Overview

overview

10

Static

static

10

Sender.exe

windows7-x64

7

Sender.exe

windows10-2004-x64

8

�f���H.pyc

windows7-x64

�f���H.pyc

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-01-2025 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sender.exe

  • Size

    9.0MB

  • MD5

    5b25a79e9b96b0369ea325759135e043

  • SHA1

    bb4c6c35965c2f7406d564de8bd5d489d03c13f5

  • SHA256

    f9f90327321311cc2692c254634937d5eab4e4930598619d425ed095fd3f1b63

  • SHA512

    002dff9c7d628a9493d6772dff35b58adae83ba56a4a182650c01dbe6681d71b7d6cc5ba6c66ac995e8b28b8534a013356bc744fd38667f231c90ff063ab3479

  • SSDEEP

    98304:OhLvITBg6vamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz+as5J1n6ksB0rN9RhC:ONIWeNlpYfMQc2s8hn6ksqdhC

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sender.exe
    "C:\Users\Admin\AppData\Local\Temp\Sender.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\Sender.exe
      "C:\Users\Admin\AppData\Local\Temp\Sender.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI27082\python311.dll
    Filesize

    1.6MB

    MD5

    64fe8415b07e0d06ce078d34c57a4e63

    SHA1

    dd327f1a8ca83be584867aee0f25d11bff820a3d

    SHA256

    5d5161773b5c7cc15bde027eabc1829c9d2d697903234e4dd8f7d1222f5fe931

    SHA512

    55e84a5c0556dd485e7238a101520df451bb7aab7d709f91fdb0709fad04520e160ae394d79e601726c222c0f87a979d1c482ac84e2b037686cde284a0421c4d

    Download Submit

  • memory/2368-23-0x000007FEF55C0000-0x000007FEF5BA9000-memory.dmp

    Filesize

    5.9MB

    Download