Analysis
-
max time kernel
89s -
max time network
38s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
30-11-2023 21:21
Behavioral task
behavioral1
Sample
Image Logger Creater.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Image Logger Creater.exe
Resource
win10v2004-20231127-en
General
-
Target
Image Logger Creater.exe
-
Size
74.5MB
-
MD5
86a41dd7f55fa30a6b9aee8e1792906a
-
SHA1
733a36437aca64603dffd663032322f7da5bd873
-
SHA256
0b3cda79a820f532cf7000c66377cb24a4ed04ce0012ab268b02a5c868c7a1ad
-
SHA512
1f5c25cdfd806d26c6e24ae9754c238ef67705947de7617468f418043b147b64d84e5b3298bd13beb89d0d4ad0016341a7c0e17a0fb5e17be39ebaad6c5bf0ff
-
SSDEEP
1572864:IPV2MueQpjnkSk8IpG7V+VPhqILE7ARjRnWWWpyppiZzI+hReSW+/8Z5/Rj5:OVZueqzkSkB05awIRRdleg2zdESIrRt
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
Image Logger Creater.exepid process 1860 Image Logger Creater.exe 1860 Image Logger Creater.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI25722\python310.dll upx \Users\Admin\AppData\Local\Temp\_MEI25722\python310.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Image Logger Creater.exedescription pid process target process PID 2572 wrote to memory of 1860 2572 Image Logger Creater.exe Image Logger Creater.exe PID 2572 wrote to memory of 1860 2572 Image Logger Creater.exe Image Logger Creater.exe PID 2572 wrote to memory of 1860 2572 Image Logger Creater.exe Image Logger Creater.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Image Logger Creater.exe"C:\Users\Admin\AppData\Local\Temp\Image Logger Creater.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2572 -
C:\Users\Admin\AppData\Local\Temp\Image Logger Creater.exe"C:\Users\Admin\AppData\Local\Temp\Image Logger Creater.exe"2⤵
- Loads dropped DLL
PID:1860
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5933b49da4d229294aad0c6a805ad2d71
SHA19828e3ce504151c2f933173ef810202d405510a4
SHA256ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206
SHA5126023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165
-
Filesize
1021KB
MD569b307d27ae7c40392481d67a4f9ba50
SHA1d99919d236475ea4b3f63aa035577334e2b50372
SHA256a7b514013b5786bdfb345c220a0a3e2ac3e5de4af21eacfa48a9fbb4e1370a02
SHA512ce47748a792aa1e8b5eabfa185f11fc5808078c8e922d0946f6db06c4526eb39f3cd1b9836c938bd6e358a22c9207e888838af13f4ad81817589a5e175a76213
-
Filesize
1.4MB
MD5933b49da4d229294aad0c6a805ad2d71
SHA19828e3ce504151c2f933173ef810202d405510a4
SHA256ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206
SHA5126023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165
-
Filesize
1021KB
MD569b307d27ae7c40392481d67a4f9ba50
SHA1d99919d236475ea4b3f63aa035577334e2b50372
SHA256a7b514013b5786bdfb345c220a0a3e2ac3e5de4af21eacfa48a9fbb4e1370a02
SHA512ce47748a792aa1e8b5eabfa185f11fc5808078c8e922d0946f6db06c4526eb39f3cd1b9836c938bd6e358a22c9207e888838af13f4ad81817589a5e175a76213