Overview

overview

10

Static

static

10

creal.exe

windows7-x64

7

creal.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-02-2024 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    creal.exe

  • Size

    15.8MB

  • MD5

    0202d06ea52870cd5e8ae02c8bfa0157

  • SHA1

    74a4c486075684ef20805ee5c7a979e9925e3a7d

  • SHA256

    997bc2b7665781bc5162a4aa645b4afc4705e835a030ea4ef39b0189a7ccb3b7

  • SHA512

    17dc78e5e89947bf9fa0c576d642f9e5a40ca356bf7b34e8b224976a6b547f024c28f3f3e4be4837df54e4d049d63a75fa315eb230469058ad3ccc27905c5085

  • SSDEEP

    393216:koEkMD2ntpUTLfhJsW+eGQRCMTozGxu8C0ibfz6e57Y1bmXiWCUI:TUDaHUTLJSW+e5RLoztZ026e5WFVUI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\creal.exe
    "C:\Users\Admin\AppData\Local\Temp\creal.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\creal.exe
      "C:\Users\Admin\AppData\Local\Temp\creal.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21682\python312.dll
    Filesize

    2.3MB

    MD5

    31778d64ab3985ebf22540cca4b5a51d

    SHA1

    9388c82ccbc063d8f6b45c9e48444c571b2ebb25

    SHA256

    ea6437ef0256a53896e034b8763ddc10d796dbb08481c5a00c2e0cc998ee8e37

    SHA512

    982d2f34fc95541324bec548b52d1892ac85349cc104bcf832b70e1d9aa58944abe2cd642e78908f9027e1cb2a9b5b66ff0d18f8e27cb9bb2019b46ccb486151

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21682\python312.dll
    Filesize

    2.1MB

    MD5

    8a3a19d37b6a38e3d02aeab04c45ff9f

    SHA1

    98ff51e597e1292507c080cfb49c647d67bba689

    SHA256

    9365b7c50e9c820819b138af66b104f64ba1ddb6297a6a22da0fbf8276b7fdb1

    SHA512

    3d8e51fe2eb3b02c2341b498e30b92fb0eb74b34160b0920c6f69a72f3b8fb6c74cde39ee5317b553e44098c6c1c44fd4948ae0eed7642246d5fd9e96562bdd2

    Download Submit