96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/03/2025, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
Size

8.2MB
MD5

4c678ae48d78541c32df40c3fb2ac55c
SHA1

9836074bfecd658a43864563f6512df5a3f85b11
SHA256

96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4
SHA512

a1fd2363c889dd147834c61e3d1e03efad52f1934acb741f037660addfb49898f1d4d2cca8ae3a45b17e607d8029f2101b81ca3c573be8b3d0e009b7d17833cc
SSDEEP

196608:7WPxRgktJurErvI9pWjgyvoaYrE41JI1DIwoOdho:wgktJurEUWjdo/H1JS1oCho

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
2532	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001977d-73.dat	upx
behavioral1/memory/2532-75-0x000007FEF63F0000-0x000007FEF69E0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2532	2756	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe	30
PID 2756 wrote to memory of 2532	2756	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe	30
PID 2756 wrote to memory of 2532	2756	96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe	30

C:\Users\Admin\AppData\Local\Temp\96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
"C:\Users\Admin\AppData\Local\Temp\96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe
  "C:\Users\Admin\AppData\Local\Temp\96608cf3b82070c59d15eb9695ff6aef8ee6e19d17a2d392ac29e6018026b2f4.exe"
  2⤵
  - Loads dropped DLL
  PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27562\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
399a356813bc768093f851bdf1066b9b

SHA1
08551b7477de120b86d5a8f74b77702bb9ff5a71

SHA256
26a3ae0c9d5456107c1e429be59993e40d7f765a9cb409ccb13547063590a786

SHA512
7bd83dfb8b582fd375cb5ae90c871fc5b3b34d534d657eda76655f4e3de6fe0fa4f86c7369f8819c7f34e343f86797da83848063e5f7f5aad2c2f131478d4792

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27562\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27562\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
746f9a90329ddab557bdf9b6ec75fecf

SHA1
fe58289ab2f75fe2cf7b4a1beab69505d7e999aa

SHA256
86fbcfa212113ec68111d3ee2d0a527335937e6cc4703322f2b6fe230e63e713

SHA512
20438a5da734b02bd717fcf49e58715e19fa25410191d36c14a0c49a78a19ed8d0c65d016ecdfca716488294e31311b4e648f5b55bea016e55c3c469bdf74641

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27562\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
8fd4019ccb7912c94073b9343d18c734

SHA1
85e6628f63962598e25d7708eceff0712d9695cb

SHA256
9db8cb5da274f5a28806f7c388db660448d0c557116e2b523daf09fb598262ad

SHA512
ba3a02a54309aa835d0262ca16374326673d411781c8ea70769fe7bc2aea166a427bb240fffe009d8d445979de033345bf71e9f31737d440337b97ca440ededf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27562\python311.dll

Filesize
1.6MB

MD5
b167b98fc5c89d65cb1fa8df31c5de13

SHA1
3a6597007f572ea09ed233d813462e80e14c5444

SHA256
28eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76

SHA512
40a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27562\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27562\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
94a737edf77cb717d36e00f60834bde9

SHA1
b3a2b28bef94327d1d6b2916b9bbed037805ae16

SHA256
32acb6628a4aa24f5c92e9c205bebc878b11de31373062504063f6092eb5c9a3

SHA512
4a8c8e1f97c3018135bf7f0a770bf373e3483fbf12e840fe632af0946bfb9e9e267579013b5e3ee7d8f507fefc78dacef5794f3980072a09ad704e22afeec7a0

Download Submit
memory/2532-75-0x000007FEF63F0000-0x000007FEF69E0000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads