bd01c97b0ff81284694b8fa5745afc08fa11fa240c1ceb3c7a44323d04e1c8dd

Resubmissions

17-01-2025 22:41

250117-2mbsesvnhv 10

17-01-2025 22:08

250117-12qdpavjfx 10

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-01-2025 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cypkoland 2077.exe
Size

6.1MB
MD5

07032b0b26256766fc5f92272cfb73dc
SHA1

c800d8dbb06749cb908b4adb6e8bb268469ef1ff
SHA256

bd01c97b0ff81284694b8fa5745afc08fa11fa240c1ceb3c7a44323d04e1c8dd
SHA512

ce8163cc97a1f13d8782d095dfa9cfe0ab80bfd7f6f98bec6ada516f16b77c74840d5d15a17f664d56b63f1c6b7b999df97fecff1b4ea1c5f02ddd76c61bace0
SSDEEP

98304:mLhjEtdFBgwQamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RSPMtF93hMAl:mV6FLeN/FJMIDJf0gsAGK4RSktyAl

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2948	Cypkoland 2077.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019d61-21.dat	upx
behavioral1/memory/2948-23-0x000007FEF6380000-0x000007FEF67EE000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2832	AUDIODG.EXE
Token: 33	2832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2832	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2948	3008	Cypkoland 2077.exe	29
PID 3008 wrote to memory of 2948	3008	Cypkoland 2077.exe	29
PID 3008 wrote to memory of 2948	3008	Cypkoland 2077.exe	29

C:\Users\Admin\AppData\Local\Temp\Cypkoland 2077.exe
"C:\Users\Admin\AppData\Local\Temp\Cypkoland 2077.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\Cypkoland 2077.exe
  "C:\Users\Admin\AppData\Local\Temp\Cypkoland 2077.exe"
  2⤵
  - Loads dropped DLL
  PID:2948

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2736

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2832

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\BlockComplete.bat" "
1⤵
PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30082\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2948-23-0x000007FEF6380000-0x000007FEF67EE000-memory.dmp

Filesize
4.4MB

Download