d925e1232c8802127e2aef55fefa7191eb76322fa6d70417df54f2d33b38b62e

Analysis

max time kernel
357s
max time network
358s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-10-2024 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QuickBooster_V2.exe
Size

8.4MB
MD5

edcbc9ba8b91b5aab724ad1560fb3281
SHA1

ff0be70a3561a49ac76522b5d927deff59685736
SHA256

d925e1232c8802127e2aef55fefa7191eb76322fa6d70417df54f2d33b38b62e
SHA512

e26ee3e2b61d40fb50e7c9e8a1613d63b2693d3e845b592fe896354f3c76e483ad92ec2f6478ac8af951f68472de45251f1e4cfa45c13482f3fb2d3b11843a05
SSDEEP

196608:s+FnYGwfI9jUCzi4H1qSiXLGVi7DMgpZsQToQ0VMwICEc/j:cIHziK1piXLGVE4Umil0VJ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe
2708	QuickBooster_V2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a48e-73.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2708	2520	QuickBooster_V2.exe	30
PID 2520 wrote to memory of 2708	2520	QuickBooster_V2.exe	30
PID 2520 wrote to memory of 2708	2520	QuickBooster_V2.exe	30

C:\Users\Admin\AppData\Local\Temp\QuickBooster_V2.exe
"C:\Users\Admin\AppData\Local\Temp\QuickBooster_V2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\QuickBooster_V2.exe
  "C:\Users\Admin\AppData\Local\Temp\QuickBooster_V2.exe"
  2⤵
  - Loads dropped DLL
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25202\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
31c9529bf6bae166aad994e578b9e5e9

SHA1
1f54294e1900d1cc23e8eed500e21462b70e38ec

SHA256
48d11dafcff92ba625974cdd5e6a3cbc97bc8cbccdf0545c047b13d401999f50

SHA512
8b8774843ac3ab4f4746b3334c2bee8432a3fe019aaad02ea48de5a55280cf1667be25b62093c28db884a972c5f4387755763d99d3eb8786185811f95d3c5576

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
0eb1d7bca52c0bb96843b3b44cd674e5

SHA1
a9edcbb88807222d5d95249824151deaec0c9feb

SHA256
13b03fb0b7e62a9ea517d355ea575c6f6ffe3b773838e286dfdfbfc465bdae72

SHA512
48e1933aa620259a487539c8ae3bfc4281b7103584f2d2bc12595a889257730579c2ac44ef85fb1e953dc3f443c4cd4f77f129eb1a163e82d7c50fbd09630847

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
7236aa65951c68a11f3a0a707d82da38

SHA1
7f684a5e6e4f3fd324e0629f28949e09acf720c9

SHA256
8a2ce6b7643635e1f9994ff4d4d42e764fe43537214ced30d5dadd63f711c682

SHA512
074c95493c8d8b96fd65c46bb2fa0864d90d86618c5cff5bca613819ee4c59509872b47110d6d7bb7884a7c20e2fe0331ae32cc95b0d94f1a691520327db82e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
ef5788785ff875143d550b792dae5624

SHA1
c5e5edf3eaa0459ca6fea0669c1aee04e2f71d5f

SHA256
595b0425d24dfedd4228c05874d8d70f039ca1d19f8ab9e93c060d26d67c2800

SHA512
4529129dd4711e54d6f33468772d2b31d0a427771d3a95cad3403f7bd0fd941aee09d43a3f05b359438734cb12848c123c0b737dfc93d61440366e9fb92763db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
5d296a6d0919f398f7f4f85becbf6fe8

SHA1
759d3d03efdcee7085f9b97301b338871118e376

SHA256
11f9f2b0d8a6f5d20a7743a4c5307620d212053cd2dccab50d8b4e0c983cbdc0

SHA512
aa29a86afe926b4909ba07e9fcda819b68b066385b4d4a3f5b372a3ed020c08ab59457b3d133c1070ae52d030dc936e1fbc50699637dedb61383896c4564e389

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\python313.dll

Filesize
1.8MB

MD5
6ef5d2f77064df6f2f47af7ee4d44f0f

SHA1
0003946454b107874aa31839d41edcda1c77b0af

SHA256
ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367

SHA512
1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\ucrtbase.dll

Filesize
1.1MB

MD5
a1367791b7435b8762191ca60c98e1e2

SHA1
d856d964102ddb18d4ebeb51e204a208993e9191

SHA256
9054b8afbe9e8c40c335bf4e96a9b800e7640f2d48beed9ee509064783b090c8

SHA512
5984365380b41bed9fa4583983c4eab0479772d1da168590781049c4fcfa378163844f170f5087764e44ec1038ce8b0967c188ca542df9c3748922e9422cb9cd

Download Submit
memory/2708-75-0x000007FEF5710000-0x000007FEF5D73000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads