a30227ac705282ab7f4b59e726cb480ee28af1972ac0dfd8d750786a70b63219

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/08/2023, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Creal.exe
Size

16.9MB
MD5

c43ece8537a08cdd41a6ba220d5df517
SHA1

d1323d3a382c7d70803737c087e4378251350224
SHA256

a30227ac705282ab7f4b59e726cb480ee28af1972ac0dfd8d750786a70b63219
SHA512

3063784011076bcba2026368ff8f077e1339694795e7c5783aadc40e2223fc41bc963839f27d13c2ef131dee357fb752e64d2a6662b7d3664f54ba574fdb3b5d
SSDEEP

196608:ew0sKYu/PaQts1q4FMIZETSRjPePdrQJM96KbABL9vQ8lc1pd4ilW39Bn4iyH6Rl:7QtswQETSRvJQnEvQ8g0iWNB4pVIT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2948	Creal.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1512	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1512	vlc.exe

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
2948	Creal.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe
1512	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1512	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2948	2212	Creal.exe	28
PID 2212 wrote to memory of 2948	2212	Creal.exe	28
PID 2212 wrote to memory of 2948	2212	Creal.exe	28

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2948

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ShowReset.mpg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22122\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22122\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
memory/1512-233-0x000000013F410000-0x000000013F508000-memory.dmp

Filesize
992KB

Download
memory/1512-234-0x000007FEF7720000-0x000007FEF7754000-memory.dmp

Filesize
208KB

Download
memory/1512-235-0x000007FEF5A00000-0x000007FEF5CB4000-memory.dmp

Filesize
2.7MB

Download
memory/1512-236-0x000007FEFB110000-0x000007FEFB128000-memory.dmp

Filesize
96KB

Download
memory/1512-237-0x000007FEFAD90000-0x000007FEFADA7000-memory.dmp

Filesize
92KB

Download
memory/1512-238-0x000007FEFAC30000-0x000007FEFAC41000-memory.dmp

Filesize
68KB

Download
memory/1512-239-0x000007FEF7520000-0x000007FEF7537000-memory.dmp

Filesize
92KB

Download
memory/1512-240-0x000007FEF7500000-0x000007FEF7511000-memory.dmp

Filesize
68KB

Download
memory/1512-241-0x000007FEF6610000-0x000007FEF662D000-memory.dmp

Filesize
116KB

Download
memory/1512-242-0x000007FEF65F0000-0x000007FEF6601000-memory.dmp

Filesize
68KB

Download
memory/1512-243-0x000007FEF5800000-0x000007FEF5A00000-memory.dmp

Filesize
2.0MB

Download
memory/1512-244-0x000007FEF4750000-0x000007FEF57FB000-memory.dmp

Filesize
16.7MB

Download
memory/1512-245-0x000007FEF65B0000-0x000007FEF65EF000-memory.dmp

Filesize
252KB

Download
memory/1512-246-0x000007FEF6110000-0x000007FEF6131000-memory.dmp

Filesize
132KB

Download
memory/1512-247-0x000007FEF60F0000-0x000007FEF6108000-memory.dmp

Filesize
96KB

Download
memory/1512-248-0x000007FEF60D0000-0x000007FEF60E1000-memory.dmp

Filesize
68KB

Download
memory/1512-249-0x000007FEF60B0000-0x000007FEF60C1000-memory.dmp

Filesize
68KB

Download
memory/1512-250-0x000007FEF6090000-0x000007FEF60A1000-memory.dmp

Filesize
68KB

Download
memory/1512-251-0x000007FEF6070000-0x000007FEF608B000-memory.dmp

Filesize
108KB

Download
memory/1512-252-0x000007FEF6050000-0x000007FEF6061000-memory.dmp

Filesize
68KB

Download
memory/1512-253-0x000007FEF6030000-0x000007FEF6048000-memory.dmp

Filesize
96KB

Download
memory/1512-254-0x000007FEF4720000-0x000007FEF4750000-memory.dmp

Filesize
192KB

Download
memory/1512-255-0x000007FEF46B0000-0x000007FEF4717000-memory.dmp

Filesize
412KB

Download
memory/1512-256-0x000007FEF4640000-0x000007FEF46AF000-memory.dmp

Filesize
444KB

Download
memory/1512-257-0x000007FEF4620000-0x000007FEF4631000-memory.dmp

Filesize
68KB

Download
memory/1512-258-0x000007FEF45C0000-0x000007FEF4616000-memory.dmp

Filesize
344KB

Download
memory/1512-259-0x000007FEF4590000-0x000007FEF45B8000-memory.dmp

Filesize
160KB

Download
memory/1512-260-0x000007FEF4560000-0x000007FEF4584000-memory.dmp

Filesize
144KB

Download
memory/1512-264-0x000007FEF44D0000-0x000007FEF44E2000-memory.dmp

Filesize
72KB

Download
memory/1512-265-0x000007FEF44A0000-0x000007FEF44C1000-memory.dmp

Filesize
132KB

Download
memory/1512-263-0x000007FEF44F0000-0x000007FEF4501000-memory.dmp

Filesize
68KB

Download
memory/1512-268-0x000007FEF4320000-0x000007FEF445B000-memory.dmp

Filesize
1.2MB

Download
memory/1512-267-0x000007FEF4460000-0x000007FEF4472000-memory.dmp

Filesize
72KB

Download
memory/1512-266-0x000007FEF4480000-0x000007FEF4493000-memory.dmp

Filesize
76KB

Download
memory/1512-269-0x000007FEF42F0000-0x000007FEF431C000-memory.dmp

Filesize
176KB

Download
memory/1512-262-0x000007FEF4510000-0x000007FEF4533000-memory.dmp

Filesize
140KB

Download
memory/1512-261-0x000007FEF4540000-0x000007FEF4557000-memory.dmp

Filesize
92KB

Download
memory/1512-270-0x000007FEF4130000-0x000007FEF42E2000-memory.dmp

Filesize
1.7MB

Download
memory/1512-273-0x000007FEF4010000-0x000007FEF40A7000-memory.dmp

Filesize
604KB

Download
memory/1512-272-0x000007FEF40B0000-0x000007FEF40C1000-memory.dmp

Filesize
68KB

Download
memory/1512-274-0x000007FEF3FF0000-0x000007FEF4002000-memory.dmp

Filesize
72KB

Download
memory/1512-271-0x000007FEF40D0000-0x000007FEF412C000-memory.dmp

Filesize
368KB

Download
memory/1512-286-0x000007FEF3C90000-0x000007FEF3DA2000-memory.dmp

Filesize
1.1MB

Download
memory/1512-289-0x000000013F410000-0x000000013F508000-memory.dmp

Filesize
992KB

Download
memory/1512-291-0x000007FEF7720000-0x000007FEF7754000-memory.dmp

Filesize
208KB

Download
memory/1512-293-0x000007FEF5A00000-0x000007FEF5CB4000-memory.dmp

Filesize
2.7MB

Download
memory/1512-295-0x000007FEF4750000-0x000007FEF57FB000-memory.dmp

Filesize
16.7MB

Download
memory/1512-300-0x000007FEF3C90000-0x000007FEF3DA2000-memory.dmp

Filesize
1.1MB

Download