Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2024 17:05

General

  • Target

    spoofer.exe

  • Size

    80.6MB

  • MD5

    00612a7f7320413d89cf6bf0761dbfec

  • SHA1

    707047c2a0e1cfc9e95a4eebc1cf30f327ebe282

  • SHA256

    7367d53089575b0708c34d275f067825926d16ab7ecc8e43899e1b08447367bd

  • SHA512

    0ea7f31a2819015e7ea58e116c7f44158f7523067057ec0f5dbe3cda2bc0da6654464282ce282a971c8f44ea9e501bd0b32c613771570f111228b5e2dc8c9d87

  • SSDEEP

    1572864:CPJlLWLHd0RSk8IpG7V+VPhq9AE7DliriYgj+h58sMwoerlFGp0cJ5j:iJNmiSkB05aw9Zwl5Eeru7j

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\spoofer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Local\Temp\spoofer.exe
      "C:\Users\Admin\AppData\Local\Temp\spoofer.exe"
      2⤵
      • Loads dropped DLL
      PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI18602\python311.dll

    Filesize

    1.6MB

    MD5

    a70d5250a7878d930c92c08abd2acf5c

    SHA1

    0c9526cb8aaf011655decf5f8037b4ea562db71f

    SHA256

    1777007bcbec5c5daa8c4068b181216def54ac53eb2f6994b2fcb01edd74d03a

    SHA512

    08bf354cc9a16c7103173edd71abb1d91b7865adffc8c1ceb085c9f807f73b5b0ab37e70071f17166fdcce8ab0d5647060638a525090cc2544498537834e7afd

  • memory/2512-1265-0x000007FEF5F00000-0x000007FEF64E9000-memory.dmp

    Filesize

    5.9MB