Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 18:40

General

  • Target

    BootstrapperV1.11.exe

  • Size

    75.5MB

  • MD5

    323317d95b40b3d5b1534611110ad12f

  • SHA1

    fcf2c9ee02913e67a86f08fad9c8d3d562eec0f8

  • SHA256

    f6c58c770610bb8396098c46b910df29536f795f2fe053f54e02bd213825b150

  • SHA512

    ab7b9feafcbee32d9959cd91b5b38ed7d187ab81eb9a156a6f7e2d9ff1e187317a89372ae72f07af0f161644fd3ee146c6f5b170a4153efebc75726bbcfd1595

  • SSDEEP

    1572864:QvhQ6lV7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSW2rnZmh2S:Qvh1HPSkB05awIxTy5nMHVLteS5e2S

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe
    "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe
      "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.11.exe"
      2⤵
      • Loads dropped DLL
      PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30562\python310.dll

    Filesize

    1.4MB

    MD5

    933b49da4d229294aad0c6a805ad2d71

    SHA1

    9828e3ce504151c2f933173ef810202d405510a4

    SHA256

    ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

    SHA512

    6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

  • memory/2576-1262-0x000007FEF6180000-0x000007FEF65EE000-memory.dmp

    Filesize

    4.4MB