92be4782cfbf57777e7cc5c500782a540dcdd84e495846bcb805642af85be1da

Resubmissions

21-09-2024 21:23

240921-z8tt1svbmh 10

21-09-2024 10:07

240921-l51lhaxajk 10

Analysis

max time kernel
308s
max time network
320s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BoostraperV3.exe
Size

8.5MB
MD5

713bc1e62e0c4621a8ee9da1f1a13284
SHA1

d728832a589bf5d56c60d5448b0e767e215f9055
SHA256

06af71186ea86ed3c9509f0ac0493a7dd3a51d920c777a690b404429e7fc411e
SHA512

a3ac7751ac97861255b351526d29af92e92a512c88987505ca32be43fe001fe1b5afa6c69e2c1ce11877ae753f42723f5aaba40803ccc38f8d0be3ab05e59384
SSDEEP

196608:mJ09VuurErvI9pWjgfPvzm6gspQhE14AZ:IUcurEUWjC3zDQh04AZ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2736	BoostraperV3.exe
2736	BoostraperV3.exe
2736	BoostraperV3.exe
2736	BoostraperV3.exe
2736	BoostraperV3.exe
2736	BoostraperV3.exe
2736	BoostraperV3.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001958a-74.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2736	1580	BoostraperV3.exe	29
PID 1580 wrote to memory of 2736	1580	BoostraperV3.exe	29
PID 1580 wrote to memory of 2736	1580	BoostraperV3.exe	29

C:\Users\Admin\AppData\Local\Temp\BoostraperV3.exe
"C:\Users\Admin\AppData\Local\Temp\BoostraperV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Users\Admin\AppData\Local\Temp\BoostraperV3.exe
  "C:\Users\Admin\AppData\Local\Temp\BoostraperV3.exe"
  2⤵
  - Loads dropped DLL
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15802\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
ac28edb5ad8eaa70ecbc64baf3e70bd4

SHA1
1a594e6cdc25a6e6be7904093f47f582e9c1fe4d

SHA256
fbd5e958f6efb4d78fd61ee9ee4b4d1b6f43c1210301668f654a880c65a1be86

SHA512
a25b812b9fa965af5f7de5552e2c2f4788a076af003ac0d94c3b2bc42dd9ab7e69af2438ce349b46a3387bf2bfcf27cec270d90ca6a44c9690861331c9e431e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
b5832f1e3a18d94cd855c3d8c632b30d

SHA1
6315b40487078bbafb478786c42c3946647e8ef3

SHA256
9f096475d4ba1533f564dd4a1db5dfeb620248fe14518042094b922539dc13e3

SHA512
f3016ded97591e25a6d4c70d89251a331402455ab589604e55c486fec37ee8e96bd1be2d4e4e59ba102dad696b3e1f754b699f9ebe8ae462e8b958ed2d431a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
fd59ee6be2136782225dcd86f8177239

SHA1
494d20e04f69676c150944e24e4fa714a3f781ca

SHA256
1fd044fdbc424779b01b79d477ee79dfbb508a04e86c62e1c8fc4f6d22f6a16a

SHA512
2250d54c3b9e6aeb2f5406e1428536564357a48ceab51596b33ff0843086fb420ad886af61725b25a58e2f50a4c17ddee10696d6041db9b60891eff8e495775c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
8ff0692d32f2fcb0b417220b98f30364

SHA1
5eeb1d781d44e4885284c8b535f051efca64aef8

SHA256
53cea73c248a49389bc2da01acac1d8e8022a7e034bcd522306e43a937200897

SHA512
f73249f70953c537da02b890308cb18a9c6676401975bf13aeb61b1db9dfa042e908c52ee266b404948a568b23b0cfb37ecd4b80379c398c15f56ce7a82cf7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
863ed806b4f16be984b4f1e279a1f99b

SHA1
b9a919216ef90064ac66b12ccde6b3bf1f334ee8

SHA256
171ca9df2b9ecfa545748af724c1c56ab396b299503a14c4da2197b0e5a44401

SHA512
fb8f195d9a1885c16aa2cc6eff38e627ea127b18978016d6046dc0120a19ab40cc4fe4b799c06f133b02f7cd6a634ae1665f05f9be5fcae609229dfaae0ce478

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\ucrtbase.dll

Filesize
1.1MB

MD5
988755316d0f77fc510923c2f7cd6917

SHA1
ccd23c30c38062c87bf730ab6933f928ee981419

SHA256
1854cd0f850da28835416e3b69ed6dae465df95f8d84e77adbbc001f6dbd9d78

SHA512
8c52210a919d9f2856f38bd6a59bbc039506650a7e30f5d100a5aa5008641707122ff79f6f88c268c9abc9f02ba2792eed6aad6a5c65891a9ce7d6d5f12c3b0a

Download Submit
memory/2736-76-0x000007FEF5FE0000-0x000007FEF65D2000-memory.dmp

Filesize
5.9MB

Download