c2939db0f1eec1145c7b6d6effc192b7f5f1d6e4d3383110ad853449397f109d

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ElectronV3.zip
Size

37.5MB
MD5

d23729c9d203a5d136f71403cb08623d
SHA1

0e9b5810900923caa88f2cc9d8f101384ccd3c93
SHA256

c2939db0f1eec1145c7b6d6effc192b7f5f1d6e4d3383110ad853449397f109d
SHA512

3166c1561f4991a54e33ee1ee4d63d47fd02ad7c7b338efe58ced086662298b7db18e6ded34d97a07d393165a3c62ab8879b8a30aafb14f462d3e485b2c2919a
SSDEEP

786432:76Q0Xiq6zWRsr1lkFHo93HnQJyQ60ah2onFJ00Xa01cJftEzM9lPaTRk:7tzWOs2FJh2MJT1af6caTRk

Score

7^/10

pyinstaller upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

ElectronV3.exeElectronV3.exe

pid	Process
1296	ElectronV3.exe
2344	ElectronV3.exe

Loads dropped DLL 5 IoCs

Processes:

7zFM.exeElectronV3.exeElectronV3.exe

pid	Process
2408	7zFM.exe
1296	ElectronV3.exe
2344	ElectronV3.exe
1196
1196

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x000500000001a0a9-57.dat	upx
behavioral1/memory/2344-59-0x000007FEF6320000-0x000007FEF6785000-memory.dmp	upx
behavioral1/memory/2344-62-0x000007FEF6320000-0x000007FEF6785000-memory.dmp	upx

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
behavioral1/files/0x0008000000016d68-6.dat	pyinstaller

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

7zFM.exe

pid	Process
2408	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid	Process
2408	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

7zFM.exe

description	pid	Process
Token: SeRestorePrivilege	2408	7zFM.exe
Token: 35	2408	7zFM.exe
Token: SeSecurityPrivilege	2408	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

7zFM.exe

pid	Process
2408	7zFM.exe
2408	7zFM.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

7zFM.exeElectronV3.exe

description	pid	Process	procid_target
PID 2408 wrote to memory of 1296	2408	7zFM.exe	30
PID 2408 wrote to memory of 1296	2408	7zFM.exe	30
PID 2408 wrote to memory of 1296	2408	7zFM.exe	30
PID 1296 wrote to memory of 2344	1296	ElectronV3.exe	31
PID 1296 wrote to memory of 2344	1296	ElectronV3.exe	31
PID 1296 wrote to memory of 2344	1296	ElectronV3.exe	31

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ElectronV3.zip"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\7zO869238B6\ElectronV3.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO869238B6\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Users\Admin\AppData\Local\Temp\7zO869238B6\ElectronV3.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO869238B6\ElectronV3.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zO869238B6\ElectronV3.exe

Filesize
37.8MB

MD5
1b7aed3da008408d116fe4cc4a4f2c1f

SHA1
b93a3c16961251da8b1a02a42dd4150547923043

SHA256
583082503369d4f22277889a3cf2cf0f7444896049d11389372fb1edc4d596c7

SHA512
77ee5c88e1da17d5d2a8496f494d33165e1685f2db6965c7886ff3374a3ab83716bb89b242c9b5d2186e7450ee816bf97f43e12e248b513cccca30889a7cc1fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12962\python310.dll

Filesize
1.4MB

MD5
90d5b8ba675bbb23f01048712813c746

SHA1
f2906160f9fc2fa719fea7d37e145156742ea8a7

SHA256
3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

SHA512
872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

Download Submit
memory/2344-59-0x000007FEF6320000-0x000007FEF6785000-memory.dmp

Filesize
4.4MB

Download
memory/2344-62-0x000007FEF6320000-0x000007FEF6785000-memory.dmp

Filesize
4.4MB

Download