Overview

overview

10

Static

static

10

Account Method v3.rar

windows7-x64

7

Account Method v3.rar

windows10-2004-x64

8

Account Method.exe

windows7-x64

7

Account Method.exe

windows10-2004-x64

8

���QS�l.pyc

windows7-x64

���QS�l.pyc

windows10-2004-x64

Analysis

  • max time kernel
    49s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2024 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Account Method v3.rar

  • Size

    5.9MB

  • MD5

    8a4cd510c6efeefc9fc33465814b71b2

  • SHA1

    b9c1e5dfccdf13ddb0206da9f195f27cb63b32a1

  • SHA256

    7a43e7fa643bf4e892994c61314aa265ea1e1c46af5313c4cdd90a66f6507b9b

  • SHA512

    9757d25393bf7d1a676813c615069f52186bf1f9a5746f28847f8897a97e9dee6b1a3b0f2b3dd4d4f1670143c0eae9fee0df0bcc40721370385440b52228c8d6

  • SSDEEP

    98304:+YMKVhn+UVUcFhhkiW27e1V6OuP+W4M0o6YcSvJF1AnKGq2j7UWAvE8WHL:+JK7+rcFho5u+WR0o6YNJF1h2HwE1r

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Account Method v3.rar"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\7zO077523A7\Account Method.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO077523A7\Account Method.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Users\Admin\AppData\Local\Temp\7zO077523A7\Account Method.exe
        "C:\Users\Admin\AppData\Local\Temp\7zO077523A7\Account Method.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1128
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7zO077523A7\Account Method.exe
      Filesize

      6.0MB

      MD5

      533098d68bed52f271ccacc2ff9b90dc

      SHA1

      9c73399366c258bc43f0a64f2caef51cc60a6df1

      SHA256

      369b6cecb9a25012323387c19abe99e8c82370f22c941172949c2458d8f4f2a2

      SHA512

      5d3138178bcf2c2fa1d80a2ad09b3e4af7a58386c60c85ad7d32c3460c40294eb1f1ca9ba10cc76f87e4152c235b33829534bc04320fa1ab62489a0b4069989a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI28322\python310.dll
      Filesize

      1.4MB

      MD5

      178a0f45fde7db40c238f1340a0c0ec0

      SHA1

      dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

      SHA256

      9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

      SHA512

      4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

      Download Submit

    • memory/1128-35-0x000007FEF4ED0000-0x000007FEF533E000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1128-38-0x000007FEF4ED0000-0x000007FEF533E000-memory.dmp

      Filesize

      4.4MB

      Download