Overview

overview

10

Static

static

10

all in one pt2.exe

windows7-x64

7

all in one pt2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-02-2025 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    all in one pt2.exe

  • Size

    29.8MB

  • MD5

    5c3a03089a924946a52be6ec640834d0

  • SHA1

    834b169e2db42a18a6f8519fcfaa61a22eab9c9e

  • SHA256

    e72898368d319773ec6f063ea448775c6a0184fdbbfffc1f656e7cea3d94bb1f

  • SHA512

    de26058ebd0f04a268971c2fd42a4c89aea1eab42f470a1896ff668ac43f50f3125ccc82a877ea2e35990886d2063403662c3a8c5967c0784ef29be2929a9a79

  • SSDEEP

    393216:H2L62LqCeYw/lLOZW8i6SqGINOfH6rl8J3PXf0dfY8soAL/gmiVOq3MVJee:Row/lOW81lO2l8dPXAflsoM/FmcVQe

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\all in one pt2.exe
    "C:\Users\Admin\AppData\Local\Temp\all in one pt2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\all in one pt2.exe
      "C:\Users\Admin\AppData\Local\Temp\all in one pt2.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI23762\python313.dll
    Filesize

    1.8MB

    MD5

    6b3a16dc31065257b7845d9ff611e3c6

    SHA1

    8cf971ee772193a93e49f4701f817bc6245cf81c

    SHA256

    3cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6

    SHA512

    1d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec

    Download Submit

  • memory/1576-1158-0x000007FEF5800000-0x000007FEF5E64000-memory.dmp

    Filesize

    6.4MB

    Download