6bbd73fb9dbfa61e7e17f94f19087009bdeed47619c7fcdaa790afbd82f020fa | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 21:33

Sharing

Report Analysis Logs

General

Target

hwid changer.exe
Size

14.4MB
MD5

7fd7835215946026612456572996b4a4
SHA1

64b5f2d6a5fd2a36e70436af29deae0ceafbb457
SHA256

6bbd73fb9dbfa61e7e17f94f19087009bdeed47619c7fcdaa790afbd82f020fa
SHA512

d88e622f96631e639f44b516f3c89f1c3547840a3091b3535e0baed921e81e42d37ad1848732e79580ca3cf4347b83a1102678e45474692f3ddc19507f04886f
SSDEEP

393216:/X7QMidQuslSq99oWOv+9fgTz+qk7/MOw:/LQ3dQuSDorvSYTz+b/A

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2728	hwid changer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2728	2128	hwid changer.exe	24
PID 2128 wrote to memory of 2728	2128	hwid changer.exe	24
PID 2128 wrote to memory of 2728	2128	hwid changer.exe	24

C:\Users\Admin\AppData\Local\Temp\hwid changer.exe
"C:\Users\Admin\AppData\Local\Temp\hwid changer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\hwid changer.exe
  "C:\Users\Admin\AppData\Local\Temp\hwid changer.exe"
  2⤵
  - Loads dropped DLL
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21282\python310.dll

Filesize
1.4MB

MD5
c06ace185b70a9f8f3ce7eef99fac4b4

SHA1
4ba8d00565dfbd7ef467dda8fd72a9ca521ca925

SHA256
7b7134c46d3cacb7a37722da07a5c354b197758f8fad64128a6ca0a5f5cbc5e2

SHA512
ed275496ddfaba60ccb2c57f6935abff42090c20ee21e8c3e7c85c50988147f1e909f11b5d3e8d574370778b915616839a6c1d0171f296bc976df862e9cfb164

Download Submit