9f28fbfcd8096c7780ffba113cb7a9b9c9d9f12e996237aa165e1a645c17867d

Resubmissions

19-02-2025 19:28

250219-x6rwjaxkb1 10

Analysis

max time kernel
14s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-02-2025 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

havefunfpsbooster.exe
Size

82.4MB
MD5

6a50b0b40ad025606e9a88fe47b8afdb
SHA1

915fa9d53c8ef8361c01a26aa91c47b999014b49
SHA256

9f28fbfcd8096c7780ffba113cb7a9b9c9d9f12e996237aa165e1a645c17867d
SHA512

7c058dbeb5cb259f796f201714771b5f406846756a92fc9eecf6d7fb93f238380a2d3ebb91aca578adab261099003b65202c3fab186d3883fd719af6ba5a6ed4
SSDEEP

1572864:ln21lWiWXwOkiqOv8im2A6WE7a6ln2iYKrhbOoAk6BUqphQavCR9WeF:lMgiQwOknOv8i35i6lLrFoFUqphQaqRU

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe
1148	havefunfpsbooster.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b43-1320.dat	upx
behavioral1/memory/1148-1322-0x000007FEF5CE0000-0x000007FEF6171000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 1148	2580	havefunfpsbooster.exe	29
PID 2580 wrote to memory of 1148	2580	havefunfpsbooster.exe	29
PID 2580 wrote to memory of 1148	2580	havefunfpsbooster.exe	29

C:\Users\Admin\AppData\Local\Temp\havefunfpsbooster.exe
"C:\Users\Admin\AppData\Local\Temp\havefunfpsbooster.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Users\Admin\AppData\Local\Temp\havefunfpsbooster.exe
  "C:\Users\Admin\AppData\Local\Temp\havefunfpsbooster.exe"
  2⤵
  - Loads dropped DLL
  PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
78c49a3429795319bab3eab13e06da57

SHA1
eba004f23c6421b53cbb38caed0b054316234bcb

SHA256
8e40cd2fa72684e7658936fab0f8aaaf4ef34cb0e627b54a352cf5769a772e61

SHA512
e6d4b0a725386352fd8652826ad26e0295561dff021558e72a8a8cb76c4f5e30bb9b04bd8d37fbec03ff744f65accbf50b29c9aee9ae1a4e8ce44fa2b04eaba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
9835cc887dfbc6bdd236188167928e3e

SHA1
fe807728459deeedcb14c4241b77fac68cd6a457

SHA256
8b8dcfa1b4384eee8472749413e27b56b4ee924d399d2f0addc923eb6a301ffe

SHA512
db6ccc9ac5b01b7bbf1dc210e9e58d85f2b3e3b015cd039daf2ad80270fb23ecff8f7621ef745ce7893d44551c1b09dc8cb783973c1768e99aabfb779b48241d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
47438067f4b559539f51a4d55a45fe91

SHA1
5c5b37d4502c38bf2a3f8ae98988a71d46f8e65f

SHA256
aaa79d4709383c4faa3a6c79899c853e07ca82d52fb6ec5da0eb3cc98168049c

SHA512
017e32de66d22dea43dc4075f6197507902a60826f27e1696f93f25f45e5a26537a5a9fd8cb6fb15036878ed816ecbf9f10d5543f3391629c450e0c422476f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e0d27b18a9409502c3288a46c8f984f6

SHA1
ed401b11ab0b1cff62a98cec674f241f3b3550a4

SHA256
df156ac18d7f78023ada0d5fe667620252b079a6a1f8a1f371aae549986434aa

SHA512
589a4994dfb58e31d6de10941b951ee14a9e006096807fd93098f5c5362c13ca190b34c1ad558a7c9aa8050ac690b7706d16aed8d0b86c1dac0355a373b000be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
20179816295e136cb9847706304d3eb2

SHA1
0e6b4938624f521c5f5f2994036c8d0ed68044cc

SHA256
b75ddc006e757d7d6a05b146e6874aa4c2b17da90b3ec0dd0910a5ae0d60000e

SHA512
a1449a5087ae75ba3acc4ee4c5d6a76f6fda6bc809db76e32619b6c288db3af7c74fab3e48f590fb3c10bf4ea1b0a36dea436cc23deea0125405f6002280c762

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\python39.dll

Filesize
1.5MB

MD5
6fcd974b9ea7af226e442b6106c594f0

SHA1
030d6b04bb6356bcedf518c309debbe8ca3cea05

SHA256
e22d2daa40a2df2185cdb949a4b8568e0546eff34d124fa2e830cc2cbebb192b

SHA512
fc3d9a1df30c1f19a2546286b83bcd1095efe7616f689f9913fc767c33652974e9e4ea4d66ca248b1787a3dbe766a23464d34752e1f26dfaeefeb6935f65d60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\ucrtbase.dll

Filesize
1.1MB

MD5
8e980cff0ef132b3608e4ef3db59535c

SHA1
391ee31a935d859ac097309b94765ef8347fec72

SHA256
8c91e50b7c66a95f89bd14785b6333caa5e3e9ab508d889a88880a24b29bddf8

SHA512
888df5dff9faa300100fdf2fe4f7323ec2fcb6b147ee4de9f4e9d0a640b1a95b9a538fe88bac3a697187701dd27190bef36e52929e682d94630c15c43bbb586a

Download Submit
memory/1148-1322-0x000007FEF5CE0000-0x000007FEF6171000-memory.dmp

Filesize
4.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads