Analysis
-
max time kernel
75s -
max time network
23s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
06-10-2021 15:58
Static task
static1
Behavioral task
behavioral1
Sample
lol.exe
Resource
win7-en-20210920
General
-
Target
lol.exe
-
Size
6.8MB
-
MD5
4eb70e6ca68fd90ce23f809bceea02d7
-
SHA1
0f96257dd603feabcfeca22f0ce5029f17ba4c2d
-
SHA256
b8a9fcde3cb3f9130318b07a3b8c715e8fd9edcef11aa8af56b3942cf2566943
-
SHA512
76ffc45928fb6f21a511e6a30ecf4de2877d5b982ee553279ccb642db852ebe7edbf56c37fd4d3aa7b40a91c9df0cd193523a71f9b6907e7650a10d72a448705
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
lol.exepid process 1064 lol.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
lol.exedescription pid process target process PID 1232 wrote to memory of 1064 1232 lol.exe lol.exe PID 1232 wrote to memory of 1064 1232 lol.exe lol.exe PID 1232 wrote to memory of 1064 1232 lol.exe lol.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI12322\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
\Users\Admin\AppData\Local\Temp\_MEI12322\python39.dllMD5
7e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
memory/1064-54-0x0000000000000000-mapping.dmp
-
memory/1232-53-0x000007FEFBA71000-0x000007FEFBA73000-memory.dmpFilesize
8KB