Overview

overview

10

Static

static

10

 ‍   .scr

windows7-x64

7

 ‍   .scr

windows10-2004-x64

8

��z̷#Z.pyc

windows7-x64

��z̷#Z.pyc

windows10-2004-x64

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15-11-2024 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

     ‍   .scr

  • Size

    6.0MB

  • MD5

    1f2987417cb377be278f0458e06170bc

  • SHA1

    0d9b8a667a3b033a30e8cb44cf50872516eade14

  • SHA256

    6d7a25046cfdc39532e18406b53240ba680404470e941fd448e4372d76b0f01b

  • SHA512

    20301a48f40b4b4108eaf5615c8c9df7c9bf69b2b493702413bfab5149ee7e80a0da45c45af41cf09bef07dee23f00f93edbd0eadf405ba97eb612b7f3e43a91

  • SSDEEP

    98304:u7Iu4+DcBF2MSamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HbM8/3Uj:uEp+D+reNoInY7/sHfbRy9Q8+Tn

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ ‍   .scr
    "C:\Users\Admin\AppData\Local\Temp\ ‍   .scr" /S
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\ ‍   .scr
      "C:\Users\Admin\AppData\Local\Temp\ ‍   .scr" /S
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20642\python310.dll
    Filesize

    1.4MB

    MD5

    01988415e8fb076dcb4a0d0639b680d9

    SHA1

    91b40cffcfc892924ed59dc0664c527ff9d3f69c

    SHA256

    b101db1ddd659b8d8ffd8b26422fde848d5b7846e0c236f051fadb9412de6e24

    SHA512

    eab0c3ca4578751a671beb3da650b5e971a79798deb77472e42f43aa2bea7434ad5228a8fddbfff051ce05054dbf3422d418f42c80bc3640e0e4f43a0cf2ebbe

    Download Submit

  • memory/2640-23-0x000007FEF63F0000-0x000007FEF685E000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2640-24-0x000007FEF63F0000-0x000007FEF685E000-memory.dmp

    Filesize

    4.4MB

    Download