Overview
overview
10Static
static
10FD4DC9B2BF...4B.exe
windows7-x64
1Flyper.exe
windows7-x64
1Flyper2.exe
windows7-x64
1Flyper3.exe
windows7-x64
1Free YouTu...er.exe
windows7-x64
3FreeYoutub...16.exe
windows7-x64
7file (1).exe
windows7-x64
10file (2).exe
windows7-x64
6file (3).exe
windows7-x64
10file (4).exe
windows7-x64
10file (6).exe
windows7-x64
10file (7).exe
windows7-x64
3file.exe
windows7-x64
5file_ (1).exe
windows7-x64
7file_ (2).exe
windows7-x64
7file_ (3).exe
windows7-x64
7file_ (4).exe
windows7-x64
7file_ (5).exe
windows7-x64
7file_ (6).exe
windows7-x64
7file_ (7).exe
windows7-x64
7file_.exe
windows7-x64
7file_9.exe
windows7-x64
7firefox32.exe
windows7-x64
7flash_play...al.exe
windows7-x64
10flash_play...ed.exe
windows7-x64
3freegaza_i...rs.exe
windows7-x64
7fresh_a22b...53.exe
windows7-x64
9helper[1].exe_.exe
windows7-x64
3holycrypt-v0.3.exe
windows7-x64
info[1].exe
windows7-x64
10informations.exe
windows7-x64
10installer.exe
windows7-x64
7Analysis
-
max time kernel
292s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 03:31
Behavioral task
behavioral1
Sample
FD4DC9B2BFF8D75A704E8FE33C63DA4B.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Flyper.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
Flyper2.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Flyper3.exe
Resource
win7-20241023-en
Behavioral task
behavioral5
Sample
Free YouTube Downloader.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
FreeYoutubeDownloader11012016.exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
file (1).exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
file (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
file (3).exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
file (4).exe
Resource
win7-20240729-en
Behavioral task
behavioral11
Sample
file (6).exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
file (7).exe
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
file_ (1).exe
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
file_ (2).exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
file_ (3).exe
Resource
win7-20241010-en
Behavioral task
behavioral17
Sample
file_ (4).exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
file_ (5).exe
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
file_ (6).exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
file_ (7).exe
Resource
win7-20241023-en
Behavioral task
behavioral21
Sample
file_.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
file_9.exe
Resource
win7-20241010-en
Behavioral task
behavioral23
Sample
firefox32.exe
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
flash_player.original.exe
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
flash_player.unpacked.exe
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
freegaza_israeli_killers.exe
Resource
win7-20240903-en
Behavioral task
behavioral27
Sample
fresh_a22bb95ee8cfccc94ba183c071bad3a951b353e98fcf0d6cfa9268aaf9c53d53.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
helper[1].exe_.exe
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
holycrypt-v0.3.exe
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
info[1].exe
Resource
win7-20241023-en
Behavioral task
behavioral31
Sample
informations.exe
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
installer.exe
Resource
win7-20240903-en
General
-
Target
file_9.exe
-
Size
107KB
-
MD5
05fa70fac7d39757fa615c459fe1ab6e
-
SHA1
5ab4fba43997a3df4afa36e05012440d6d0253fa
-
SHA256
df4b719bc0b675b6a9466e8fd57e42ff55994e22507aa82aa08fd574935c83e4
-
SHA512
165b74dfb464f3b16cd97cc6c70e8f792543f30cd8c895fd695205531ff96fb630aac22b3f9f2398ed2aa0544b2ab827c8e7e8a018ee1eba021fbcc36e77cd31
-
SSDEEP
3072:UosBt1tpuky65s9MAfzbD8pTsmT+G42Wec5:UosB7tUOAvAuHfe
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2944 module.exe -
Executes dropped EXE 1 IoCs
pid Process 2944 module.exe -
Loads dropped DLL 2 IoCs
pid Process 2932 file_9.exe 2932 file_9.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\module = "C:\\ProgramData\\Media\\module.exe" file_9.exe -
Drops file in System32 directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\sc.ini module.exe File opened for modification C:\Windows\SysWOW64\sc.ini module.exe File created C:\Windows\SysWOW64\sc.ini file_9.exe File opened for modification C:\Windows\SysWOW64\sc.ini file_9.exe File created C:\Windows\SysWOW64\delself.bat file_9.exe File opened for modification C:\Windows\SysWOW64\delself.bat file_9.exe File created C:\Windows\SysWOW64\delself2.bat file_9.exe File opened for modification C:\Windows\SysWOW64\delself2.bat file_9.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file_9.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language module.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2944 module.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2932 file_9.exe 2944 module.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2944 2932 file_9.exe 30 PID 2932 wrote to memory of 2944 2932 file_9.exe 30 PID 2932 wrote to memory of 2944 2932 file_9.exe 30 PID 2932 wrote to memory of 2944 2932 file_9.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\file_9.exe"C:\Users\Admin\AppData\Local\Temp\file_9.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\ProgramData\Media\module.exeC:\ProgramData\Media\module.exe2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54B
MD57da6d1a8fbea4859f4212878115ae892
SHA1b8d7fec3cf1b362d82d481094e918043f999e234
SHA25619bf8d178c2f01a489daac147781240d6344853508ea9555dd207d04c53093ac
SHA5128e48b53fba488fa4f54374b565f4fd8e42f10fc2c0b8c8afe4755790d3445a56cbb7fcc72a509fbac81724f1e83da03b5c1cc460f1296b8645f3504a7e1cc82c
-
Filesize
107KB
MD505fa70fac7d39757fa615c459fe1ab6e
SHA15ab4fba43997a3df4afa36e05012440d6d0253fa
SHA256df4b719bc0b675b6a9466e8fd57e42ff55994e22507aa82aa08fd574935c83e4
SHA512165b74dfb464f3b16cd97cc6c70e8f792543f30cd8c895fd695205531ff96fb630aac22b3f9f2398ed2aa0544b2ab827c8e7e8a018ee1eba021fbcc36e77cd31