Overview

overview

10

Static

static

10

theone.exe

windows7-x64

7

theone.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    theone.exe

  • Size

    78.4MB

  • MD5

    1f12b432ddbddf37c0f4efa3a21621a6

  • SHA1

    faf84e657a9b363625473604a0eafffd882a29a8

  • SHA256

    8c86b9189a3a960d7497e3452e61d6459b80065ab442cebb6f9b4d94b5990303

  • SHA512

    8ee7a05eb2882ec05532c90067f9b5a6ca4b0c5240d37c6e4fce3ba55ec3e554c582cae714ef11f384c4ae1186f9a2d522ebb2a4dfc7f5a196e6cb08475920d1

  • SSDEEP

    1572864:01l9Wg0hSk8IpG7V+VPhqQ2dfzE7RlhTRiYweyJulZUdg1hWbYysV3O/v:01HmSkB05awRfWLapuxhUkiv

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\theone.exe
    "C:\Users\Admin\AppData\Local\Temp\theone.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\theone.exe
      "C:\Users\Admin\AppData\Local\Temp\theone.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24082\python312.dll
    Filesize

    1.7MB

    MD5

    36e9be7e881d1dc29295bf7599490241

    SHA1

    5b6746aedac80f0e6f16fc88136bcdcbd64b3c65

    SHA256

    ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e

    SHA512

    090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf

    Download Submit

  • memory/2744-1272-0x000007FEF60F0000-0x000007FEF67B5000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/2744-1273-0x000007FEF60F0000-0x000007FEF67B5000-memory.dmp

    Filesize

    6.8MB

    Download