33c27d4deaaf54f832849d71ce65ce568eb2ca2bb1f24c21f9cf9f0dde7af955

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unlicense.exe
Size

47.2MB
MD5

69e2318d24da523c4d6623385a81f201
SHA1

62f8fbf59fabad8052dc215fc6f7527d7fd4e33f
SHA256

33c27d4deaaf54f832849d71ce65ce568eb2ca2bb1f24c21f9cf9f0dde7af955
SHA512

ccdad88cef3469e87d6952779f76b326246dc6e00b22028667924e44fcfa1a19140d73e591014a05e6148169622ea0f7b19c695e096acf44348daa774ce47632
SSDEEP

786432:+58GYRd4zI0m67kAJEuhH9KH/jlO6mjTCjeZVKgTGR9Vt3VEqVXnQEWtbtHhOrOn:+dId4zDm67JSuN9KH/jlO6q2jeZVK/PI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2840	unlicense.exe
2840	unlicense.exe
2840	unlicense.exe
2840	unlicense.exe
2840	unlicense.exe
2840	unlicense.exe
2840	unlicense.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2840	1976	unlicense.exe	31
PID 1976 wrote to memory of 2840	1976	unlicense.exe	31
PID 1976 wrote to memory of 2840	1976	unlicense.exe	31

C:\Users\Admin\AppData\Local\Temp\unlicense.exe
"C:\Users\Admin\AppData\Local\Temp\unlicense.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\unlicense.exe
  "C:\Users\Admin\AppData\Local\Temp\unlicense.exe"
  2⤵
  - Loads dropped DLL
  PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
238fb6e007f0a582b01a441e10793a83

SHA1
01a303a70097af656c3bfb85dc9779b4e74b61dd

SHA256
ba1058fc150266fee0869ce1ba22da037b23c189b81f661a0ac7330821b47c2b

SHA512
418f9e3d4078ca518a00cab72d42c5cc3da998c4ba22546c52ac6455f7d3436f7d951df071a23f62448141b071bba65e58352a684b7105bf68ce759a21d8e1d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
250cf833bea3e7cf4a5ddcf3ff942dd0

SHA1
0a34b76629f3b6a38779b4ac62b545f981c30e8d

SHA256
169be25d15e4179c77647d3ce3fca7e49c6d785f25e521278722679b233fa368

SHA512
0f1a3c9328afa20df98e5cb8f80f184f80c6d8fd3267fb1dce2554125322d38f220316693f2db1da1a3097acb56627ae4f38c50184f033fa5131a2e46c1f77e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
dcaf89173319eff9fe39256f881f25a6

SHA1
127ad96be3e179d6b89dd03b901dc235ed5796a6

SHA256
5773dc260e84b60b58a65ef5f338e7e62348a4223a809f81253e6921ccf40f61

SHA512
6112f694bc0dd3784464070b12395561d376834c3603b2c6410bd99ae39ce6592b57c9283d14c49d85561491818c32949310160f56b13e97cb4c81b16df4ccec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
4e79846dc7508bd47a433118156ba927

SHA1
288e6b860dd29f5b03bdd002204583d4730841ad

SHA256
7860f50050304ec6aa96ba5c443bd78ecd41adf7a06f3185f03cb6fa21bf8aa1

SHA512
162fbb0924d54c9820a4bfad6c38a7fae50325dfb2cdc846b85652f2e998f8bbeae8b888d74eb985ce7948a35e979efea9246eacc60728f3b161350dbaa8440a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
8b2da8a1f9ea2f5874b51801ddc7450f

SHA1
01a607f6adde808fba03e6c1a9d37fb7bd6325a8

SHA256
14c503a624e4c423f28156e775a68d9fab283a4c8ed3f9a8eb0a95f260e4871c

SHA512
170da8c2baa2bbed0370989cecce04517f2b27f6d6e69c39c26c27ca91feb10d275445330f98d4714ce2921225d87e06cac5b86093a51760e23d7e183c051d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\ucrtbase.dll

Filesize
987KB

MD5
6169dac91a2ab01314395d972fc48642

SHA1
a8d9df6020668e57b97c01c8fd155a65218018af

SHA256
293e867204c66f6ea557da9dfba34501c1b49fde6ba8ca36e8af064508707b4e

SHA512
5f42f268426069314c7e9a90ce9ca33e9cd8c1512dcd5cc38d33442aa24dd5c40fa806cc8a2f1c1189acae6a2e680b6e12fb8e79a3c73e38ae21a154be975199

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads