Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29-07-2024 08:34
Behavioral task
behavioral1
Sample
Cracked spoofer by danny temp.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Cracked spoofer by danny temp.exe
Resource
win10v2004-20240709-en
General
-
Target
Cracked spoofer by danny temp.exe
-
Size
80.9MB
-
MD5
d59ea679f2426ed83f766aff300a2248
-
SHA1
71d09a8184b04a5c900013a9666e8963ef4c151f
-
SHA256
5f4d6f76d818add8fd04b0883a813618e1ff2d2be6a1643916b672c61e5d41cb
-
SHA512
89264e72e2eac230b789a53ce7eaa243d2db76f29c818afab5014b9cd7dff47b6e858c07390afc3cdcb67370a6165909722048540d62a68e4137db5b53f17ee3
-
SSDEEP
1572864:uvxZQglXEo7vaSk8IpG7V+VPhqO+ydE7UlgSiYgj+h58sMwIIKW49xqScJX0:uvxZxRleSkB05awO+ypec5k1p9xA0
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Cracked spoofer by danny temp.exepid process 1176 Cracked spoofer by danny temp.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI20922\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Cracked spoofer by danny temp.exedescription pid process target process PID 2092 wrote to memory of 1176 2092 Cracked spoofer by danny temp.exe Cracked spoofer by danny temp.exe PID 2092 wrote to memory of 1176 2092 Cracked spoofer by danny temp.exe Cracked spoofer by danny temp.exe PID 2092 wrote to memory of 1176 2092 Cracked spoofer by danny temp.exe Cracked spoofer by danny temp.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cracked spoofer by danny temp.exe"C:\Users\Admin\AppData\Local\Temp\Cracked spoofer by danny temp.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Users\Admin\AppData\Local\Temp\Cracked spoofer by danny temp.exe"C:\Users\Admin\AppData\Local\Temp\Cracked spoofer by danny temp.exe"2⤵
- Loads dropped DLL
PID:1176
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD50b66c50e563d74188a1e96d6617261e8
SHA1cfd778b3794b4938e584078cbfac0747a8916d9e
SHA25602c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2
SHA51237d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f