e9f0d2ad504565fcbfd22114653bce8ed5fbd00dffb88b5b6b4e5de12a3c0a19

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-10-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fakevirus.exe
Size

7.8MB
MD5

69516e41e2a62c331110d28b5bf63b98
SHA1

edb3e46b0a7cd0bda6fa3fccf58ee913ec3744b0
SHA256

e9f0d2ad504565fcbfd22114653bce8ed5fbd00dffb88b5b6b4e5de12a3c0a19
SHA512

2554b5009075dcf8db25a6eb7187c2b877ee2dc5ee8655b9d9d39c2e812d58281450b3d9a94368a20426c0c6c166c3f68a1786156d5c12b5a7bd10f8163d06a8
SSDEEP

196608:fK4CX6BmlXMCHGLLc54i1wN+yjXx5nDasqWQ2dTNUGWjMZlK+icwHCYlZM:9CX6MXMCHWUjKjx5WsqWxT8yjwiYlG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2684	fakevirus.exe
2684	fakevirus.exe
2684	fakevirus.exe
2684	fakevirus.exe
2684	fakevirus.exe
2684	fakevirus.exe
2684	fakevirus.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2684	2084	fakevirus.exe	32
PID 2084 wrote to memory of 2684	2084	fakevirus.exe	32
PID 2084 wrote to memory of 2684	2084	fakevirus.exe	32

C:\Users\Admin\AppData\Local\Temp\fakevirus.exe
"C:\Users\Admin\AppData\Local\Temp\fakevirus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\fakevirus.exe
  "C:\Users\Admin\AppData\Local\Temp\fakevirus.exe"
  2⤵
  - Loads dropped DLL
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
6a55a7e284b51b086b63cc6f2061ce8b

SHA1
46a48a1ccf5262038b71ed4be09cf625009d078d

SHA256
d9973270a952b4ce615104520051e847b26e4b1cc330a5a95ba1ae128f0dfdeb

SHA512
6a6ba643bf15581cd579e383bac351ccae714d50453cff52cac7dcf5bd472a170e7d33b0509c7bd50c5e76e8a0304fa88dcad63a9e2cd0694a5c56f4a21ae363

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
6e38a6bed88e1c27155e4dc428188ef0

SHA1
8b47a1960ed157f7beeb80fa4a16a723279c4efa

SHA256
144d3a28e43e47fc1cce956255cc80467d4a6fbbb8f612ec6d85f62de030a924

SHA512
3b801875bc5a483eea6d6cc43015e759ee1f66c12585f698cb92368455f25b5309617c8beae39945cadb57009a9c9a9ce21c18dec28e86097c67d8fc5f9febab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
2ac1289e4dbab076b332869bef26d3ce

SHA1
60570ddd06b671e26c6a814b9c08cdfa0ef38aba

SHA256
6475f20f46814d28845c2fa73e9c283a8504483fa16d911325588c778cf76c26

SHA512
e226fb4739d66e2c4624a9e01ec00dbe3b37dc96995eec35660208d76a9e6758a2a29be1b7986d14074df23ea0fc39d2ce121b7bd32c553371c1b15ff3e2ef7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
1af2a91dc0a4e48bab0ca123073adf30

SHA1
cf6625fd31b17d46dd31b16372840c74026d0ba2

SHA256
ae574c9b8a2467c3ee0ac3e862255e93a02627bce146ad7b720b99905dc224fc

SHA512
45103c51fc655f608e687c8e9db24c956d12c63b0497ced3817aee3d9f5fadf0741064ccb49ae71fbf377228af315c961fa414221731ea4892425ed4939bbf51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
f53ed8a0c18157b9e37500621dfab9ee

SHA1
b8a3131150cfd46052353309843c802d9f43df03

SHA256
5909e928d791f67a13e3130033cb0e2178f5167a644c3ab5336322d38356db47

SHA512
2cc98322e67ff49aacaba0b23fb559a5c4c58182e4f3965673a766d3198a26fcd7c7c340779d9fb0fc3f2649c16427ff312d87caa1feadf23dabc6675169416a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20842\ucrtbase.dll

Filesize
973KB

MD5
ed82e9c6c4f7a475d7fd6ebabf3fab2a

SHA1
1062942b1bdfc8d7c8a941c152df69216010d780

SHA256
4c5b8e529854cedfa8f46cd6906952400cdbbf25efc4cf37dda2c42d8e96ddcb

SHA512
bf7bdf4762455a1224cdf1e7cdeb73a3c24c3e04d0b01df9f46b87d174cf4a88621372aa87b7e622b210f63a453c911d88e214ba67560f8ff7d7d0d24da58ad2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads