Analysis

  • max time kernel
    361s
  • max time network
    369s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 04:29

General

  • Target

    DONT OPEN RAT/DONT OPEN VIRUS.exe

  • Size

    74.8MB

  • MD5

    4da052f9770422d1f3b3d2028671586a

  • SHA1

    3c8114f723a2664157eae5ece6500ceb101f6aae

  • SHA256

    a876d153b9aef77a78ae053343753959041317ae92d4a92a8df93e941a1101d7

  • SHA512

    01e7c0d1a6a5435fb7c81abf0fc12c56fd4edde5a4c5936d2e265fd9249d10d5b4f6b7e77fa246ba5d652c159e37f8de9babc3bcfc205d49f67065232d0a247b

  • SSDEEP

    1572864:/0nQ6l77v4Sk8IpG7V+VPhqvzE7WfglPIiY4MHHLeqPNLtD7WpyfZxzr:/0n1FcSkB05awvJfg5LMHVLtvsyfv

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe
    "C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe
      "C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"
      2⤵
      • Loads dropped DLL
      PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22842\python310.dll

    Filesize

    1.4MB

    MD5

    b93eda8cc111a5bde906505224b717c3

    SHA1

    5f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e

    SHA256

    efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983

    SHA512

    b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba

  • memory/1412-1262-0x000007FEF5EA0000-0x000007FEF6305000-memory.dmp

    Filesize

    4.4MB