99db6d7cf246d15e9a07808daa18285e39125169e20aa4353be054528c60c7ba

Resubmissions

25-01-2024 20:18

240125-y3ebpsfdfm 10

25-01-2024 20:18

25-01-2024 20:18

25-01-2024 20:18

25-01-2024 19:59

25-01-2024 19:39

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PpQMwNh.exe
Size

5.8MB
MD5

6aa3d7034efb39e1f3ab6b23f8fd19cc
SHA1

7c2db3e3a5e3a6b435de2df7a51451afa22d438c
SHA256

99db6d7cf246d15e9a07808daa18285e39125169e20aa4353be054528c60c7ba
SHA512

be5bcdca1abb9f6160f0008d3e958f2c59214e6177103e270c2578999a06f7144c376aa6b2df305f596cb99e85b613ad036796ccd1d8c8b1fb3dbeab518ca542
SSDEEP

98304:HRW+WCHTpi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFj9hhkAilAx:HzrfDOYjJlpZstQoS9Hf12VKX0bhhN

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2720	PpQMwNh.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000017495-21.dat	upx
behavioral1/files/0x0006000000017495-22.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2720	2404	PpQMwNh.exe	28
PID 2404 wrote to memory of 2720	2404	PpQMwNh.exe	28
PID 2404 wrote to memory of 2720	2404	PpQMwNh.exe	28

C:\Users\Admin\AppData\Local\Temp\PpQMwNh.exe
"C:\Users\Admin\AppData\Local\Temp\PpQMwNh.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\PpQMwNh.exe
  "C:\Users\Admin\AppData\Local\Temp\PpQMwNh.exe"
  2⤵
  - Loads dropped DLL
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24042\python310.dll

Filesize
1.3MB

MD5
5976bb4a495d3a0cdca6775cf2dca1ee

SHA1
e4637d89ab39f3ea9555ce00ed5d744c23eef151

SHA256
5296a897814093288a8a65066dc43aa09ffeda521b3384c7f4db5311e91d2d9d

SHA512
f5fd26e672cc0b9ee61d66bd487f986dfb3157caa7d2c0788ac87a1d90e9401697fcaeb01a1e5194de7eab172f0820f31c189161a3098e2bd1072236a328c005

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24042\python310.dll

Filesize
370KB

MD5
ee80d565e98f4a77e6f6f96a00db6960

SHA1
e456e1c88e76751aaf8756540b44b82c5047c103

SHA256
8b6b82b0e015aa317be6b713ba7ecf01b8f727930ba2de63d8ec99528719bf5b

SHA512
34977bd72602f2a63262127200a2dbce15945d3daec777da4bba71543ad20d5bb61bf112d3234b1fa3477f84a182e8b4df96cb076d7799d7bd346fd704f8b80a

Download Submit
memory/2720-23-0x000007FEF6200000-0x000007FEF6665000-memory.dmp

Filesize
4.4MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads