5b7905a769e63cff95c5a11898ce070725463f7b1245e201c4c05ee7de75dae0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ElectronV3.zip
Size

9.8MB
MD5

bb770bb4515d60daaaf26b168edc1cd9
SHA1

2715fcc006c9289ad4fd901ea6f4f847a7d31067
SHA256

5b7905a769e63cff95c5a11898ce070725463f7b1245e201c4c05ee7de75dae0
SHA512

2b75cb8573f840c2412a0e6ab14c482fcd355074f966f4d90c61421c70fce9ae4963834be8e42d2e1489b8e45b81e72f13fd23328abc39ac41e7e661ed39409d
SSDEEP

196608:wfEGWfgXw/1Did9R5QbhLLyNMUeamDtcC1fkgMisEAjWD0Kj:wf3oZS9whLeODeAkgMJdKj

Score

7^/10

pyinstaller upx

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2812	ElectronV3.exe
2988	ElectronV3.exe
2536	ElectronV3.exe
340	ElectronV3.exe

Loads dropped DLL 17 IoCs

pid	Process
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
2988	ElectronV3.exe
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
340	ElectronV3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a3e4-69.dat	upx
behavioral1/memory/2988-71-0x000007FEF5850000-0x000007FEF5CBE000-memory.dmp	upx

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0007000000015d66-2.dat	pyinstaller

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2220	7zFM.exe
2988	ElectronV3.exe
340	ElectronV3.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2220	7zFM.exe
Token: 35	2220	7zFM.exe
Token: SeSecurityPrivilege	2220	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2220	7zFM.exe
2220	7zFM.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2988	2812	ElectronV3.exe	32
PID 2812 wrote to memory of 2988	2812	ElectronV3.exe	32
PID 2812 wrote to memory of 2988	2812	ElectronV3.exe	32
PID 2536 wrote to memory of 340	2536	ElectronV3.exe	34
PID 2536 wrote to memory of 340	2536	ElectronV3.exe	34
PID 2536 wrote to memory of 340	2536	ElectronV3.exe	34

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ElectronV3.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2220

C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe
"C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe
  "C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2988

C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe
"C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe
  "C:\Users\Admin\Desktop\ElectronV3\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25362\cryptography-43.0.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28122\python310.dll

Filesize
1.4MB

MD5
fc7bd515b12e537a39dc93a09b3eaad6

SHA1
96f5d4b0967372553cb106539c5566bc184f6167

SHA256
461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164

SHA512
a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122

Download Submit
\Users\Admin\Desktop\ElectronV3\ElectronV3.exe

Filesize
10.1MB

MD5
30e0c375ce957f3398f208d487a08950

SHA1
cc3137225c79532f95204d1eebad97b26e02f114

SHA256
dcb6c47949bacabd601226411736bca0a6a043475b366c77d17f997205600923

SHA512
d06ac050da037821d9226bca670652d23840795fbb32443eb83280577c1564e28ed03dc07acb70cf84d22597ee46eacf903138cc8092d76428e6b2d45bc371f0

Download Submit
memory/2988-71-0x000007FEF5850000-0x000007FEF5CBE000-memory.dmp

Filesize
4.4MB

Download