be59be2254ce5e20df112570427dd5bb4242ff5c2ade693597f8cf7b141170f2

Resubmissions

22-09-2024 14:16

240922-rljrjatdkn 10

22-09-2024 13:29

240922-qrj4tasaqn 10

22-09-2024 12:31

240922-pqhzpazdpc 10

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dotnet-all-fixer-400.exe
Size

11.3MB
MD5

4cc796f1e8c131990ac4ebb4bcd554c3
SHA1

c1f7a3ba84442c014085ca1586fe11e238f2b443
SHA256

be59be2254ce5e20df112570427dd5bb4242ff5c2ade693597f8cf7b141170f2
SHA512

1190a81edee03de46ccf739f43d574fa7723bc88264fbff526f558773b6253f9fe3047801db0b44aa68b73e4003109c5c527ad62bebc087486e06bcbe672ce41
SSDEEP

196608:38pY1aZCSJb3tQk5tMurErvI9pWj+NyPvzmespE01FcGdiucCH:v1aZV7v5tMurEUWjuy3za71DdiucCH

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1164	dotnet-all-fixer-400.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019c43-45.dat	upx
behavioral1/memory/1164-47-0x000007FEF5240000-0x000007FEF5832000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1164	dotnet-all-fixer-400.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1164	1508	dotnet-all-fixer-400.exe	31
PID 1508 wrote to memory of 1164	1508	dotnet-all-fixer-400.exe	31
PID 1508 wrote to memory of 1164	1508	dotnet-all-fixer-400.exe	31

C:\Users\Admin\AppData\Local\Temp\dotnet-all-fixer-400.exe
"C:\Users\Admin\AppData\Local\Temp\dotnet-all-fixer-400.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\dotnet-all-fixer-400.exe
  "C:\Users\Admin\AppData\Local\Temp\dotnet-all-fixer-400.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15082\python311.dll

Filesize
1.6MB

MD5
0d96f5dfd2dd0f495cad36148493c761

SHA1
928107e88bbee02563594374cd6c6ad19091fe14

SHA256
a238f7fb0043c4b64f76095c1ef950544bb1d0debd0902ea0fa3e8d99e5d4a47

SHA512
693c28c64e974ca1fb754357788a65b3a0271e63395963bb92691a5838e1b665af7aada6be5c5ada8339100eedd64c40ca0556601bec26a0f9e483ea98ab2d03

Download Submit
memory/1164-47-0x000007FEF5240000-0x000007FEF5832000-memory.dmp

Filesize
5.9MB

Download
memory/1164-48-0x000007FEF5240000-0x000007FEF5832000-memory.dmp

Filesize
5.9MB

Download