d164f45fc81b37c4782dd50fef5f60949cdbf5234d6196e91fb694acb706c872

Resubmissions

22-01-2025 11:44

250122-nwnaxsvlaw 10

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix_Accounts_Generator_v1.3.exe
Size

241.0MB
MD5

620a3065e5e601533c0e0eeefb6bbcb8
SHA1

02b6ee5ff1c425d477243a8fb14ed4213d603ebe
SHA256

d164f45fc81b37c4782dd50fef5f60949cdbf5234d6196e91fb694acb706c872
SHA512

2adcab6b11d75959b1f8f7b9131462f4e4315b655951bb5fcb1b0a75026e20f9a86bb0a993018de6e373c8722451dc02dd67a2b054b30f66dabfe0aea0d04cf9
SSDEEP

98304:nRfEtdFBGdamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RcOuAK1Rv/XE:ncFE4eN/FJMIDJf0gsAGK4RPuAK1pXE

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2936	Netflix_Accounts_Generator_v1.3.exe

Password Policy Discovery 1 TTPs
Attempt to access detailed information about the password policy used within an enterprise network.
discovery

Password Policy Discovery
T1201

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001958b-21.dat	upx
behavioral1/memory/2936-23-0x000007FEF5D80000-0x000007FEF61EE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2936	1724	Netflix_Accounts_Generator_v1.3.exe	30
PID 1724 wrote to memory of 2936	1724	Netflix_Accounts_Generator_v1.3.exe	30
PID 1724 wrote to memory of 2936	1724	Netflix_Accounts_Generator_v1.3.exe	30

C:\Users\Admin\AppData\Local\Temp\Netflix_Accounts_Generator_v1.3.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix_Accounts_Generator_v1.3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\Netflix_Accounts_Generator_v1.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Netflix_Accounts_Generator_v1.3.exe"
  2⤵
  - Loads dropped DLL
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Password Policy Discovery

T1201

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17242\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
memory/2936-23-0x000007FEF5D80000-0x000007FEF61EE000-memory.dmp

Filesize
4.4MB

Download