Overview

overview

10

Static

static

3

ElectronV3.zip

windows7-x64

7

ElectronV3.zip

windows10-2004-x64

10

ElectronV3...V3.exe

windows7-x64

7

ElectronV3...V3.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2024 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ElectronV3.zip

  • Size

    37.5MB

  • MD5

    a617668db25d48ad88cd32570ee28a03

  • SHA1

    8c2f35f5c508923f7c4e75ada7fb595b184b512c

  • SHA256

    4b06ec6ebe8bf2c37a99083e8d8f592a99572a4691aad07b22ef16d43de8494f

  • SHA512

    c3b43c2ece69f4e32024a0ec17ab3f6aed13315f1f46638d2b46faf7bee826d6c7b347820fc175ba3d2446214265ed4be46a08f6c4895a7a4dac2f8dee2f4779

  • SSDEEP

    786432:mTyXHeI/4x5x1JhA8WOwHHWydr8hDAF/Cjw+yAVAvogkrfzoP5A5k:mTOHeImnJHzmxdr8htjEsAgNoP50k

Score
7/10
pyinstallerupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ElectronV3.zip"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\7zOC5917FE6\ElectronV3.exe
      "C:\Users\Admin\AppData\Local\Temp\7zOC5917FE6\ElectronV3.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Users\Admin\AppData\Local\Temp\7zOC5917FE6\ElectronV3.exe
        "C:\Users\Admin\AppData\Local\Temp\7zOC5917FE6\ElectronV3.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI23762\python310.dll
    Filesize

    1.4MB

    MD5

    90d5b8ba675bbb23f01048712813c746

    SHA1

    f2906160f9fc2fa719fea7d37e145156742ea8a7

    SHA256

    3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

    SHA512

    872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zOC5917FE6\ElectronV3.exe
    Filesize

    37.8MB

    MD5

    8fe4c19f89235c08d6676afba340c5b4

    SHA1

    198d1576fa13ba1147b0ccf01e4aba9886ae44e3

    SHA256

    9372ae0dcd737e61bfa791161ece3728963129c707fe7af5cc710be56c459b79

    SHA512

    8e17449cf72c3dea91a5ebac6e477291d63a0341bd673fb0453c8271dc913a34dfaa87143b806e66eb704778890f187416f88615768b6df9f184955d77b584d8

    Download Submit

  • memory/2620-59-0x000007FEF5E50000-0x000007FEF62B5000-memory.dmp

    Filesize

    4.4MB

    Download