26d89e1ea2b7a3f46ff269da5d9b93f405a3de68eb87c9df97e67a61b59d20b5 | Triage

Resubmissions

14-01-2024 22:16

240114-16txnsebh6 10

Analysis

max time kernel
7s
max time network
3s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 22:16

Sharing

Report Analysis Logs

General

Target

lvspoofer.exe
Size

13.2MB
MD5

b011599fd262472273f9d1cce52438bd
SHA1

0a1de65012db18f98de957ed786e3fda4f672a14
SHA256

26d89e1ea2b7a3f46ff269da5d9b93f405a3de68eb87c9df97e67a61b59d20b5
SHA512

a74e7d15f573aab6aba0859ffe45f45380f38380d6cce629cf23f6138466b0c22face14e79f9060a58ef59e007c235c6e1b296afd469a1e68a45405104893cbc
SSDEEP

393216:0EkMD2nwW+eGQRIMTozGxu8C0ibfz6e57Q1bmXiWCUI:0UDawW+e5R5oztZ026e5uFVUI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2568	lvspoofer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2568	2216	lvspoofer.exe	28
PID 2216 wrote to memory of 2568	2216	lvspoofer.exe	28
PID 2216 wrote to memory of 2568	2216	lvspoofer.exe	28

C:\Users\Admin\AppData\Local\Temp\lvspoofer.exe
"C:\Users\Admin\AppData\Local\Temp\lvspoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\lvspoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\lvspoofer.exe"
  2⤵
  - Loads dropped DLL
  PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22162\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit