Overview

overview

10

Static

static

3

thinkharder.exe

windows7-x64

7

thinkharder.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    06-02-2025 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    thinkharder.exe

  • Size

    10.7MB

  • MD5

    ebfb59f751c8466ccc9534074a5ad60d

  • SHA1

    5988dc805e47206a6f9edbb6f06feb56b77f8039

  • SHA256

    4232728e7dc5cd18518d5186bfa83e2f752504cae408a077176577b1e040b956

  • SHA512

    dd455e5135a5349243109e7e79e3cef4119afe87bcee2b3958ea27f8b8ee62587f5a3a703c1f89bfe9b66a4b1ba8b564051fadec95a392cc623420648ab697d8

  • SSDEEP

    196608:7FWfcxffivNm1E8giq1g9mFDONfSTTDVp8SxPuHAKIKwChWO5+cbTH:Yf03i1m1NqjQfSZp1xPNkbhWrcHH

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\thinkharder.exe
    "C:\Users\Admin\AppData\Local\Temp\thinkharder.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\thinkharder.exe
      "C:\Users\Admin\AppData\Local\Temp\thinkharder.exe"
      2⤵
      • Loads dropped DLL
      PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI26042\python311.dll
    Filesize

    1.6MB

    MD5

    d69ea538a2dab847e8f2450369d1a3fc

    SHA1

    dbe5ce2a1dc71c3b7945114e132cce559f8e4191

    SHA256

    f25b2bd88d83732070f298adb180a5f160dc21e9a934b87747a9ee363be03404

    SHA512

    0fafd7378b6e2fc18b601173459818f6d6c556dd8d28cf5c75d94a624377f075a77cd87535c3ba6bbcbe439c2babecf4553b7e21838dc0c9d0efaf3e513c9ba0

    Download Submit

  • memory/2920-48-0x000007FEF5E90000-0x000007FEF6475000-memory.dmp

    Filesize

    5.9MB

    Download