Overview

overview

10

Static

static

10

HeilHitler.exe

windows11-21h2-x64

5

Resubmissions

25-11-2024 21:57

241125-1vdfjsvpcl 10

25-11-2024 20:49

241125-zl98gsslfk 10

25-11-2024 19:36

241125-ybcc2asnbz 10

25-11-2024 19:08

241125-xtl5hsxrcq 10

25-11-2024 17:23

241125-vx8rkstqdq 10

25-11-2024 14:17

241125-rl2x4s1jaw 10

25-11-2024 14:17

241125-rlywfsxkem 10

25-11-2024 01:29

241125-bwq1la1key 10

24-11-2024 23:28

241124-3gcm7svrd1 10

24-11-2024 23:05

241124-223vfszrer 10

Analysis

  • max time kernel
    0s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-11-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HeilHitler.exe

  • Size

    6.0MB

  • MD5

    aeab677edfb0b7838ad440c071a04965

  • SHA1

    9855bbfe1e4d729853c1d3fd5e51a6d767cf8203

  • SHA256

    e465cccde051595262dc76359e4a06279341b4292901a49061cf9fa1386119df

  • SHA512

    567dd7cd29f4c35e0d99470628535fddb6f801ce36708003d9a6cc95a0933b613e221c07347040746e4ee174322c02b8da4c59828b79a963ff69c9378a735849

  • SSDEEP

    98304:0bEtdFBg0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMnM3JfFTW:0SFceN/FJMIDJf0gsAGK4R0un+TW

Score
5/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HeilHitler.exe
    "C:\Users\Admin\AppData\Local\Temp\HeilHitler.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Users\Admin\AppData\Local\Temp\HeilHitler.exe
      "C:\Users\Admin\AppData\Local\Temp\HeilHitler.exe"
      2⤵
        PID:3328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI30522\VCRUNTIME140.dll
      Filesize

      48KB

      MD5

      4311fab34c85a54a4ecd82aa7788c9b5

      SHA1

      0465445a38e68a260fde17128c4b67e06410670a

      SHA256

      3213a0da97388b3fe23a5682508492a08a1301d907b57abe83241233ca34fdd2

      SHA512

      8f16c31f83ca69f32fd42816efb64ed58b50aeb488f8b723e477739c1f8e5fed1177508dcc0b0182f1acae91e8861c9e14fb4a57f3ef2b3dbd0a5420c7bdf09a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI30522\python310.dll
      Filesize

      1.4MB

      MD5

      178a0f45fde7db40c238f1340a0c0ec0

      SHA1

      dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

      SHA256

      9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

      SHA512

      4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI30522\python310.dll
      Filesize

      264KB

      MD5

      b0648d9e6bd8c40560ef80a1b51e1139

      SHA1

      b65becc860ac95bdd923eeb150b700bbbd6b39fb

      SHA256

      5dd70f0d8b467d1005441abeb4a57a92d59308e7632c9abf6ded2a695280d060

      SHA512

      bc8f4985c598f243298050ea352f533daf9192f5cea1063cd52ae8e8c0830b2d8abf5800bfba113100b50448e853e119ef9f9f2a71b6600b360dae6aa8b23d4d

      Download Submit

    • memory/3328-25-0x00007FFDC87F0000-0x00007FFDC8C5E000-memory.dmp

      Filesize

      4.4MB

      Download