Analysis
-
max time kernel
1561s -
max time network
1567s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
25-11-2023 18:11
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20231023-en
General
-
Target
source_prepared.exe
-
Size
76.6MB
-
MD5
5ff1ae99dac344b67a90976043b3b8ca
-
SHA1
ec8d7ad6df29ceed3a494e4fbb61ba827af13fde
-
SHA256
81936d79154b6e882a767c6de06742eab1a127c053ec2910f4c4fa78d5661ffb
-
SHA512
562f414f48c32e45d8bf8d07fe15c4e086ffcbb5a9a5d0a43940ed7d151da887b8ce0948772a6b9172a7f70d3b0cc485e931fcd9975ea9f5e1b768177a336534
-
SSDEEP
1572864:j2MbiJR5Q3jX2UWSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWaawxBFbVI:jZbC+7ESkB05awb+THubsghfxOlldSjJ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
source_prepared.exepid process 2680 source_prepared.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI16842\python311.dll upx \Users\Admin\AppData\Local\Temp\_MEI16842\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
source_prepared.exedescription pid process target process PID 1684 wrote to memory of 2680 1684 source_prepared.exe source_prepared.exe PID 1684 wrote to memory of 2680 1684 source_prepared.exe source_prepared.exe PID 1684 wrote to memory of 2680 1684 source_prepared.exe source_prepared.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"2⤵
- Loads dropped DLL
PID:2680
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD58ea69ca2292c3af9cdb46dded91bc837
SHA172de7df68b2c336720d1528c34f21ff00ed7a2ce
SHA2563512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49
SHA512fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc
-
Filesize
1.6MB
MD58ea69ca2292c3af9cdb46dded91bc837
SHA172de7df68b2c336720d1528c34f21ff00ed7a2ce
SHA2563512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49
SHA512fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc