bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 22:16

Sharing

Report Analysis Logs

General

Target

Creal.exe
Size

7.1MB
MD5

d4c2e3ad524c2112712f0b762ab38bb9
SHA1

f48e48895154c1f8ee0b389eca15236b920efd1a
SHA256

bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb
SHA512

e76d79189bfe32dd4664645b5080063cc71734c6d5e7f54a75116efeff5b61c5ce4e69f72b969e70a77b17952656bed6913f96df07cc6730a4e79ae6df8641aa
SSDEEP

196608:QCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7ogJwDb2:QCT+aoqbCdQyftNJwDb2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2572	Creal.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2572	2092	Creal.exe	28
PID 2092 wrote to memory of 2572	2092	Creal.exe	28
PID 2092 wrote to memory of 2572	2092	Creal.exe	28
PID 2092 wrote to memory of 2572	2092	Creal.exe	28

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20922\python310.dll

Filesize
1024KB

MD5
147653cd26e61994c11240f24f79b437

SHA1
521f30ed999ea2f5395d76c018c258243f1c0c30

SHA256
d404897448c5c1be79cb14b539e8b50334807560500a46b37afdff71a6a8fb5d

SHA512
13a32a9ca9be7d13b54405641b04bafa1e9a11bcff5b2e3a188869d3dae00e50fa327f95d502438b411008755375304d68874addd9a90b406929b2a4adf3fdc7

Download Submit