Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 09:03

General

  • Target

    AQUA PREMIUM Spoof.exe

  • Size

    5.9MB

  • MD5

    47911cfecd3dcd8b505235dd9b187992

  • SHA1

    9c874cead1208b3b77f0ae535d07522629e6e676

  • SHA256

    3aac1ef0cd3825fbb753199f1fe31430f4aba354cc4fb8e7db74b63ac8f7efdf

  • SHA512

    cac06ffeb06e83c2e0a4c98512dde8292c2800a35a4653621e6cdd2877293381ebf7f773456974b4181838e98916ff9a6c6d5ec2ec145398cfddbb2668889eec

  • SSDEEP

    98304:V2De7pzWqe8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDtFMai3lMmg8N:VzNzWKB6yA+KO0WR4iarmg8N

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe
    "C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe
      "C:\Users\Admin\AppData\Local\Temp\AQUA PREMIUM Spoof.exe"
      2⤵
      • Loads dropped DLL
      PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20162\python310.dll

    Filesize

    1.4MB

    MD5

    3f782cf7874b03c1d20ed90d370f4329

    SHA1

    08a2b4a21092321de1dcad1bb2afb660b0fa7749

    SHA256

    2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6

    SHA512

    950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

  • memory/3048-23-0x000007FEF62A0000-0x000007FEF6706000-memory.dmp

    Filesize

    4.4MB