d88413ba487697b6b7961c13773a89fb1ebf1c1845c5bd40a28105030bf04bba

Analysis

max time kernel
26s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

genarox_v4.3.exe
Size

6.0MB
MD5

8edf5fc1a60cbe2dd9ecbed6e23b8852
SHA1

ac5f87d92424adeaa93e7d260cf74ea1ac78396c
SHA256

d88413ba487697b6b7961c13773a89fb1ebf1c1845c5bd40a28105030bf04bba
SHA512

f7fbbf7cdab4876650fe8e197b6685765f2ab13ff1a7bf51c7c58b30f32d1cbad9ff57192cb4bb0c527bfa6a4075a6aff5482b34779b386400cba90c0b0d1e2c
SSDEEP

98304:DBEtdFBGQamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzcEgsRuGK4RDOuAKJRYNyf:DAFExeN/FJMIDJfIEgsAGK4RCuAKJeUf

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2884	genarox_v4.3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0004000000019438-21.dat	upx
behavioral1/memory/2884-23-0x000007FEF60F0000-0x000007FEF655E000-memory.dmp	upx

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2812	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2812	vlc.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe
2812	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2812	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2884	1656	genarox_v4.3.exe	29
PID 1656 wrote to memory of 2884	1656	genarox_v4.3.exe	29
PID 1656 wrote to memory of 2884	1656	genarox_v4.3.exe	29

C:\Users\Admin\AppData\Local\Temp\genarox_v4.3.exe
"C:\Users\Admin\AppData\Local\Temp\genarox_v4.3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\genarox_v4.3.exe
  "C:\Users\Admin\AppData\Local\Temp\genarox_v4.3.exe"
  2⤵
  - Loads dropped DLL
  PID:2884

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SuspendSkip.m3u"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16562\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2812-61-0x000000013F700000-0x000000013F7F8000-memory.dmp

Filesize
992KB

Download
memory/2812-62-0x000007FEF7860000-0x000007FEF7894000-memory.dmp

Filesize
208KB

Download
memory/2812-63-0x000007FEF6650000-0x000007FEF6906000-memory.dmp

Filesize
2.7MB

Download
memory/2812-65-0x000007FEF43D0000-0x000007FEF44DE000-memory.dmp

Filesize
1.1MB

Download
memory/2812-64-0x000007FEF52A0000-0x000007FEF6350000-memory.dmp

Filesize
16.7MB

Download
memory/2884-23-0x000007FEF60F0000-0x000007FEF655E000-memory.dmp

Filesize
4.4MB

Download