Overview
overview
10Static
static
10AQUA PREMIUM (1).rar
windows7-x64
7AQUA PREMIUM (1).rar
windows10-2004-x64
1AQUA PREMI...of.exe
windows7-x64
7AQUA PREMI...of.exe
windows10-2004-x64
8��M̵L�.pyc
windows7-x64
��M̵L�.pyc
windows10-2004-x64
Respoof.cmd
windows7-x64
1Respoof.cmd
windows10-2004-x64
1first.reg
windows7-x64
1first.reg
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 09:03
Behavioral task
behavioral1
Sample
AQUA PREMIUM (1).rar
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
AQUA PREMIUM (1).rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
AQUA PREMIUM Spoof.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
AQUA PREMIUM Spoof.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
��M̵L�.pyc
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
��M̵L�.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Respoof.cmd
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Respoof.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
first.reg
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
first.reg
Resource
win10v2004-20241007-en
General
-
Target
AQUA PREMIUM Spoof.exe
-
Size
5.9MB
-
MD5
47911cfecd3dcd8b505235dd9b187992
-
SHA1
9c874cead1208b3b77f0ae535d07522629e6e676
-
SHA256
3aac1ef0cd3825fbb753199f1fe31430f4aba354cc4fb8e7db74b63ac8f7efdf
-
SHA512
cac06ffeb06e83c2e0a4c98512dde8292c2800a35a4653621e6cdd2877293381ebf7f773456974b4181838e98916ff9a6c6d5ec2ec145398cfddbb2668889eec
-
SSDEEP
98304:V2De7pzWqe8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDtFMai3lMmg8N:VzNzWKB6yA+KO0WR4iarmg8N
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3048 AQUA PREMIUM Spoof.exe -
resource yara_rule behavioral3/files/0x0005000000019271-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2016 wrote to memory of 3048 2016 AQUA PREMIUM Spoof.exe 31 PID 2016 wrote to memory of 3048 2016 AQUA PREMIUM Spoof.exe 31 PID 2016 wrote to memory of 3048 2016 AQUA PREMIUM Spoof.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"2⤵
- Loads dropped DLL
PID:3048
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD53f782cf7874b03c1d20ed90d370f4329
SHA108a2b4a21092321de1dcad1bb2afb660b0fa7749
SHA2562a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6
SHA512950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857