23d6a39ee6e23f92fbef214ac56b039d47b82e51ed3661457b175184f3b89a6a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

badmovetothegirls.exe
Size

6.7MB
MD5

febfaeffca2ca317b7556d51bcf9c8f1
SHA1

dc515193aaf7cc5b7bb8cd11de97c0d2a7d8fe5b
SHA256

23d6a39ee6e23f92fbef214ac56b039d47b82e51ed3661457b175184f3b89a6a
SHA512

0823968291ab5f804050572a8ed26f827b845eeae1efa0287eb54946e8b5a1487c6a2b8747e3d157bf37843fbb69ad6d836b94681bce9044a1f3b124e16cf76c
SSDEEP

196608:Y9umWpOjmFwDRxtYSHdK34kdai7bN3mAUaLdAx:/EK2pM9B3Qao

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe
2824	badmovetothegirls.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a478-72.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2824	badmovetothegirls.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2824	2500	badmovetothegirls.exe	30
PID 2500 wrote to memory of 2824	2500	badmovetothegirls.exe	30
PID 2500 wrote to memory of 2824	2500	badmovetothegirls.exe	30

C:\Users\Admin\AppData\Local\Temp\badmovetothegirls.exe
"C:\Users\Admin\AppData\Local\Temp\badmovetothegirls.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Users\Admin\AppData\Local\Temp\badmovetothegirls.exe
  "C:\Users\Admin\AppData\Local\Temp\badmovetothegirls.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25002\api-ms-win-core-file-l1-2-0.dll

Filesize
14KB

MD5
4873ed22fc2c0aa658c7c5d3a847768a

SHA1
74ac7da98b9092a056cc001e076c407014648787

SHA256
629cfc1627a06c4e4d95e6a28c026af2a7e553aa36420ca36e8501b6f230a5fc

SHA512
9a1e629d18a02ba00c558b6200a12afa5678403ba5414d5f40c2706d6a5d6a0bba676cf08f72a1c65aa64db6159cfc347b45147351366aff4bb5c39f3e4162d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\api-ms-win-core-file-l2-1-0.dll

Filesize
14KB

MD5
58ed37cb1c13b4e402a2686b97e112ba

SHA1
f2b0a01efc0f81e79fced1cb8e773243de175ccb

SHA256
499be017061a7fe7fa76c51badfb3a5814f06bc3e6345209ab16e82edc9850b5

SHA512
41302c8e07641beb2bbfb03bf33364fa962ee662074000253505292925c772e2b8b044b7184c7598b971a48b3bad0fc32250ae533d8b01d3b58a943ea4214788

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\api-ms-win-core-localization-l1-2-0.dll

Filesize
17KB

MD5
5013275416a4ed25e6e23d073fc15d95

SHA1
b7e5cb432ca4a5c607fad9ae2ec34ba8c5a3ac81

SHA256
df1a2293b93f75e9ea395c49b67ef4539eec9f51ed3446215774f180e28c19df

SHA512
9027bb987e4c82778ca92f3fefe0ea0fe5b01ade89be2d1742278f15b6bea7bc9ef5e5dd4de22b9adf0b38913f4c569c4da59a59db5386dc38a133090be71e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
15KB

MD5
921fa964cb58c613f4a8d269b30920a8

SHA1
a30d9314e0563749c73b0e5975abc27af6288d11

SHA256
b9c357ec6a7a620a297acf62c2b22ade00c7351b4e33df297503737f95615116

SHA512
c9c5affb0fd31e754db59f08f76afb1640f2ddedb4541af2787332e0f448908594badcbed8101cabbe9b08487e65e6bd9c79d15d712f662050850d02a25f747d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\api-ms-win-core-timezone-l1-1-0.dll

Filesize
14KB

MD5
bd70c50e50a272c278195aedc69fe58a

SHA1
f17d00b86652fa880b6349a09315f8f19a9f8b57

SHA256
1878190d79fd952250105c638fb31a9e074533463fdd3132899c6162868f73d9

SHA512
b1f3ddfb0f978a7866082024f57471233f44ae16f1ffaf3f42756be8c1672280081125991281bd65c2f35ac7ec1f10fe8bc3f9e0ae88f3b08f7273e5c8b74e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25002\ucrtbase.dll

Filesize
964KB

MD5
1ddabc3e73b839d90c6505c4db7cb654

SHA1
b90eb95255002e28d2a4720068d51715c0a0e454

SHA256
b4376a63eb2d7ea6f0fa07035d06f2a15d9e1c715d8ce899e78dae673e9c953e

SHA512
28705b21375bdd15db11c4dc4b6ea432700feb144063a77bfeb6eebecfdb9c7c648c06744db70ad260e8e8eeb6e6eb155ca4ae688a3bdf2084a03eb2780df173

Download Submit
memory/2824-74-0x000007FEF6080000-0x000007FEF64E6000-memory.dmp

Filesize
4.4MB

Download
memory/2824-75-0x000007FEF6080000-0x000007FEF64E6000-memory.dmp

Filesize
4.4MB

Download