1c8795c3459d3fc89717417db185f9c70a60f5b11833b5f06675a332246a1d88 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 12:22

Sharing

Report Analysis Logs

General

Target

AZ Trigger.exe
Size

8.9MB
MD5

283ff2db36a18f10ebc46c702ce262f0
SHA1

318cb1f65061d2bda94e6a6a4ddb2c4d5ef3dd9e
SHA256

ce281ecc776e6c635f97f96876adafb5a4454c55c787e5e8ac9fc3918cae4873
SHA512

1f70828c945f79c9e8cda542fc9bb36fc26f9c52171339a4ca4ecbb20c4e9da07944e1098d43ddb6bdd58d9b6862fd84c091ee36fe9c27b82cdafc0a108f62b4
SSDEEP

196608:Y1wZA3tEFDUpQ5/ISGL2V76+Dfc/f/+SJXEzf5bjlKnaG:cf9dM/ISGL2V76mfc/esw5bCaG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2716	AZ Trigger.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2716	3056	AZ Trigger.exe	29
PID 3056 wrote to memory of 2716	3056	AZ Trigger.exe	29
PID 3056 wrote to memory of 2716	3056	AZ Trigger.exe	29

C:\Users\Admin\AppData\Local\Temp\AZ Trigger.exe
"C:\Users\Admin\AppData\Local\Temp\AZ Trigger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\AZ Trigger.exe
  "C:\Users\Admin\AppData\Local\Temp\AZ Trigger.exe"
  2⤵
  - Loads dropped DLL
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30562\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit