1ecc6f8c03aa648b8d21fd5b8315f4b0e3211c1801be22ad9727cd696f3e682a

Resubmissions

02-12-2024 18:47

241202-xfhj6sxjhy 10

02-12-2024 18:03

241202-wm1hwsvqc1 10

Analysis

max time kernel
0s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
02-12-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PeakGenULTRAOP.exe
Size

22.0MB
MD5

615c1e81e50f0c0a16dfd95b71b6db1b
SHA1

dd06c918b6924a8d5f61edb58a704bc55ede22b8
SHA256

1ecc6f8c03aa648b8d21fd5b8315f4b0e3211c1801be22ad9727cd696f3e682a
SHA512

85a0005a9d2c5a4efbcbf7a733e03c12b58b453714c2c18e31d7e493ddda118b4a1ace698b742abfa50438c5d98c8096b8be271c0f653ce7ce0d4c90d093c221
SSDEEP

196608:fVHYXwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jc:/IHziK1piXLGVE4Ue0VJo

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3084	PeakGenULTRAOP.exe
3084	PeakGenULTRAOP.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002abcc-21.dat	upx
behavioral1/memory/3084-25-0x00007FFEC67F0000-0x00007FFEC6E53000-memory.dmp	upx
behavioral1/files/0x001a00000002abbd-27.dat	upx
behavioral1/memory/3084-30-0x00007FFEDB350000-0x00007FFEDB377000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 3084	1828	PeakGenULTRAOP.exe	80
PID 1828 wrote to memory of 3084	1828	PeakGenULTRAOP.exe	80

C:\Users\Admin\AppData\Local\Temp\PeakGenULTRAOP.exe
"C:\Users\Admin\AppData\Local\Temp\PeakGenULTRAOP.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Users\Admin\AppData\Local\Temp\PeakGenULTRAOP.exe
  "C:\Users\Admin\AppData\Local\Temp\PeakGenULTRAOP.exe"
  2⤵
  - Loads dropped DLL
  PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18282\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18282\_ctypes.pyd

Filesize
62KB

MD5
79879c679a12fac03f472463bb8ceff7

SHA1
b530763123bd2c537313e5e41477b0adc0df3099

SHA256
8d1a21192112e13913cb77708c105034c5f251d64517017975af8e0c4999eba3

SHA512
ca19ddaefc9ab7c868dd82008a79ea457acd71722fec21c2371d51dcfdb99738e79eff9b1913a306dbedacb0540ca84a2ec31dc2267c7b559b6a98b390c5f3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18282\base_library.zip

Filesize
1024KB

MD5
94940b9e67475ba2e7a511dbf90d3fac

SHA1
576dc1a065141dde9e7c1b02bc9b168836151de0

SHA256
7c506cbb6f3d158ea11a86e9d33a5e3cf41fdb3ea828f3c6fbdf1e32a418084b

SHA512
6c3cbb70331eae5c1f0ea6e5484e7fac19e45521d6641c6d6df072c0e61ae16cba556b5f1f5c176d78e090543c91f4c2750bd82b1ab56214a870ca1ea48682b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18282\python313.dll

Filesize
1.8MB

MD5
6ef5d2f77064df6f2f47af7ee4d44f0f

SHA1
0003946454b107874aa31839d41edcda1c77b0af

SHA256
ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367

SHA512
1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266

Download Submit
memory/3084-25-0x00007FFEC67F0000-0x00007FFEC6E53000-memory.dmp

Filesize
6.4MB

Download
memory/3084-30-0x00007FFEDB350000-0x00007FFEDB377000-memory.dmp

Filesize
156KB

Download