28d56ed7f2f5ae7558a1f303e3a4ebc0a01a118bd674a2dbb3a0d0e550c50591

Analysis

max time kernel
21s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tokyo Logger.exe
Size

8.2MB
MD5

bfc95ddea20fbd937b316604def70873
SHA1

248f86ab1ecefd654751ecc20f09684b8392d790
SHA256

28d56ed7f2f5ae7558a1f303e3a4ebc0a01a118bd674a2dbb3a0d0e550c50591
SHA512

00c1a4177bebb36ca4c2933fc8614ee97d98962ff1a5b0f6df380ffcd4858e92e250fb2fae22f70da1099000851bf56d62906b0e338baa432105324884ce7fb6
SSDEEP

196608:5yeurErvI9pWjgyvoaYrE41JI9YIwoOdhQ:4eurEUWjdo/H1JboChQ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe
3036	Tokyo Logger.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019c48-73.dat	upx

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3036	Tokyo Logger.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 3036	1048	Tokyo Logger.exe	28
PID 1048 wrote to memory of 3036	1048	Tokyo Logger.exe	28
PID 1048 wrote to memory of 3036	1048	Tokyo Logger.exe	28

C:\Users\Admin\AppData\Local\Temp\Tokyo Logger.exe
"C:\Users\Admin\AppData\Local\Temp\Tokyo Logger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\Tokyo Logger.exe
  "C:\Users\Admin\AppData\Local\Temp\Tokyo Logger.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10482\python311.dll

Filesize
1.6MB

MD5
b167b98fc5c89d65cb1fa8df31c5de13

SHA1
3a6597007f572ea09ed233d813462e80e14c5444

SHA256
28eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76

SHA512
40a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\ucrtbase.dll

Filesize
1.1MB

MD5
b76f01ae50ce43187be1d701b51ca644

SHA1
cb59f1ff16f8f3996646930f02d3090422c64a02

SHA256
903806c8888e3c9ac0212ed50be6889c21cf4fd12f49931da8b548b5326a0bf8

SHA512
d0962bdc5439c7068d67e59d6434606581744daf41a628c083ae147936074f489b44dca8dd737a6766dcdc2b99a2cb7e5cbc79e13e0d9b661f77acd13a9c5300

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
d54860bc805f73cd8e7e3fe05d544108

SHA1
b6184d9f4477e482801a0fa1f27b868533873d1d

SHA256
68e28b5944193ab45be2cc14e49424ba0c5d8713bb6b027e96ff1c16147f19a3

SHA512
22dffca161acdad3bcda6bc83ca63d4cedcbfd47b1b3549e98fc95d9b85ce2d49576f3ee3fc150da2e353731bf8d98e4eb3db80ba3913b32e783289905376a3a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
51cdd94858eadfa992e3a397aae6a4ee

SHA1
6fe3a27f11c13fdd680802eb8c6f87a7a92518d6

SHA256
57cb180884f33b064957d9c1dd509bb5e8fd541e9458b84d88e025790c1dc986

SHA512
42702b377322fcd6e7090a01c262ce3a04a95154ff327a40841add210f678287658ad097e32bd53f23d88878cbe7625d868b7adfac042cdbc0f48e8e59b7504e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
c8cfb99f387edd7ee3677d10faed635e

SHA1
f5d0776b3e58ba231dfd5ff5e3a63860652b7ee5

SHA256
361ebbef6e0d77624560b87d888464b331403e09845836a04f5800682aa4ed48

SHA512
1332ae54f4af98365b973fe82311a09cec2a92e07f0ef56512bf3e2a3eef9d45e9484a74eae20df6a7fe44b6758bd6aedd16bc96ae866f2536a7c906f7535af0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
ab08093ceb1da2c238f28dec5e2db51e

SHA1
f3c97f9aea448b503390794b56d0cc1e5795e4d5

SHA256
92bb2dd3172befd83dc039deb83577efc0f4e42390aa3d428d6f296bd3f462fa

SHA512
146ebbdee11ebe472c6f45836a5051cb6c53db04bd8d2745fe2097b73b6fb410c1525883271e192523533789318f7825aa678bcba8b0f1d5f354506b4d4ddd11

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
6d5cff14d7b266bc9cfdeefb0a05d2a8

SHA1
5d76f1a5e3ac3caf2c7cd19590e8e578f55c1ccc

SHA256
bc0a3295b1e552f47f7034d47dcaa9123caa9423d202df5737b9301d68cb6667

SHA512
5af85dde1bef032893b4e5fdf4584ddc51dd33cc73be1e37f230544f6df383927995027bd5097ad23d0248e3980b66767698177c8ee8d61d309ab5dbb6ce3662

Download Submit
memory/3036-75-0x000007FEF5890000-0x000007FEF5E80000-memory.dmp

Filesize
5.9MB

Download