ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066

Analysis

max time kernel
120s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
Size

9.9MB
MD5

5c138b590c07d57e46e52421b678fa55
SHA1

31e1128635bcf88eb217373925ab57f98b4e8191
SHA256

ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066
SHA512

c2d3013951fc7d31f00bd08ebaf521f509826cf2a7c2a7e5fcef61d708f1167426315e09d0c86c61433044c3e14774dc1674160f1806d00c2fead2c723e4fbb5
SSDEEP

196608:CkeIqC6DAbr7PnILLZWdoCOiV9onJ5hrZE4yiU8AdZYJER/SEyrTRjVZXcn20:vqC6gr7M5liV9c5hlEEAdZYyg/rFhan

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
980	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 980	2788	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe	29
PID 2788 wrote to memory of 980	2788	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe	29
PID 2788 wrote to memory of 980	2788	ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe	29

C:\Users\Admin\AppData\Local\Temp\ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
"C:\Users\Admin\AppData\Local\Temp\ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Users\Admin\AppData\Local\Temp\ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe
  "C:\Users\Admin\AppData\Local\Temp\ef3e946c8ee967fa07b518b9855ef2cd8462ddddd883ae874b17f5bf67e81066.exe"
  2⤵
  - Loads dropped DLL
  PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27882\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
4cc4738d9cf77c247d095e7eccdc9530

SHA1
25dbe17f45111b51048f453d6d9a5d26117b533f

SHA256
1e96fed1589fefb99c08cfb329d4287d18868549a8204a241d38e86101e16d81

SHA512
ada509ffaeae0cf482499057596b220eb2b9946eeec68804c2583a6412259328a167efa3747da4a5b764262bdf50eff61f06c4b89c4248e45410d040e7006162

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
8ec96a118bc6af3b13f6e90991bc6109

SHA1
88bf74ff85d83481cc42d06e32640ffbe0983371

SHA256
3d179c4a78a48137e7956e69bb58251458fda7b9965fac125b20e65f92950d52

SHA512
a87e6da8110f393e5fae5b024d978cd025d9df8df9920055d472200df890a691c62b806fba64e84461c9e548d477258fa0f07469a695aef62bbea4f6cedcf9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
e941d6ca03749c55d97a2ea93551f482

SHA1
dee53917d7ab911124f2ca518ddb435b04b5540c

SHA256
dc883e8e75384957218c803fa2112a809cbc1c0efdb86194cf802ce62164cad2

SHA512
a2e0901a189cb21d9787af8f5105d1b3fc511080a67b350f894c0dd76352fe77b4f29708a06a7f8a4685984eef46379321310b2115851ae96888fdaee0acac0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
7cc0fbc9b82d30b1507f93d6183d582c

SHA1
23558a2af2604ddc057584a8db867ae9921af079

SHA256
e1861a1f21275958a0eadd6f671b0bb7cbd7b1c7780df38af18a1fcd89f909a0

SHA512
9a9ed17ed4157ea1354edd6c40d2fcf70259050c3b129f0ff34f01ff3477d38448fa7d147c017d23135e317089c87a3ea41e98e8fc4ab195a0be3f914b03dd0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
231d5262bbd37f905b865965fded489d

SHA1
721ce3bfc05558303f0a4fdd17116945a68dfa37

SHA256
2dd015a85a850adec2df67e67a9e29a3b786fad88a0b028cb77b26a5ccf7c2d2

SHA512
67530f451634d05cb5665c4b8ad729542c288e93ffb7b760838eee2a18f4663dfa3ca5974c6654eefa1e8cdcf28e8a9d4f2a9a7de3d9d17b72441064e214d133

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\python39.dll

Filesize
4.3MB

MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27882\ucrtbase.dll

Filesize
987KB

MD5
3b5b13888061a7379bd10e8ee8f0eaf6

SHA1
5af9568201bb7cc4ca105fde2d742de483417236

SHA256
e2d2a704bc81ccaf331df3ab713cde0faccf3ebcd01ac54a7b375a1c0881e15b

SHA512
1b67f048b91480698918e7cce49e80e759e9404a2aa67b33aff458ab2c35a94a3618d237c05a90915af559ecce7dd449019d9f4947852e51a6374b58911a942e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads