Overview

overview

10

Static

static

3

vm.spoofer.rar

windows7-x64

7

vm.spoofer.rar

windows10-2004-x64

10

vm.spoofer (2).exe

windows7-x64

7

vm.spoofer (2).exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    05-11-2024 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vm.spoofer.rar

  • Size

    12.6MB

  • MD5

    d7284c837c00a754eb1b0ca456982ce9

  • SHA1

    43514e3b6e1d78bef0498a3d469d779cd1a94e3d

  • SHA256

    64896cf157af46d6f6047ba3c9af1100b46bf759a8f42b11e0be242a7addc8d6

  • SHA512

    9c26e42734816e8a5833ca20e20ab566fb5211c054ceb5e34adcc3adf8f1bfb14b7e93d8a0f9e304d25943e7cf6c220a5fd19a885490c7782895b746058eaa62

  • SSDEEP

    393216:hp04bbe2WvcgjxeVVyGkultjDLSGNgOlDgPxZ:T93ehjxe2G7lVLS7Ol4Z

Score
7/10
pyinstallerupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\vm.spoofer.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2452
  • C:\Users\Admin\Desktop\vm.spoofer (2).exe
    "C:\Users\Admin\Desktop\vm.spoofer (2).exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Users\Admin\Desktop\vm.spoofer (2).exe
      "C:\Users\Admin\Desktop\vm.spoofer (2).exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI15882\python311.dll
    Filesize

    1.6MB

    MD5

    db09c9bbec6134db1766d369c339a0a1

    SHA1

    c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b

    SHA256

    b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79

    SHA512

    653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45

    Download Submit

  • \Users\Admin\Desktop\vm.spoofer (2).exe
    Filesize

    12.9MB

    MD5

    df104402ba4fc36be4e8e371c9c83418

    SHA1

    14264d2bb658299945600dec428f1775cf95b280

    SHA256

    dbd839daf0a21e4a8226f7ccd54664777180293782693efc5141103c94a173d7

    SHA512

    946df09a44ae8c7047333830944bd9416b8b96e2cd2c3539b3b3319196bedaa72155f1f3cc82071e11493a17418428b5049e5223e70de15008d18b1fc1360953

    Download Submit

  • memory/3020-68-0x000007FEF6840000-0x000007FEF6E28000-memory.dmp

    Filesize

    5.9MB

    Download