Overview

overview

10

Static

static

10

woofer.exe

windows7-x64

7

woofer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2024 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    woofer.exe

  • Size

    20.4MB

  • MD5

    fe9002b50e7d95c7c25a78e12013ab86

  • SHA1

    ba16376bba2d0cf2088912164c6a84f95afc0b3c

  • SHA256

    e145fe836b888ee4f6fe868f9d5cd9c851ffa924316b8858a5681abb6e7b3f6d

  • SHA512

    2e06cbfee3455c652ea67e22819bbbc4dcb34dc36c6ca7bbe7d29c4450e273fd2ef7345b7967e9484419a3c4c27d1dbf182fe45625536d27e91c41ff64428f3f

  • SSDEEP

    393216:3qPnLFXl4h7mH1y2DO/HdTQPbAlbRu3oNGDyOygg2FGXogEXXNFOsJbTF:6PLFXitmH1y2+QPbO437yLN20ArOstF

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\woofer.exe
    "C:\Users\Admin\AppData\Local\Temp\woofer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\woofer.exe
      "C:\Users\Admin\AppData\Local\Temp\woofer.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI29762\python310.dll
    Filesize

    1.4MB

    MD5

    0b55aa3f43e40cdefc281e4f2b90c2d2

    SHA1

    93de1006a5d8ac106f6d1c6c5450ef9b4b9a84c7

    SHA256

    e8fe39f9b8b0c162223a97992f2ad6433d648bcffab26c2d2c94fedd9714cdae

    SHA512

    ef5ac5c04516ca722a3cdec1ad49941e6a36efaf4d9829d417a325be9c2ea70ce47a67d16350fe2d485b30dc7b866d94ce97cacb335d83105de5648c95a1b9f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29762\setuptools-58.1.0.dist-info\INSTALLER
    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    Download Submit

  • memory/3060-130-0x000007FEF5D60000-0x000007FEF61CA000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3060-131-0x000007FEF5D60000-0x000007FEF61CA000-memory.dmp

    Filesize

    4.4MB

    Download