Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
04-11-2021 02:56
Static task
static1
Behavioral task
behavioral1
Sample
EXPLORER.EXE
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
EXPLORER.EXE
Resource
win10-en-20210920
General
-
Target
EXPLORER.EXE
-
Size
60.1MB
-
MD5
2903fe3ebe48acb2890746800072efd7
-
SHA1
802c9658f2d87e8be1433e85f00dafb939f8178d
-
SHA256
35cd99b95e1aa4048b699652df3db96772e3968640fc8cb235dd28b8f7c1346e
-
SHA512
54ff79553bd2cf444bf5f84aa5824d5cbce008c8ae602d3cc902340201404bd342d3c9fff98dea96f4fedcc66bbf6160a20d85b8816543610f7468ef53c7bc78
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
EXPLORER.EXEpid process 788 EXPLORER.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
EXPLORER.EXEdescription pid process target process PID 324 wrote to memory of 788 324 EXPLORER.EXE EXPLORER.EXE PID 324 wrote to memory of 788 324 EXPLORER.EXE EXPLORER.EXE PID 324 wrote to memory of 788 324 EXPLORER.EXE EXPLORER.EXE
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI3242\python39.dllMD5
d4bed68bb58d08a26c67214447cbc6ee
SHA1c4cd63967a816bbe76888fdd95586a0911900fda
SHA2566e67838ad7e50e8cc71e489a723613b25795c7079295778e724573f411295067
SHA5128a49979c6fd1f00ba96bdb6762bbecfc6e836b469de39381c47e4f05ddc206d2a001d5c8175fafdc16d3152baba9078faeecfbcfa8222e31b018a93c7dd3d168
-
\Users\Admin\AppData\Local\Temp\_MEI3242\python39.dllMD5
d4bed68bb58d08a26c67214447cbc6ee
SHA1c4cd63967a816bbe76888fdd95586a0911900fda
SHA2566e67838ad7e50e8cc71e489a723613b25795c7079295778e724573f411295067
SHA5128a49979c6fd1f00ba96bdb6762bbecfc6e836b469de39381c47e4f05ddc206d2a001d5c8175fafdc16d3152baba9078faeecfbcfa8222e31b018a93c7dd3d168
-
memory/324-54-0x000007FEFC4F1000-0x000007FEFC4F3000-memory.dmpFilesize
8KB
-
memory/788-55-0x0000000000000000-mapping.dmp