Analysis
-
max time kernel
1561s -
max time network
1567s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
22-11-2023 20:29
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20231023-en
General
-
Target
source_prepared.exe
-
Size
74.0MB
-
MD5
29f991e7f4496a3125e90e92c6bec577
-
SHA1
53a3207c45d328b529142b6cf3993d8c2cc95d6a
-
SHA256
34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5
-
SHA512
b2e8e180605bc29e4b9998960825e80d5ac9c2a8c1ff4eac1a21cd994f7223964e379b6ca9c03a8b94f6bd2eac35dc86728a114c3897d12cf01ab7c094039e86
-
SSDEEP
1572864:I2MueQpjWkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW6TnZvyh+kh:IZueqKkSkB05awS8Rd0eg2zd7XV8vh
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
source_prepared.exepid process 2752 source_prepared.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll upx \Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll upx -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
source_prepared.exepid process 2752 source_prepared.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
source_prepared.exedescription pid process target process PID 2132 wrote to memory of 2752 2132 source_prepared.exe source_prepared.exe PID 2132 wrote to memory of 2752 2132 source_prepared.exe source_prepared.exe PID 2132 wrote to memory of 2752 2132 source_prepared.exe source_prepared.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2752
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5178a0f45fde7db40c238f1340a0c0ec0
SHA1dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA2569fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA5124b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee
-
Filesize
1.4MB
MD5178a0f45fde7db40c238f1340a0c0ec0
SHA1dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA2569fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA5124b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee