9d138e731518e46106c6bba7dc7314f0ea42bf86990dd128a4d4c386a2227919

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

025c6f6140a14719495925f4f055eb8a.exe
Size

7.1MB
MD5

025c6f6140a14719495925f4f055eb8a
SHA1

33f10cf60333c41cc1b787f9e94fc4130ff82c30
SHA256

9d138e731518e46106c6bba7dc7314f0ea42bf86990dd128a4d4c386a2227919
SHA512

2f8a650f43bf790bf084bf7f0c4448e094e34701e97d1f4473c348ab2fe441f7c0b87c107e688d48854b61cd7bac98efba6650af8c9cbda01c92306b50f4c833
SSDEEP

196608:t0tPmCsXDjDyf6L2WliXYrHW1kIGs5Uev4T:KPmCEDVL2ciIrHWV5UW

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 23 IoCs

pid	Process
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2556	025c6f6140a14719495925f4f055eb8a.exe
2976	WerFault.exe
2976	WerFault.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2556	2932	025c6f6140a14719495925f4f055eb8a.exe	21
PID 2932 wrote to memory of 2556	2932	025c6f6140a14719495925f4f055eb8a.exe	21
PID 2932 wrote to memory of 2556	2932	025c6f6140a14719495925f4f055eb8a.exe	21
PID 2556 wrote to memory of 2976	2556	025c6f6140a14719495925f4f055eb8a.exe	22
PID 2556 wrote to memory of 2976	2556	025c6f6140a14719495925f4f055eb8a.exe	22
PID 2556 wrote to memory of 2976	2556	025c6f6140a14719495925f4f055eb8a.exe	22

C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe
"C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe
  "C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 2556 -s 100
    3⤵
    - Loads dropped DLL
    PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l1-2-0.dll

Filesize
4KB

MD5
cb3e0dd38c444938ce1c189aadd29a3f

SHA1
45b985ccd1d30c67c757580d4e9abe6ca7be4dd7

SHA256
b2d983883afd758913a7db54222a2db4bfeb1051b0c0f92e8faae93c0bc90fc4

SHA512
cde637e676819a05cfe6f757bcb6a1aca72bd7d4422e7cedfbf9d8ba42b47eac7868a821fce93e6d0f1de20672a8de7362f9dba0066db812c74e060134fc293e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
1a3292019af01d7a6ed8bc52686840e6

SHA1
e1684c73ae12cd341250d544afcc539856c9bb43

SHA256
e01b24d0fe72ae8d2c76b287d1286741940b84808e4bf11514402a0a6d2706f9

SHA512
941c238c96de015d511bf691e878592ff8c71556ce95b3fba268bf9dc6a2e2ecde3c02b4dff66d3eeaf3b177624b193c42691c692e293982126ef70a10caf48b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l2-1-0.dll

Filesize
2KB

MD5
4a18beda5038c5203993191431b98d62

SHA1
facba10698a89a42c0e419bac056366e809dedc0

SHA256
3144bccc1385efc1ff204442a5aecc0a990776341a268fad15aa605449fca04a

SHA512
fd4a1963babe134202c5b9c97b8a83c0dc1c7e58f04a5cb12f6ccf7ae6ac41f13303fb3d01052e2b670805a7e2d21c193ee888e98e68054dd52b9bdc636a7597

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-localization-l1-2-0.dll

Filesize
4KB

MD5
3018f5b28a9e26395b7933ebcfd6f40c

SHA1
ea38f03430f1a54e9b37e9694eabc7487b6e7201

SHA256
0c62b8ab1e5f30d4a9eadcd412677e0ab5e4e9304f0870a4ee562f08d09ccc7e

SHA512
f9a81f4565d083f30049ee8e4c4da996ba86c7c20e58d3dcd102eb41ab58c6d94941545ea2ee3aa538d352847efdd84376144ff852bdef4ea3c54dab4e5ced47

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-path-l1-1-0.dll

Filesize
3KB

MD5
2cd77f6e2fa6a502e352369426eae1c1

SHA1
abb54114f3677944af582afb6ea1f4a7785537c8

SHA256
e39ca111d81e6e5d90cf13fa0aee525d8a2740b84d2c5cd378dd69e4f79f8b0f

SHA512
47d47a49b8f89f64bd0d4bda344456784e8b0721f9ba32ce3b88e6dd5bec06bfb781dc44495ac17b4c50dfe679e1d18594fa91ccdfa26bed055a2c4a5c7c2906

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
4KB

MD5
004f7f67994de33959d6480ef4d4f515

SHA1
76e83db625d504d1feec5dec918552f9ec51c4c3

SHA256
053a83b3f8ac76232952bdb8fb5c5067f06ba48f82b474829c25326adbd26361

SHA512
d187950683c79b1dffe4432fb476071a203cb14d7987377f71538b81fd36077f181fb7d64e9e4e30099f239764e6cbb501b65c095cd4532bc0b2ab9fbd7755a3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
3KB

MD5
a84f802749ae5a0aa522f203ece20b7f

SHA1
3c631ce4107b2ffc9a4a06c16d41d7d0ea0a9b2f

SHA256
e4d28023eca5bd147ac645048b18bd7272735da10c30c2dbc83cd1c96703d869

SHA512
52b68a300ae56eb8a3b3f811cc7368afe5d4f1e8ee37b6fdae0878978952041bd5467eaaaec23aab12c1735ed3afd8134b2171b633ee1dae3b159e99d765a71d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
156da44de8586202cd7badda883b5994

SHA1
de58f32e2172d31a55df26f0d9a0c5ac9880efdd

SHA256
6e0460ea48738b50c8628038368e4e4b425fb6aa5de76f7fe06f2473fabc0e9e

SHA512
a80a316db9fd3f6907e28771bd39c00244f510096eab3daf617c65962bb223c728505a40dc2c3f651cc49df5d7bfa6f660ea1f9889aeb2bcf9b93a2eb6c0503e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
1b923d7b425ee35cc865715e8ff2b920

SHA1
0302fe5cd576c9e28f1e9939ac04ac6ad89e371e

SHA256
fd40b4d21e907f8c168504bba248ca7eed4a84537ceec8a9903112e531b6a406

SHA512
62571b373b969889d07be3fc26146d93fed2955d6e9b336e4fc8f8759db98a8ec4154b6df5244c3b37cd3bfd7f153b2c6be7799845a02e0446c41a6898f82f31

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\python39.dll

Filesize
1.1MB

MD5
5b7128ae20e820d469ef1503f5b9e759

SHA1
021ebf930278ae042b26010140b77d6f979a1c33

SHA256
1744cebf3e111a3462957f39259974d9624070ab5d0e34ef996930d3c097ba16

SHA512
16716d9c0b1da8dc3541f25cf6373cb1490ed16ef0369cabd25a141e1dfdd94b89926aa544ad156ea74d53b318f932db09a2b68da9469b0e390906771d152bed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\ucrtbase.dll

Filesize
971KB

MD5
bd8b198c3210b885fe516500306a4fcf

SHA1
28762cb66003587be1a59c2668d2300fce300c2d

SHA256
ce2621719f1358508c2c33bcc1380d78a737ca20cd18c0ac89f38e1be788d9a2

SHA512
c32b6c083d3a7da01085718e5685e9a04034be91251c065794ceef1dfaaf6573fdd845cbc84e926ab3f510d295649cb6e497564fbe52cc79c053357c645c11a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads