5dcf092279becaf7a4824d1ab5105c242fe86a1d673965a90646c4251c7664dd

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

svchosts.exe
Size

20.8MB
MD5

9ef002377d4522601bcd1e2fbca90096
SHA1

6ad5827c75301a3f59717924d812c60e73b723ea
SHA256

5dcf092279becaf7a4824d1ab5105c242fe86a1d673965a90646c4251c7664dd
SHA512

420f4becab6023de1cdbb1929567ff0d939a9bea24dc4582770bf1d828fe0641408ef02618e9fe919961bd19da13b5f457d9c005cdad2825c3395129f8f02c2a
SSDEEP

393216:KnV9TOQG4ItSkw+0/pWOY4RaSHkBYe2WcPpi+59iHm:g9TOQJ23w+0/pWHSMwjhfiG

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

svchosts.exe

pid process

2528 svchosts.exe
2528 svchosts.exe
2528 svchosts.exe
2528 svchosts.exe
2528 svchosts.exe
2528 svchosts.exe
2528 svchosts.exe

pid	process
2528	svchosts.exe
2528	svchosts.exe
2528	svchosts.exe
2528	svchosts.exe
2528	svchosts.exe
2528	svchosts.exe
2528	svchosts.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI28722\python311.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

svchosts.exe

description	pid	process	target process
PID 2872 wrote to memory of 2528	2872	svchosts.exe	svchosts.exe
PID 2872 wrote to memory of 2528	2872	svchosts.exe	svchosts.exe
PID 2872 wrote to memory of 2528	2872	svchosts.exe	svchosts.exe

C:\Users\Admin\AppData\Local\Temp\svchosts.exe
"C:\Users\Admin\AppData\Local\Temp\svchosts.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872

C:\Users\Admin\AppData\Local\Temp\svchosts.exe
"C:\Users\Admin\AppData\Local\Temp\svchosts.exe"
2⤵
- Loads dropped DLL
PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28722\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
6b280015cf873517051ccbda728dea4b

SHA1
c83f9bc0e27eb1969559d6aeaa268c99a5a4dde1

SHA256
f2a0d0fc3d24e72f3cc46111d7166ab8a4511674b73617d2019f235c61b30654

SHA512
fcb108b3a95d13059434415c3d054669b4741c85f4a21dc60f69af870a306aa6c2726b03e746f9ad5ff916cfc23a1bc1ed541e635b4720e430b334e921e568e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
37fcc989b5ae55d0d18ee69edf57f6c6

SHA1
c4b2cdc1aee7137fbe4993b03859e9fb45fc3e14

SHA256
4047ec069444b0b466c4b375bd55aa1e1b6c177bda61eca391969b3d0d07f534

SHA512
bcbf7c4bd709ab1b7fbac483bf2b002abaac93e7e74ec465c31ab9ece6cd7874ffeced5a998302514e3f0cf15e571c09d7197d146f6fe490dbf429ea2a964d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d48de46dc141d9cad89cd97a9ac326da

SHA1
6ae6491924a7ea716f907490cf1851da014ee3c5

SHA256
aaacc72a5e85ceb15181b4604683543f81b37dd1d5215d647ff3fb464935f890

SHA512
6bcd7f62c293f8a3aea9937c4520851babd8ed796b138860e3e3aac7bb95715b5987485f8ee8255209bbb704e73e833d4cddf1c8e57bd2a39448dc292bb4f6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
d23eb2dbfb3094b4bd37cb304f6c2a8d

SHA1
9f2ed84b2a8d46bd8ca0704917e95a44c3426ef3

SHA256
af4d0083bac90404962e846a91385fc10b62dc739d1a763ec11950636a62a1f3

SHA512
d1cfbcdb9f97958593c561c3e7bdf6da7fe1ab586592c74bff7dd5cf1296fb2f5f7139ebeebe55bf4ae62c4043819955fc6764a6e724e00e9bbdb77d52d8f7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
a9b11e4a24f3dfd567f79e1fca5375d2

SHA1
90a76ed33255c1db551fe95debbefdf07d3617a3

SHA256
df91a750aad544f3c1048d2b397890aa91282e115652ac833639196f8e945a3d

SHA512
2fc0163d74fb121d4d426b99ba70c65a1f847c9b867fad0f86e9caa7b295e101958b2bf05a8b2498fbe0027cad71ea8c09ece3e5d2c4d707936e42c21f840236

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\ucrtbase.dll

Filesize
987KB

MD5
907116582b20dab2c7952d283b2859e0

SHA1
92ed93d90e3dbed0bede26684618cdf40824f3f7

SHA256
aaada1f31f5862c7f7ebd68b15a4b854465d9e0c525228632ab6c85c2f321acb

SHA512
eb468b1537c299ddb486d6b8ebf4edf5821458bd012400b995c4c2d351aee67e5e292f5828baef07cc52a8c57940cb0d7cda7a99ef83e21978818fd28a7e4bc4

Download Submit
memory/2528-162-0x000007FEF5C30000-0x000007FEF6218000-memory.dmp

Filesize
5.9MB

Download