699fbefa4676023e67ca6780b6b72a091c3cfae26966d4ff97736c6cb2cedc38 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 14:43

Sharing

Report Analysis Logs

General

Target

creal.exe
Size

13.3MB
MD5

9ef498e3313cca5b7e333429b4df8fa1
SHA1

a50e0a79b24bc5dacc3121458a73288c51028acb
SHA256

699fbefa4676023e67ca6780b6b72a091c3cfae26966d4ff97736c6cb2cedc38
SHA512

93d0cef2056854d13c7b20a994ed81e81b57dafa4911c71307a22c3d6612abf98f2ae9310bbb4c560a6597fcfe66d50524d0195709c704c403685fa63d1f5576
SSDEEP

393216:ZEkQExJDBfFZNRwSo6ivaCncpH07mKfjN0Ft:Zo4BfFXR66iiCngH07rK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1668	creal.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 1668	2756	creal.exe	28
PID 2756 wrote to memory of 1668	2756	creal.exe	28
PID 2756 wrote to memory of 1668	2756	creal.exe	28

C:\Users\Admin\AppData\Local\Temp\creal.exe
"C:\Users\Admin\AppData\Local\Temp\creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\creal.exe
  "C:\Users\Admin\AppData\Local\Temp\creal.exe"
  2⤵
  - Loads dropped DLL
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27562\python39.dll

Filesize
4.3MB

MD5
5871ae2a45d675ed9dd077c400018c30

SHA1
ddc03af9d433c3dfad8a193c50695139c59b4b58

SHA256
5d0ff879174faec03eb173eb2088f2e7519f4663dd6bfe5b817ec602c389ae20

SHA512
d87a90dbf42c528bc3fa038eb83d4318d2e8577a590bf9c84641c573b5b2fea83aac91bb108968252e07497424ed85f519a864e955f94a7f8e87bfc38e0f4b7b

Download Submit