ae4471b251799f00b46508e52475758f6ea3d8341a00cfd34a3da60913081272 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 22:05

Sharing

Report Analysis Logs

General

Target

Creal.exe
Size

7.2MB
MD5

7e588baa61473b65785f3a5d06ce7405
SHA1

87984d1d3fd3bcabaab58cabb9a58a64b9407dce
SHA256

ae4471b251799f00b46508e52475758f6ea3d8341a00cfd34a3da60913081272
SHA512

2c7cbbf05b498c64d81d840732a0df993aec163c8a4f71cb5f3e40c083416a38c8fe7b5d2c37014f68bf9594759ca57e2ab86de29d2325ae7b4007562b455709
SSDEEP

196608:8CT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7oQqLJad0+:8CT+aoqbCdQyftlqLJad0+

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2596	Creal.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2596	2084	Creal.exe	28
PID 2084 wrote to memory of 2596	2084	Creal.exe	28
PID 2084 wrote to memory of 2596	2084	Creal.exe	28
PID 2084 wrote to memory of 2596	2084	Creal.exe	28

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20842\python310.dll

Filesize
3.9MB

MD5
87bb8d7f9f22e11d2a3c196ee9bf36a5

SHA1
45dfcb22987f5a20a9b32410336c0d097ca91b35

SHA256
1269f15b1c8daa25af81e6ad22f9bcebfd2c76aec81c18c6d800460b7105bf98

SHA512
75bb2ae36b693e2a1e5ba003503d07ba975f9436fb3da9bf3fc4087a281cb172fa9bd13ad6fc27a62f796af6cbe0c800e2a169c65949a96bd4d0e150f4858288

Download Submit