Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2024 19:45

General

  • Target

    SZYMUS SP00FER.exe

  • Size

    6.1MB

  • MD5

    1c27d781a570dada19f6b3539a121a35

  • SHA1

    2cf27a3dd360a06b30f5a71aae1d151e81811af4

  • SHA256

    b82b55f4a64182edde053f978c8c51e4b95371b1731b6c4fe5ee8afd292d69fa

  • SHA512

    560b7b9b08f2dff54d7cf99b8b23e5330d6310dd83f918c5fec22788b4f90aa8deca5f69d69578e0e0c8ad39b5d6b7618d74dff95fc6302ffc6f1e7ac7e7c2ac

  • SSDEEP

    98304:YBEtdFBgwC1rjamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RnPMRlb3J8Ma:YAFwGeN/FJMIDJf0gsAGK4RnkR/gTx

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SZYMUS SP00FER.exe
    "C:\Users\Admin\AppData\Local\Temp\SZYMUS SP00FER.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Users\Admin\AppData\Local\Temp\SZYMUS SP00FER.exe
      "C:\Users\Admin\AppData\Local\Temp\SZYMUS SP00FER.exe"
      2⤵
      • Loads dropped DLL
      PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI26682\python310.dll

    Filesize

    1.4MB

    MD5

    178a0f45fde7db40c238f1340a0c0ec0

    SHA1

    dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

    SHA256

    9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

    SHA512

    4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

  • memory/2700-24-0x000007FEF63A0000-0x000007FEF680E000-memory.dmp

    Filesize

    4.4MB