995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661

Resubmissions

15-10-2024 19:33

241015-x9nnaasgpc 10

14-10-2024 19:34

241014-yacx6ssdrc 10

07-10-2024 15:27

241007-sv1xvazbnl 10

04-10-2024 16:32

241004-t11dyayemh 10

Analysis

max time kernel
1566s
max time network
1573s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-10-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dedsec multitool.exe
Size

17.8MB
MD5

a8db1e9986184e9a1f8503d668605851
SHA1

a8882e5f3620ebcb57b2c44e7043d7ece076e0de
SHA256

995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661
SHA512

3ab3ecbe1b2c827955090d699abcfbf4b219a1105df05077ee708dc62c32f61c1937247a9f1ecee2fbaa428e15e75e9cf9e566cd626da08d77fc1a444f18d664
SSDEEP

393216:iqPnLFXlrGBQ+DOETgsvfGwgcGXvEFh0qOCPhsEq:nPLFXNGBQ/E5fFsqOCQ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2656	dedsec multitool.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0004000000019744-112.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2656	2060	dedsec multitool.exe	30
PID 2060 wrote to memory of 2656	2060	dedsec multitool.exe	30
PID 2060 wrote to memory of 2656	2060	dedsec multitool.exe	30

C:\Users\Admin\AppData\Local\Temp\dedsec multitool.exe
"C:\Users\Admin\AppData\Local\Temp\dedsec multitool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\dedsec multitool.exe
  "C:\Users\Admin\AppData\Local\Temp\dedsec multitool.exe"
  2⤵
  - Loads dropped DLL
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20602\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2656-114-0x000007FEF5740000-0x000007FEF5BAE000-memory.dmp

Filesize
4.4MB

Download