Overview

overview

10

Static

static

10

spoofedV2.exe

windows7-x64

7

spoofedV2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    spoofedV2.exe

  • Size

    12.0MB

  • MD5

    a4a5c39c8ec652046f09c7a3fb2973fb

  • SHA1

    d442d559c884081dc2199c99dd68f9d20ed5401c

  • SHA256

    e9dbb65873885de12d31b6087a300a03d23eca8af63dd7b1b72927ad11406ea1

  • SHA512

    51114488e7c2715f9fa1cc448dd4e0a45086aafb248a23a2cce89db70931f9d790d99f14b19102ab1c18a42ed94a54670a5703712d3b21ae6f613bcdbcc20bd7

  • SSDEEP

    98304:0OzkwN+MdA5wqSnW9Z8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n6hBm:04V1vrB6ylnlPzf+JiJCsmFMvln6hqgs

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spoofedV2.exe
    "C:\Users\Admin\AppData\Local\Temp\spoofedV2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\spoofedV2.exe
      "C:\Users\Admin\AppData\Local\Temp\spoofedV2.exe"
      2⤵
      • Loads dropped DLL
      PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI25922\python311.dll
    Filesize

    1.6MB

    MD5

    1e76961ca11f929e4213fca8272d0194

    SHA1

    e52763b7ba970c3b14554065f8c2404112f53596

    SHA256

    8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0

    SHA512

    ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b

    Download Submit

  • memory/2188-23-0x000007FEF57B0000-0x000007FEF5D9A000-memory.dmp

    Filesize

    5.9MB

    Download