58134b4d729cdb7b4ee16f7d565acba38c1bed3559a2e5b9d72a975c51509fb2

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsdesktop-runtime-8.0.13-win-x64.exe
Size

51.8MB
MD5

11fb74010f9b3bfdd6f1d5ede3c59299
SHA1

e0bac395ecc713041227bd40b2c88976dbadf58d
SHA256

58134b4d729cdb7b4ee16f7d565acba38c1bed3559a2e5b9d72a975c51509fb2
SHA512

d0ae4c64acdce8fc3b64df331243a5f07c1b7e4974d61172cffe58927924c245d138c060f0f799fab4d20d379322926ff2e7aafdcb9d960d9a08068f803e987a
SSDEEP

786432:v6Vjl6g6eO19nP6SDRVWkv5lXRXeGDnffHv+Eku2DfLMoTWopqEmKHqt0ZraLncy:CVjlIegJDThlhuWnf0fLvpj7k0ZInc

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe
2536	windowsdesktop-runtime-8.0.13-win-x64.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000400000001d136-366.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2536	1800	windowsdesktop-runtime-8.0.13-win-x64.exe	31
PID 1800 wrote to memory of 2536	1800	windowsdesktop-runtime-8.0.13-win-x64.exe	31
PID 1800 wrote to memory of 2536	1800	windowsdesktop-runtime-8.0.13-win-x64.exe	31

C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe"
  2⤵
  - Loads dropped DLL
  PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18002\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18002\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
94a737edf77cb717d36e00f60834bde9

SHA1
b3a2b28bef94327d1d6b2916b9bbed037805ae16

SHA256
32acb6628a4aa24f5c92e9c205bebc878b11de31373062504063f6092eb5c9a3

SHA512
4a8c8e1f97c3018135bf7f0a770bf373e3483fbf12e840fe632af0946bfb9e9e267579013b5e3ee7d8f507fefc78dacef5794f3980072a09ad704e22afeec7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18002\python312.dll

Filesize
1.7MB

MD5
c3a3610611bd5e8a08e7e8ef91279b52

SHA1
0f67e44bf20287f3e4ee0563a6fd6af7d3dd18df

SHA256
95b1567ac76d344f4a8baa62b4d33f85473b9a2592a6f0550a0a397700f6540a

SHA512
11c2abdaadfd3256c306f2fcfa4b871be02353848b4a6bb566ae587353e9de275b812407e048be4101dd8902cfe817411c57e11912170b4e53c9c152ebf2c175

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18002\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18002\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
399a356813bc768093f851bdf1066b9b

SHA1
08551b7477de120b86d5a8f74b77702bb9ff5a71

SHA256
26a3ae0c9d5456107c1e429be59993e40d7f765a9cb409ccb13547063590a786

SHA512
7bd83dfb8b582fd375cb5ae90c871fc5b3b34d534d657eda76655f4e3de6fe0fa4f86c7369f8819c7f34e343f86797da83848063e5f7f5aad2c2f131478d4792

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18002\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
746f9a90329ddab557bdf9b6ec75fecf

SHA1
fe58289ab2f75fe2cf7b4a1beab69505d7e999aa

SHA256
86fbcfa212113ec68111d3ee2d0a527335937e6cc4703322f2b6fe230e63e713

SHA512
20438a5da734b02bd717fcf49e58715e19fa25410191d36c14a0c49a78a19ed8d0c65d016ecdfca716488294e31311b4e648f5b55bea016e55c3c469bdf74641

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18002\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
8fd4019ccb7912c94073b9343d18c734

SHA1
85e6628f63962598e25d7708eceff0712d9695cb

SHA256
9db8cb5da274f5a28806f7c388db660448d0c557116e2b523daf09fb598262ad

SHA512
ba3a02a54309aa835d0262ca16374326673d411781c8ea70769fe7bc2aea166a427bb240fffe009d8d445979de033345bf71e9f31737d440337b97ca440ededf

Download Submit
memory/2536-368-0x000007FEF5730000-0x000007FEF5DF2000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads