac5
SHA512

569ec1faca594359d8430a61a6079d04df87378a11d28c3733cfec9bdc5f1c12e465c91c1ba159e0505340f0b6f8e36d97c2d028a9e9f2958d735b563d4ac832
SSDEEP

6144:uuq1yy/pjnkWcLkONgMDGMHTiLCwKurwdaCM3SpeK+zUG7:y1yc9kWc4u7DGMyCdhwSpe/7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x0000000000400000-0x0000000000418000-memory.dmp	upx
behavioral1/files/0x0007000000016b85-5.dat	upx
behavioral1/memory/3056-19-0x0000000000400000-0x0000000000418000-memory.dmp	upx

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\Silent Hill 4_patch.exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\UT2004(serial).exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\BattleField 1942_codes.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\BattleField 1942(cdfix).exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942(cdfix).exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\BattleField 1942 + nocd.exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942 + nocd.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\Silent Hill 4 + fix.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\FlatOut_trainer.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\Silent Hill 4_patch.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\UT2004(serial).exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\FlatOut_trainer.exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\Doom 3 fix.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\Half-Life 2 nocd.exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 nocd.exe	0636ff55708bd22f9c773b3627606140N.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4 + fix.exe	0636ff55708bd22f9c773b3627606140N.exe
File created	C:\Windows\win32dc\Doom 3 fix.exe	0636ff55708bd22f9c773b3627606140N.exe

C:\Users\Admin\AppData\Local\Temp\0636ff55708bd22f9c773b3627606140N.exe
"C:\Users\Admin\AppData\Local\Temp\0636ff55708bd22f9c773b3627606140N.exe"
1⤵
- Drops file in Windows directory
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\win32dc\Silent Hill 4_patch.exe

Filesize
282KB

MD5
31481bb9d9ad41980af9d341224c7157

SHA1
d9602a06597c5a4b34f8c466f4fac61d3e2a0884

SHA256
ef42d8c3c982594689ebba1478c471b171a481a226f5ad0683e8ad3310f5a83a

SHA512
d015cc87babd833d4912e6e779cf248fbfb110af097fe8b9b461f6f731535ad80a4e26d3b46cb573e34f254557556ed9a3fd25f15d2ed7b8d54b5911bed1969c

Download Submit
memory/3056-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3056-19-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads