38bc3239b5cf71dc370502c20527717b02ad63ee2948894a447d20839f327939

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RadiatorBooster.exe
Size

77.5MB
MD5

6114567f8dd82cb30ab76977e1f3e9c2
SHA1

a3de50e7037d1fe38e5fe66b4fdc1505ee9fe3e4
SHA256

38bc3239b5cf71dc370502c20527717b02ad63ee2948894a447d20839f327939
SHA512

4bb4c587d867af56e17fc2856dcb3d19fa8b1e406ceba327c81fb72770fc05bdbe9b442ef4e4247a77684e24905200962d1ce906b18a82e928ae9f84dc519e78
SSDEEP

1572864:b1lVW950hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP7Xip5ivMazqvCZH1O3:b1bWySkB05awFeLpnNpur7ZvMsRrO3

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe
2404	RadiatorBooster.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b1a-1320.dat	upx
behavioral1/memory/2404-1322-0x000007FEF5E80000-0x000007FEF6545000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2404	2560	RadiatorBooster.exe	31
PID 2560 wrote to memory of 2404	2560	RadiatorBooster.exe	31
PID 2560 wrote to memory of 2404	2560	RadiatorBooster.exe	31

C:\Users\Admin\AppData\Local\Temp\RadiatorBooster.exe
"C:\Users\Admin\AppData\Local\Temp\RadiatorBooster.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Users\Admin\AppData\Local\Temp\RadiatorBooster.exe
  "C:\Users\Admin\AppData\Local\Temp\RadiatorBooster.exe"
  2⤵
  - Loads dropped DLL
  PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25602\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
6db0f54fcd05a16297d8c0e9dc41e857

SHA1
eeff0f5aec46fa161a5303840886e53a04cd9f50

SHA256
08c4431d2e029d91db307a53943d381e4823bb53e4014c388c3d88ded9d2e233

SHA512
ff5ce9aea8da0ae286ae1a93f5023cedacd90f7a66d1d8ed89adc8dd4ca376b67eb3498f9a5608e048a76be01aedc1b77f3206f200665db6728e1bb61f9672f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
1399d7007bdb835f28cf2c155145a227

SHA1
847c72cb49da382fe0061c623ce64a333a38b88f

SHA256
f889a4e805b2b052755f188d8942a79f3eb1867ebe077064ff8707d873c33347

SHA512
25b17a4239267321865e79003f4e5ad5003f13384cdd0fabe2b70dc8b270d46e8162d0d727d27a213346026aa9442f07fbe05c414c137385c6b843792198e63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
b4db20a9c352fd3d926717ed6c63ba88

SHA1
d470d0c8cc3b270fd99068e27aa892e42137f91b

SHA256
761d51cf2f2aac43421eecc637dc43ba092516f2b342f6d017007dc607576365

SHA512
2df3099d1f4fce06b096c70aa4c8c115f0a12a8d624b9575f292fc3597b30fd635fd8c0a44c21c3c4556bf6cc78e7b904edd42ec7bc5863ea62fa2f2cf75bd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
a2603e5dadb91017b83954470bc64694

SHA1
a91ea3aec86f79ebbc465dffb2115d360103e174

SHA256
b1195855a4b9125ed3482ebd45316d6105325d1ec9e3b1ce9fa084b52a00bdd4

SHA512
f7fc366e03f7208c3b0af7f19d824c8b945bf8d451389ef349ef5bcc5e0d735ecf96fd76cc23a329d7ba6d0eca7d84b909999e8774f8ea0f96a0dbd1deac3e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
c26c5bdc48584116f822d9be4cfd4fc7

SHA1
e64d49d0d77167b4c42e16c8eba59b96b7ea1236

SHA256
a9e03df5efce9b78f958f89613b8f55e59597f6430e1f40ceb9c4130d68d183c

SHA512
7b66ad09370144fe2be39920bf7f4b3ab57be28ab50ef0bc8020ac58616b98a0a9cfb0f70e2b5b79c5d7cf4a04c0b758f9026fdf6752d0ac64b54fb5cff73d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25602\ucrtbase.dll

Filesize
1.1MB

MD5
79fe69af4009290dcd5298612e5551f7

SHA1
c7d770a434381ed593b32be5705202271590bc39

SHA256
dff01a7bfad83d7f8456fef597e845b2d099291c8bf22b27584486d948d971f5

SHA512
6a9a582b32076c7e7fdef3ea78775067133ff1f68a1eed5ec89fb66582c1fb51f077124bab915bde6f2afe245ab2fb127fd0ea231bd020ca8ca2d614f525cf8f

Download Submit
memory/2404-1322-0x000007FEF5E80000-0x000007FEF6545000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads