Overview

overview

10

Static

static

3

Ultimate P...11.exe

windows7-x64

10

Ultimate P...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2024 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ultimate Password Hacker 2011/Ultimate Password Hacker 2011.exe

  • Size

    2.4MB

  • MD5

    bdd0969fee3780c98c0bc55db4362ab5

  • SHA1

    8f8712d061170a6baad9b6dec57cdfe727bd4886

  • SHA256

    aed0d29605b857b18bade968b956cea5e275fc31592c8e4cdd7406abdc1937ad

  • SHA512

    aa59de5cd64913a20dbf5b5805f76c4e4789ec97d072a328a1b7cd6f0ca9201fc6ae249b71798fa4c2b31faa3c190da98d25777fe3c2fa46ee6b23009501ed9f

  • SSDEEP

    49152:oH2hEobT22ZmDhEKhEiCfbEZq4CKP5ErJ:8K

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ultimate Password Hacker 2011\Ultimate Password Hacker 2011.exe
    "C:\Users\Admin\AppData\Local\Temp\Ultimate Password Hacker 2011\Ultimate Password Hacker 2011.exe"
    1⤵
    • Checks computer location settings
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3828
    • C:\Users\Admin\AppData\Local\Temp\Ultimate Password Hacker 2011.exe
      "C:\Users\Admin\AppData\Local\Temp\Ultimate Password Hacker 2011.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:1476
    • C:\Users\Admin\AppData\Local\Temp\flesplayer.exe
      "C:\Users\Admin\AppData\Local\Temp\flesplayer.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Users\Admin\AppData\Local\Temp\microsoft.exe
        "C:\Users\Admin\AppData\Local\Temp\microsoft.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2640
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 464
          4⤵
          • Program crash
          PID:4368
      • C:\Users\Admin\AppData\Local\Temp\micromedia.exe
        "C:\Users\Admin\AppData\Local\Temp\micromedia.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:756
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 464
          4⤵
          • Program crash
          PID:3092
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2640 -ip 2640
    1⤵
      PID:1480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 756 -ip 756
      1⤵
        PID:4628

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Ultimate Password Hacker 2011.exe
        Filesize

        528KB

        MD5

        225dcd38b695a726888d54f333e75cab

        SHA1

        04843136e1572dd0f7756c8cb29c6bc9a5984413

        SHA256

        ac70ff84e1e2935f8140f91e0fbb74ffd671ae96546e46924cb156223817db10

        SHA512

        6d12a9dc1719c3cb8001ee9c4861f7db239cd3f5f07fda693679dec1dd145c77a6f762a6b7970c343869eb77657f97e7d261bf5b5c9aa86839175c3e9533d497

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\flesplayer.exe
        Filesize

        1.2MB

        MD5

        0c17d23d99c9c1b306c4e1d12900d1fa

        SHA1

        0b199deda6aa4f894f6b6cadbb07cc9f082f1f54

        SHA256

        7a3253251902b38aa969016cf372efc041114edcbb690cd894f2174cae206559

        SHA512

        07e1b700cdfc33a3efc6c34c6ecf577d3f43605127c4404335b60b8a47fd1bad638a5f43e5bf25e73cf368805dad8858a253cef2ed8f588b893605b879aa9d4b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\micromedia.exe
        Filesize

        93KB

        MD5

        ed2567a7f32595ae534c9585616d8da9

        SHA1

        794dda2f0937704b1d0a95c9a4d42ecf2bdf5818

        SHA256

        c1d9201194905de6ab87d40e7dae12e50acf41238e14ad419d61faa73ffa16fd

        SHA512

        dd006609475a303f20f279cef38f60a972e29a2e24a14544fc88732312cb329008de5c6bb19b27dadddf91f8f6661d2d07771583b4012d2d6a375506a1e4b480

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\microsoft.exe
        Filesize

        718KB

        MD5

        e5eb5f11d14169b9ff82b79ebbe68aef

        SHA1

        a855cf3aab0b1b8897fcfd39d4f749fcee2f623f

        SHA256

        25bf774b16b62ea94775be0d498b28104d474c099e968ae8f1344f5197e28771

        SHA512

        9879d04c8be54931d57ae748418e6b8ec43517bc19bfb05fe0a43e9ee0d3cf078f9ebc3ef722deed706d7b5765364d2ef9cc13f0b1c7d3a91154fa6f00e82816

        Download Submit

      • memory/756-73-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/756-66-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2640-62-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2640-74-0x0000000000400000-0x0000000000411000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2956-36-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2956-39-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2956-72-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2956-40-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-42-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-2-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-6-0x000000001B3F0000-0x000000001B496000-memory.dmp

        Filesize

        664KB

        Download

      • memory/3828-3-0x0000000000B90000-0x0000000000B98000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3828-14-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-11-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-0-0x00007FFBFD5D5000-0x00007FFBFD5D6000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3828-10-0x000000001C1B0000-0x000000001C1FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3828-1-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-9-0x0000000000BA0000-0x0000000000BA8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/3828-12-0x00007FFBFD320000-0x00007FFBFDCC1000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/3828-8-0x000000001BF50000-0x000000001BFEC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/3828-7-0x000000001B970000-0x000000001BE3E000-memory.dmp

        Filesize

        4.8MB

        Download