6d9dca94bbe0d03b64b1765d3e68826b1a4759e6fed9b3f506b0022fc6e01062

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-10-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

79.2MB
MD5

1cc2d344db8df17c61ac67131aaf9e16
SHA1

c11e0e701094c93ce28c710404b7dd9f580e222a
SHA256

6d9dca94bbe0d03b64b1765d3e68826b1a4759e6fed9b3f506b0022fc6e01062
SHA512

035fedcf8b52f55f09c001b97b760c30b7b57850d767902b4b6d50f004db741d92c92090cfb04e58632b2e5fd9d313fd16b7f5a2d47de4e81275f9edfa1145a8
SSDEEP

1572864:Z1lVWA0hSk8IpG7V+VPhqexE7LlhpBB8iYweyJulZUdgP7Liep82AIaB1O3:Z1b0SkB05aweeLpnNpur7WepBkO3

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2292	source_prepared.exe
2292	source_prepared.exe
2292	source_prepared.exe
2292	source_prepared.exe
2292	source_prepared.exe
2292	source_prepared.exe
2292	source_prepared.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b76-1322.dat	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2292	source_prepared.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2292	2152	source_prepared.exe	32
PID 2152 wrote to memory of 2292	2152	source_prepared.exe	32
PID 2152 wrote to memory of 2292	2152	source_prepared.exe	32

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2292

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21522\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
ac4df73c97799aa9f5bec3c5fd78937e

SHA1
6a95f8f24b6faf92580be7d2b587eb43714937e8

SHA256
796896827a8eb53cfc40e49ffd56ce4c5e40671c94b8102f97dce67a351e997c

SHA512
4db9636f306bf851678d4ad12c7b33dfeaeecf65393ac9f843dc5cb7382532644475a653d708dbd1cb6bae4db1b5273e84ce76ee0941649cb02ebca9e7afb44a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
5bf0d34b49a16004c9b2297502c736da

SHA1
60d30cad05932086fafd87890b40ea798ff5143e

SHA256
94d0ea1ff3707665bbbe9942d000e497306504575bee4e687fa8a51a29b841e6

SHA512
9feaf1e7b602370edb67a2dfa627b09a96aa905b946ffe2af2d595288ed784d43d8e4bb1d29f23f459535b5892d38088dfd9a73fdf636dc21b6d9143f56e77a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
21077a051ef0f7a06f11b2270920bb9b

SHA1
6d3ae3eabf83c8206ff3eea1c73ac02e1e649de4

SHA256
fb37e0ad35ca4446e9edafdf5c2ac55cae0b40f3a609f6fa63688d2f5bc90df4

SHA512
3bdded7681618d62e430e4ead2101b5e6cc39866eaeb1bb5330234006d86eb884f388cbd3a4e56dbcad02f9573a69f4d9164dbfb58d773fc92bb810b1bf0075f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
d5cb714b845fbd16f4139412417653bf

SHA1
f3316169ae8909cb2dbf9769d7e253a09b4590d0

SHA256
eb299c380b9149f65ce7be6945a2a2eb0e63bfa87a27759e456b7050eb744cdb

SHA512
f6444115e5de000e13ed0cd13a4adf686974c78b48bd2cf8c1fea8e05f5f5494dae2e74b7706c7651ad4c0cfbeee108fb786878629650d1ed2b8f31d3881e4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
7cf41ccd6d1f252d16475a116d9a8f1d

SHA1
3167fca636a5d3306a22924f4edb0aaff6eecbb4

SHA256
049c9a49353416701a0672985800734e515be2b5f5445fb5fb3813845460008e

SHA512
6f7ea04d7d25396e0bf776140cacc42a31e355453d158ca4d88b3b03d0662fe4c9d20b006bb17087375d3d8b87d9f9c70c9c7508e370883033f6cf6a552ad15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21522\ucrtbase.dll

Filesize
1.1MB

MD5
b0ceb85c5e954f543abc076fa8de17f9

SHA1
0969b9819d72e24139d1f931c27710e814581d27

SHA256
1e316042bf54883cde951203633b087c2dcfdb2195af0526fb9d686541b14950

SHA512
36d9182a73edcd14949f93dfefd47f513fce5760efb8fa8a111af9001a0752f2dc90a92374aaafa9f58ff58f6603ee9e6efdd49ff5359fe6e69f2e1ef7a6cd73

Download Submit
memory/2292-1324-0x000007FEF6720000-0x000007FEF6DE5000-memory.dmp

Filesize
6.8MB

Download
memory/2292-1325-0x000007FEF6720000-0x000007FEF6DE5000-memory.dmp

Filesize
6.8MB

Download