Resubmissions

29/09/2024, 16:33 UTC

240929-t2hkhsvepe 10

29/09/2024, 16:32 UTC

240929-t18ejsvenf 10

Analysis

  • max time kernel
    83s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 16:33 UTC

General

  • Target

    source_prepared.exe

  • Size

    77.8MB

  • MD5

    60ff27fb8cd08e937ba9b6d1b18840b4

  • SHA1

    1da9a0075d366b81446265f63e27bc85553db2a3

  • SHA256

    fd8a52dd8dee2d367e831a1ff474baaacd13b2296580b882d14b86162406416a

  • SHA512

    62f14b688df29729f76a3f34b89e3c1d383ea9f045886791ea8354123448504cb65cb023ebb9f45cf20b806f5848bdcc2c8d2a7661388aa8de1ec2130022c622

  • SSDEEP

    1572864:pvHcRl3WQKmSk8IpG7V+VPhqYdfzE7tlHegiYweyJulZUdg1hjrrRdECV37U:pvHcR5YmSkB05awcf2dMpuxh/rDNo

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\api-ms-win-core-file-l1-2-0.dll

    Filesize

    22KB

    MD5

    197c3a52b661aa8644efa7018a57f7a4

    SHA1

    693ffb2c3cd05f4a0b5a226c8ecb9b24bb933487

    SHA256

    63c4446f645110551e7191bb18e8d001b5e1f48163690c0515fdb693800aa076

    SHA512

    a339bff342cdb0e536c2440e33f0ded5e5c01527a8c043499423dbd60a6846727138d59b3edeb73718dabdfb16e606f96e31a409f7ebaed81f635255d8214740

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\api-ms-win-core-file-l2-1-0.dll

    Filesize

    21KB

    MD5

    c17b2ffbfef8e174a4f7c29b102a0986

    SHA1

    a34e6bcc55f613e6f62ec93234ef2c554e3d2eec

    SHA256

    70b029b53557fa77b90b57111c21b33617cccf4597ea60a4e93b84df3ea29c86

    SHA512

    60f55efef717f3be5179f41f019c6d5e1a58f2bb51197cb62b7f6b387a56567463b69efcc33db16ea66ecbd2a3eb2ff9546a47fbce2516efbcdd681c0b3624da

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    22KB

    MD5

    a5969ee6eef2ae28b62b0cd674e9cdc5

    SHA1

    53266be1479489c6db7bfec4f3f3375c5caad00d

    SHA256

    69eb940ab82ed73fbe31a1824a159571adb42ed6d3b13fb9e481c367b440003a

    SHA512

    6d451676118ac7926c96131c4dc0e63822ce0f38314fbfb130ba5c21782d27d969a1f340c638c94f0115f5bfb83eff18f06c2601d02225fba6dd4efdb2ec2c14

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    21KB

    MD5

    a51217a2e44f0cc387b56040d7a0bbfc

    SHA1

    40d04e5125ec38b8b334fe2cd006f7fdf26d58eb

    SHA256

    8b3003b00505dbc0cde18aaf043d9dbbd35f46758a23e3450b8eac4f6b360c59

    SHA512

    207ed55b4d1cec2b181851342c7284ddc88cc0e9e04fad2c0ef758d604436ed112bd24165a6911abfb9592164e6bb2102d867c5ca62143670284f5fe62c7a11c

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    22KB

    MD5

    2607609b7d03453e567d788fbd94270b

    SHA1

    7a2cf04658f4251982f06f34012b069732d5ea3a

    SHA256

    c6611e633208807cf05e5b5f2391d870b3ca4f5012e28a31bac4373b45110219

    SHA512

    022de2afadc9cec41c2982e43f6e52ccccf66d9715c2ef35240d6948793e18eef130ecea24424ff3961f371dd0f452eb9c5748f75c51bd4bd084535b5c6d8a21

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\python312.dll

    Filesize

    1.7MB

    MD5

    36e9be7e881d1dc29295bf7599490241

    SHA1

    5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

    SHA256

    ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

    SHA512

    090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

    Filesize

    1023B

    MD5

    141643e11c48898150daa83802dbc65f

    SHA1

    0445ed0f69910eeaee036f09a39a13c6e1f37e12

    SHA256

    86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

    SHA512

    ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

    Filesize

    92B

    MD5

    43136dde7dd276932f6197bb6d676ef4

    SHA1

    6b13c105452c519ea0b65ac1a975bd5e19c50122

    SHA256

    189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

    SHA512

    e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

  • C:\Users\Admin\AppData\Local\Temp\_MEI22482\ucrtbase.dll

    Filesize

    1.1MB

    MD5

    db441e5850199df76c8243b9e86a9ddb

    SHA1

    585222bdd82dc6ebf6adbbb1b43a35352a132c3f

    SHA256

    849f6167339bb3617e1af63268f92bf1343316965e370ea2952b1fd4dae460bf

    SHA512

    ec20d8570200ef0dc9d9cc1982323b4b57419a02da32841cad4cb408979049ea48b1bc63a9df4f312df0189330accc518184331a56b7a611a372560216abb47f

  • memory/1772-1421-0x000007FEF6770000-0x000007FEF6E35000-memory.dmp

    Filesize

    6.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.