Resubmissions

09/08/2024, 18:57

240809-xma4nsvaln 9

09/08/2024, 18:54

240809-xkjm2ayale 9

General

  • Target

    AnalyseAlpha.rar

  • Size

    3.5MB

  • MD5

    9f98d65e2e7aef3dd54e8ab27e2b517e

  • SHA1

    1932391cdcc160bec0b336db2c7e28a3b0982114

  • SHA256

    f93df65101cee19a783b9b2131ff0824a4b2b71a267a08cc0b35fdf345867258

  • SHA512

    291ad2602ac746197758d7ce673b414184505e8f880e341d928d9c35c9b2f554575e0053773d9af87999d053dc13f39ef33de6011a028ef0657bfc255fc5cf30

  • SSDEEP

    49152:u932PCF2S7dHsVJxLubrpEgsT2qYQpzyWwlVMIIuK0Tbo6P1H/cg/D3OXOMZbwho:QKUF75SR6QpqzbowEg/D+Rw7SZXUni

Score
9/10
upx

Malware Config

Signatures

  • Detected Nirsoft tools 7 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • AnalyseAlpha.rar
    .rar
  • Everything/Everything.db
  • Everything/Everything.exe
    .exe windows:4 windows x86 arch:x86

    7573208674510652893809b0317e4eb4


    Code Sign

    Headers

    Imports

    Sections

  • Everything/Everything.ini
  • Everything/Everything.lng
  • Excuted Program Lists/ExecutedProgramsList.cfg
  • Excuted Program Lists/ExecutedProgramsList.exe
    .exe windows:4 windows x86 arch:x86

    f9f666a7dc93e67d08bf8ce4f69a541d


    Code Sign

    Headers

    Imports

    Sections

  • Last Activity View/LastActivityView.cfg
  • Last Activity View/LastActivityView.exe
    .exe windows:4 windows x86 arch:x86

    3fbcb180ebbfb0ad62cf50d337af18c5


    Code Sign

    Headers

    Imports

    Sections

  • PreviousFilesRecovery/PreviousFilesRecovery.exe
    .exe windows:4 windows x64 arch:x64

    bfaa2c45f3b51a2466bfc8a0101e02ae


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/ProcessHacker.exe
    .exe windows:5 windows x64 arch:x64

    3695333c60dedecdcaff1590409aa462


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Process Hacker/ProcessHacker.sig
  • Process Hacker/kprocesshacker.sys
    .sys windows:6 windows x64 arch:x64

    3905de10e3379fd2be8de512a33433a3


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/peview.exe
    .exe windows:5 windows x64 arch:x64

    c79e8e2893e86218fc71412598f61209


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/DotNetTools.dll
    .dll windows:5 windows x64 arch:x64

    c3f8d8cddba6c99a5f0f2ab21f6f89f6


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/ExtendedNotifications.dll
    .dll windows:5 windows x64 arch:x64

    acd7837a0f8690fa4b5ada849f2560b0


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/ExtendedServices.dll
    .dll windows:5 windows x64 arch:x64

    8077acd95550e90db0afd6fb1689e912


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/ExtendedTools.dll
    .dll windows:5 windows x64 arch:x64

    9d757d0f8f00e9133c716e8e21d6b1b0


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/HardwareDevices.dll
    .dll windows:5 windows x64 arch:x64

    119abb51b3de6c8e65225ee81e503143


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/NetworkTools.dll
    .dll windows:5 windows x64 arch:x64

    708b686e80e093711f38091d787a01bd


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/OnlineChecks.dll
    .dll windows:5 windows x64 arch:x64

    04815c367f41620755869bb42bd07b00


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/SbieSupport.dll
    .dll windows:5 windows x64 arch:x64

    72ee8e9111090fd44c3cca631502d2bb


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/ToolStatus.dll
    .dll windows:5 windows x64 arch:x64

    eb997c25e2337a8dceb7fa463ce2b04d


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/Updater.dll
    .dll windows:5 windows x64 arch:x64

    a4de2eec6f8b6d96d60cfa61bcaa6840


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/UserNotes.dll
    .dll windows:5 windows x64 arch:x64

    dc18317fe7617feca1007aefae7060a6


    Code Sign

    Headers

    Imports

    Sections

  • Process Hacker/plugins/WindowExplorer.dll
    .dll windows:5 windows x64 arch:x64

    807c2a5324cd8c3d21e70814ac733d28


    Code Sign

    Headers

    Imports

    Sections

  • RegScanner/RegScanner.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • RegScanner/regscanner.cfg
  • Shell Bags View/ShellBagsView.cfg
  • Shell Bags View/ShellBagsView.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • USB Deview/USBDeview.cfg
  • USB Deview/USBDeview.exe
    .exe windows:4 windows x86 arch:x86

    db99b31ed7e32faf640113a15d43e404


    Code Sign

    Headers

    Imports

    Sections

  • USB Drive Log/USBDriveLog.exe
    .exe windows:4 windows x86 arch:x86

    7cbef712088c10acae7ad5ad09b8b25e


    Code Sign

    Headers

    Imports

    Sections

  • WinPrefetchView/WinPrefetchView.chm
    .chm
  • WinPrefetchView/WinPrefetchView.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • WinPrefetchView/readme.txt
  • selbstgeschriebenstool/klauruhig.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections