01e38e52035112609c5b5630a116aa4d7395b4a0859533afdff18d525228185c | Triage

Analysis

max time kernel
39s
max time network
19s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 20:46

Sharing

Report Analysis Logs

General

Target

Gusnabo.exe
Size

14.3MB
MD5

96285ad4a6fea01eb07e38845b6df174
SHA1

ff8e7241f7685bb1418630fd22205408f21e59ee
SHA256

01e38e52035112609c5b5630a116aa4d7395b4a0859533afdff18d525228185c
SHA512

c35c324efd9ababd4e3ef6d1e1b3ff7376927b1f39c71d057517f9e2950c4cff7887ec47e2de5efd52df1455b7f72f92216107071f1ace295db68c7364b25e04
SSDEEP

196608:z1Ekv0sKYu/PaQ+DuXJpjyEDfyGgMwBdnpkYRMz8NJ7cwRtlLXhrTL5U/hpet:REkZQNDfDgMc6ArBLRfLuw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2628	Gusnabo.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2628	2240	Gusnabo.exe	28
PID 2240 wrote to memory of 2628	2240	Gusnabo.exe	28
PID 2240 wrote to memory of 2628	2240	Gusnabo.exe	28

C:\Users\Admin\AppData\Local\Temp\Gusnabo.exe
"C:\Users\Admin\AppData\Local\Temp\Gusnabo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\Gusnabo.exe
  "C:\Users\Admin\AppData\Local\Temp\Gusnabo.exe"
  2⤵
  - Loads dropped DLL
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit