f8b0d56b3fc4db3786bb28f95b8103e2c66cd8628541c7a1d92f0f6fa5409000

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EXMPremium.exe
Size

8.8MB
MD5

828875cccd2706b67759e5c0b8126a6d
SHA1

6edf9ba8b9816304f7f06ebe139103103adedfc9
SHA256

f8b0d56b3fc4db3786bb28f95b8103e2c66cd8628541c7a1d92f0f6fa5409000
SHA512

54ff29feb80b763ac67695d29d48bb8401c3f37e62112de7357a3eb9fd982dcf09bc76ed9e4ef4d7e32f9127c1db30b98cd473992342c141dc76d778621848ee
SSDEEP

196608:ZgXMO0Q+hOuurErvI9pWjg/Qc+4o673pNrabeEeWa8yzWtPMYnNcsg:Cr0Q+RurEUWjZZ4dDLIewWzWtPTNzg

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe
2740	EXMPremium.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a443-82.dat	upx
behavioral1/memory/2740-84-0x000007FEF5530000-0x000007FEF5BF5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2740	2908	EXMPremium.exe	30
PID 2908 wrote to memory of 2740	2908	EXMPremium.exe	30
PID 2908 wrote to memory of 2740	2908	EXMPremium.exe	30

C:\Users\Admin\AppData\Local\Temp\EXMPremium.exe
"C:\Users\Admin\AppData\Local\Temp\EXMPremium.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\EXMPremium.exe
  "C:\Users\Admin\AppData\Local\Temp\EXMPremium.exe"
  2⤵
  - Loads dropped DLL
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-fibers-l1-1-1.dll

Filesize
41KB

MD5
46173f3aaeb1830adb3f6cb19bc9fe13

SHA1
5bacc120a80d0ef4722d1489c0563b95f99d1a99

SHA256
affc96d5aa19b374be7a56a859980b56858e22f2a221da8513eec42ffd21a718

SHA512
15f24097564fc57c0f05b1f08043b2789b18a638452018078d262038c407a8ce16658a208c58356ba81146c7a312c054d5b7e9c8d69d19b2cb833500e90c1648

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l1-2-0.dll

Filesize
41KB

MD5
85496fce62c235a881dbe880c2b675a0

SHA1
8358f22d29ce31b9f9a8ec5ad440eb1a55f01433

SHA256
8ae99e14f909b91faa3163fc0f9c2a904de1ee5ebba342d708f747276c9d7ca8

SHA512
d0df9266b21e41a64a096ed0b567a0916d352c7fc9aa7c7ffe819c21a4e3552e79badb88c4829d2580643f86a58e191ad853de1d0e282f16f84a44a741782cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l2-1-0.dll

Filesize
41KB

MD5
dbc82f123f6888c0efd2aa7bee02707b

SHA1
76c95b72a671830e8590e104448f92180c10006a

SHA256
a5993dc5b4fbc0b2463537666bd0f19b3e9824fc4933490278091877bfd707f0

SHA512
547bb55c8337816494597ec796f75838594d3abd6ac24fe5692b28ef9a5af338dfeba17875854b89a21381bfaf41613e072fb632272547762283cae6474fd8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
41KB

MD5
1190c9c96d3d54b0062b2aa07c345e07

SHA1
9da3cb7923d46eab3704e0521700bd645a27d860

SHA256
cd694dd9de1e8f62ddf41952550310c10264f677c153371b3cc3ff8f68280019

SHA512
e2284e713ea1f78bd4ebb08c6eb279ee3b85b404b96bc75fcb2a23d862815e37773edb31d7eb625f688f9d412d16d3388029e3dc53262b29dd5a6fa8c0bd83d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-localization-l1-2-0.dll

Filesize
41KB

MD5
24739ebbf1e51b4106518b09f0d26b38

SHA1
b90e291f502afa76922e01c1eddf0f95626957f6

SHA256
7ac6b6ad7094b606bfb194230ca16b6436bcecd4669a1cfcfd880e25ef3bd106

SHA512
6da9d0aaec46e9f9dd5b0cf865075e88390500bdb7aa04f17c961ff8db8a3f1238812b31aed451583c2e1431f3e447418e745cdbc82beccfb8a004522c1b1d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
41KB

MD5
605d8a1ae34b7ee0b92fb5fbdfaacd8b

SHA1
6f62d615fa91c9707ab03995a690c41cb1a7f34d

SHA256
2aaa351f7d1e423ecfd6db6550b1f7d6ef8c76afe238e8491aa7e4827615edd2

SHA512
ee7ddd2bae12e32ad78625f1a2e7efbd83962cbf1251ee429b3ee3e85170f29fec474489cee57089fe23b60fd5097b44980abaaf4ec542df757e6cad8a55c708

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
41KB

MD5
7284671ec86b78c730efb85947c11122

SHA1
3fbf601e0443521081356c20a6d6f3f4e6338a28

SHA256
d77af2a15be5a51cd242c142d755fcafad76af9b57e472179f8c23f0790f106d

SHA512
a29177ded3a23d7bc04f1aa903ff0a63cc9a661335b02e5b913c780bbd4a072ec5b7ca5891fd3a53e9b1b6d3b5ede4b68224da5657c35485137d22ccf8ca7d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
41KB

MD5
0f6e970dea277438d33eed6a6a61709f

SHA1
34619c9343296107c404dbb11de00affe97185f9

SHA256
c88c3678a4e1bee3f12b2ce947f3bc37ed3d3231a5801ea822cc2c28fa87b078

SHA512
5122e116cb430382419fb205154b96d6e02812230b29d25c6e55f01ff889bcaa1fca9d4eebb04733ec19fb0f8f2785898b5cfe5e2204acd8e7e9884df1b9de1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\python312.dll

Filesize
1.7MB

MD5
eb02b8268d6ea28db0ea71bfe24b15d6

SHA1
86f723fcc4583d7d2bd59ca2749d4b3952cd65a5

SHA256
80222651a93099a906be55044024d32e93b841c83554359d6e605d50d11e2e70

SHA512
693bbc3c896ad3c6044c832597f946c778e6c6192def3d662803e330209ec1c68d8d33bd82978279ae66b264a892a366183dcef9a3a777e0a6ee450a928268e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\ucrtbase.dll

Filesize
1.3MB

MD5
5dd82151d2d8e2c0f1fba4ffb493baed

SHA1
12e24daa8902eb0c46cd8497666633f7ce9a8b58

SHA256
ee847c9d37eb901945ddccc2de73f657e3e92b148ae863b63e7f97d05ed558cb

SHA512
d00ba48b4614d2822e26c3bbdfaa171792dfab52bb50f16e66bdbb53efcef3d9b0e2d35816a40c787a63f5fdd8cc494ec5172c001f25e0ae42645cef330ddf5b

Download Submit
memory/2740-84-0x000007FEF5530000-0x000007FEF5BF5000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads