105f95599be36c69ceff06df68c88ecfeeec436bdbc44f02b2b9fb0adfae61ce

Resubmissions

12/01/2025, 14:13 UTC

250112-rjjzhsvqcv 10

12/01/2025, 13:42 UTC

250112-qz5qgsxkfk 10

15/08/2024, 09:06 UTC

240815-k2ygaszekn 10

13/08/2024, 13:12 UTC

240813-qfy4lavfpf 10

Analysis

max time kernel
844s
max time network
845s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/01/2025, 14:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

capcut.exe
Size

75.4MB
MD5

5151a9b4fe4920035044c45d3e65d076
SHA1

30aabb92740c7f9d07b7574807ea3191a17f3c0d
SHA256

105f95599be36c69ceff06df68c88ecfeeec436bdbc44f02b2b9fb0adfae61ce
SHA512

0119c4e4b981d4590fef5c625da9416df937991438a4087b6b793b8c50d9fff611a12ed1e84a8dbe4a20dd48076df764c86a2160fecaf9596fac2e70bfddb903
SSDEEP

1572864:PvhQ6lNWTp7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaTteZppKb:Pvh1f2pPSkB05awIxTy5nMHVLtewpKb

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
760	capcut.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020ad6-1259.dat	upx
behavioral1/memory/760-1261-0x000007FEF59C0000-0x000007FEF5E2E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 760	2096	capcut.exe	30
PID 2096 wrote to memory of 760	2096	capcut.exe	30
PID 2096 wrote to memory of 760	2096	capcut.exe	30

C:\Users\Admin\AppData\Local\Temp\capcut.exe
C:\Users\Admin\AppData\Local\Temp\capcut.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\capcut.exe
  C:\Users\Admin\AppData\Local\Temp\capcut.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
  2⤵
  - Loads dropped DLL
  PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20962\python310.dll

Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/760-1261-0x000007FEF59C0000-0x000007FEF5E2E000-memory.dmp

Filesize
4.4MB

Download