dc21a9a0dad416681c8cd067469387090da078e6c38e9d75b4adb0098e786a52

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurtaHack.exe
Size

8.4MB
MD5

24ddd42a42530a1b483233b51bc494fd
SHA1

ea54da70ae75760c4fb86d53dd9ec5801f75b7c8
SHA256

0e969d32dedf958e3aa22245176c66529365cdf79ea2b4ffdf5e174b0dedb7d7
SHA512

0d97a3d8e3a187b9cd22c6e8a994ddb95028d8598fac7af86d23066eb43379cda549d2f2fb99ed55c9dc3c59f02b0839986c01c1c4fd0b9abbb012a46af7c56b
SSDEEP

196608:HWq067MNJhhhEwfI9jUCD6rlaZLH7qRGrGIYV9oZy8FUsOnAoX:zMNZh7IH20drLYVmZjoX

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1876	FurtaHack.exe
1876	FurtaHack.exe
1876	FurtaHack.exe
1876	FurtaHack.exe
1876	FurtaHack.exe
1876	FurtaHack.exe
1876	FurtaHack.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001c86a-73.dat	upx
behavioral1/memory/1876-75-0x000007FEF5900000-0x000007FEF5F64000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 1876	2804	FurtaHack.exe	30
PID 2804 wrote to memory of 1876	2804	FurtaHack.exe	30
PID 2804 wrote to memory of 1876	2804	FurtaHack.exe	30

C:\Users\Admin\AppData\Local\Temp\FurtaHack.exe
"C:\Users\Admin\AppData\Local\Temp\FurtaHack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\FurtaHack.exe
  "C:\Users\Admin\AppData\Local\Temp\FurtaHack.exe"
  2⤵
  - Loads dropped DLL
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28042\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
f935ea5a82b9d6feb897fc0a029ae57e

SHA1
3efe077391f351ea6f58a85b5c6ee3b71214c6a4

SHA256
2d177ff6381e64639c76f6f6ceaa01ce07bbcfe55f33064b3ecd7e49ba87c9a8

SHA512
d2ce0fcb05e1d26d35e8ba8125f1e513f48b7810e6bfe690771fca20711191132794c8f5a9d7bd115a77f8eab7bb14d6bac05405d178487583cc4a0f2ec7d7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
c5441ab18ca583fb3b76c9a755403a81

SHA1
6aa8613f8886d1106baab8fa3d8da496f1ac363e

SHA256
22a2adb728a83b393a910a97e2f7f616a03b6f79339c3a0baeceae3258e67680

SHA512
552ed700db1e6cf75bb6d05ff9d87b2327107f34f32491d7efd5955606bba914cf269ea957085ad05d2ec5eddb1755c54b7afdd34558e6166ef215fd4745c6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
d9225f7889ded5d4447b7bf33b7da9c9

SHA1
7387961ba07e0a50cdaab5e6e178d23e2fd778b7

SHA256
d93baefe9e459234060780313d1bb331c2f2f7bc3c891e3954cd71bdc409c06a

SHA512
64faff4101fd0b2f53931093ad0cd7157cc4a1ca2ee34d1ec0b8e74b551155a1db8a65df4caf744a189138fda64f9ad24bcfb4be822d35d233957d74038be9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e3aa65819291a57b9d8d1e01fb579574

SHA1
aa508a26b08939d673a4243c42fee0b674370a39

SHA256
84f70018c66f752c8d794fc6d61bbfa6fd4c49a7c042675ea732fd28a14230e6

SHA512
24ce3a36f522460e365ff964f4a466cbf16b2f4293c036f7c04eabb75fb4eab65119bc0be810597d5538e1ee791e86ce85a0fb03f7ab18a0af136c06a96fd15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
cfd38ec6f8215316f0e04f1f329eb355

SHA1
07a8686388fdb3f97ab1405406aa98dd0844bc2c

SHA256
20f07e4d34a5e4c892f2eced1eb337af6c0fcaf3cb9a62d742949c9e124bf097

SHA512
52322c448886f566c6dac8fcdf6c134067fa7446e95e7dfffaa376df45f746d320e43b09872ab91c237b430204aca7498b11d92f97818791cde31ed42c2864e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\python313.dll

Filesize
1.8MB

MD5
2a4aad7818d527bbea76e9e81077cc21

SHA1
4db3b39874c01bf3ba1ab8659957bbc28aab1ab2

SHA256
4712a6bb81b862fc292fcd857cef931ca8e4c142e70eaa4fd7a8d0a96aff5e7e

SHA512
d10631b7fc25a8b9cc038514e9db1597cec0580ee34a56ce5cfc5a33e7010b5e1df7f15ec30ebb351356e2b815528fb4161956f26b5bfaf3dce7bc6701b79c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28042\ucrtbase.dll

Filesize
1.1MB

MD5
25315bb19472d49ecf8cacb99ba211d8

SHA1
a50dd63a0e0426c1326c34a1ab9cb3b4e8e19fe2

SHA256
f097eda257a205ab9531d1e00c2b05f03dfdf178317fcfc0da8dbb9dcbd0503c

SHA512
fdccd70818585ced34a7ccc6c59fb7eb2f1700abb45a77e6579feb90d07bc2567c2399403e16adb478b21cf58a2385f8ce1a7e1acb7ea1c1ecfc79679e19cf2a

Download Submit
memory/1876-75-0x000007FEF5900000-0x000007FEF5F64000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads