Analysis
-
max time kernel
160s -
max time network
50s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
01-10-2021 23:31
Static task
static1
Behavioral task
behavioral1
Sample
mslog.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
mslog.exe
Resource
win10-en-20210920
General
-
Target
mslog.exe
-
Size
9.7MB
-
MD5
f203e938be3fe17ebf389ade9c6b2c9e
-
SHA1
85c697602efae829e8765a671b36e705a7c96662
-
SHA256
f0676c64a2f27a02d7947ad41eecfcd9fde5b47ea8fcb9be2a3838cb7dc86128
-
SHA512
fcb03c204577fc655361610ee27db83eb87a18ed17291055ef0c94de9df5de18e0624972ab4148cc6d3c2ffbcd5e63cc6ceb59292fd468687fac935bafff0030
Malware Config
Signatures
-
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI9802\python39.dll upx \Users\Admin\AppData\Local\Temp\_MEI9802\python39.dll upx -
Loads dropped DLL 1 IoCs
Processes:
mslog.exepid process 1676 mslog.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
mslog.exedescription pid process target process PID 980 wrote to memory of 1676 980 mslog.exe mslog.exe PID 980 wrote to memory of 1676 980 mslog.exe mslog.exe PID 980 wrote to memory of 1676 980 mslog.exe mslog.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI9802\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
\Users\Admin\AppData\Local\Temp\_MEI9802\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
memory/1676-60-0x0000000000000000-mapping.dmp