62ef552fd22102e3e9f37ea9719cd3204877e413a9d2b803bd302e1c6dc1dfa6

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

multi-instance-v2.exe
Size

77.5MB
MD5

affda9bbf8f13a78b357ec151a0b254f
SHA1

5b490867a3002b640a71ddd24c3d647d54fb262a
SHA256

62ef552fd22102e3e9f37ea9719cd3204877e413a9d2b803bd302e1c6dc1dfa6
SHA512

04f7f5b844809bae0755e2a26f146bdef66bdfaf1dd6dfba49b4dfc2047e37e14ca101a61541c136d20dabb8b7e8505212224c0df578fbbd839f11f743c4a73a
SSDEEP

1572864:W1l7W/mUSk8IpG7V+VPhqFxE7glhWiYweyJulZUdg6zLzTuWd72:W1Z0mUSkB05awF1LLpuqXdZ2

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe
1484	multi-instance-v2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020ae6-1323.dat	upx
behavioral1/memory/1484-1325-0x000007FEF61A0000-0x000007FEF6861000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 1484	2568	multi-instance-v2.exe	31
PID 2568 wrote to memory of 1484	2568	multi-instance-v2.exe	31
PID 2568 wrote to memory of 1484	2568	multi-instance-v2.exe	31

C:\Users\Admin\AppData\Local\Temp\multi-instance-v2.exe
"C:\Users\Admin\AppData\Local\Temp\multi-instance-v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\multi-instance-v2.exe
  "C:\Users\Admin\AppData\Local\Temp\multi-instance-v2.exe"
  2⤵
  - Loads dropped DLL
  PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25682\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
91b877c23410ec502370a01c2eb8fc2d

SHA1
3c1010bb30a44d6d90b48e805fa9d262276f2a0f

SHA256
781fb13ae016dd617a31b1708ab64dd752cc6f2932b704edd3c7d018793b3488

SHA512
4bca29792dec27d58405d843ed5317e2c5ac99dac3609b81c22ea440bc439bdac6890516240289b76388019016720eecda25d2d67252bdf258591698e582202e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
6a7b2af696d0667b300e845c5f8098bf

SHA1
e2ec9288876b84e718779d56f333e62d4f56e88f

SHA256
652c0ed643003e4e490ec4006bb5a48bfea524284e0612f96bb89798be2beea0

SHA512
eb4be12d3220145b8baafaa8e0440d0445cf84836663e44d25c7e1f2b9586ba4b3ed22adcd3e112084d755bfd735a67a4adf24952dfe0729cc2a6ee80b70ac64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
ece78df965683c25525b14090de0a817

SHA1
4a112e96ecedaf54acceda967ab251ce2600253c

SHA256
61e8ec2f0bbf78a20aab1b335d20950ad0cc26b614ae0b1b6d0042da60e457cc

SHA512
f1f5b174d1beca816b3dafae9dc9605d869d6a826441802cef876f74043371a6af42590f3ec21058276ac745eb3652712eda74089cc4a04fecb3a3043cb30cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
1da02ca8bba888b9b7794ff1ac23feae

SHA1
dc2ed63c40154479110a2369fd3bcaf800ed6bcc

SHA256
1bfc0b612e1077378642a5ef77b3f7542cbfc0fd1ac71deee490b1a8743df342

SHA512
1618781b50766c088b6f6c6eec7fa07df4825ef27489df27c6b53454fb64414aae4bb43469f7a7f5e42ec436ce374b81e4355d0ee8bdc655ebf4b162f05a2df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\python312.dll

Filesize
1.7MB

MD5
ebd1e51a1a1c1534f1695bc71beecbe0

SHA1
280b29f98df389d5f239fc54d71b258b07a5d290

SHA256
3ac7db2567f747a6a16447bc559a6aa20ba846ff9a6fdaf25f2b301a95889b90

SHA512
2db7e56fb166ea95cadfd3eec13a003727b33dc56e07c6628d0ac3a07f3ac95075af8be09317151037c6bdc8c6d451f2fb8041598d3d68d593a2964fea0fe0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\ucrtbase.dll

Filesize
987KB

MD5
7dbabe7756944f6c3d402e97ff900499

SHA1
a562a5c60bf39cad84f11cafec0c5c3b09c56689

SHA256
616d70b2d1518408eb17c610e459ff75d4738ade33a5879667463f08677c1d55

SHA512
a65c555fe917cf91f69781ec89269a35ae9d3b406cebdf207e27e353b5246c3d9bd25d1a8b1664140e61bd4e2aa882d196fd2a6f9073f9b7ac3a8246a953eca8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25682\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
1061d9cde3bf86524e8663279fe8e839

SHA1
a7ab3c602ecf3ca5380773c3b6e40d8089f64704

SHA256
4b6b0101347a394d25dba3bcb17a704e27034071276de69ae6de8238d7bb5d76

SHA512
5a610cfd1ec9ce69684840c56531b5b4714e65c6d744222a38e169c3ef336564ef35d66288dc922681430e1ce22c39aca51f6cecb850c16a7cecb24809c41dfa

Download Submit
memory/1484-1325-0x000007FEF61A0000-0x000007FEF6861000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads