Overview

overview

10

Static

static

10

Repair.exe

windows7-x64

7

Repair.exe

windows10-2004-x64

9

Resubmissions

27-09-2024 02:16

240927-cqkgaszfjk 10

26-09-2024 04:21

240926-ey7b5sxcqq 10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Repair.exe

  • Size

    75.7MB

  • MD5

    02a244790c675d87239a32f87e104a1c

  • SHA1

    b19f980e442c44cc93a6ef80ab6f0d249b71a9b3

  • SHA256

    8d18d543ab6b64a1366ff9cd8d6f74a699ee0852af2d09eed457d65db0f4ee46

  • SHA512

    3da314fe9d8b5dc2ea7709184e2915d7564ed02bc1385aaaf90b5f8cf826727b74014bd3af43b059d6aaa39e3c352cc0a8c326f290adcd117e11ee56a2cccaa1

  • SSDEEP

    1572864:dvhQ6lUWeKWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaCC1UZp4LE:dvh1mlKWSkB05awIATy5nMHVLtelU4LE

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Repair.exe
    "C:\Users\Admin\AppData\Local\Temp\Repair.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\Repair.exe
      "C:\Users\Admin\AppData\Local\Temp\Repair.exe"
      2⤵
      • Loads dropped DLL
      PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30282\python310.dll
    Filesize

    1.4MB

    MD5

    933b49da4d229294aad0c6a805ad2d71

    SHA1

    9828e3ce504151c2f933173ef810202d405510a4

    SHA256

    ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

    SHA512

    6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

    Download Submit

  • memory/1716-1263-0x000007FEF5DE0000-0x000007FEF624E000-memory.dmp

    Filesize

    4.4MB

    Download