61a13ccc4df37d04b1528aa007ef22173829e9ff41e4c44dcf58be2f139e9954

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99f3fdac186020aa08025af4dfe918ab.exe
Size

7.4MB
MD5

99f3fdac186020aa08025af4dfe918ab
SHA1

4669a65831217b29cbd2676076252df59f63b5bf
SHA256

61a13ccc4df37d04b1528aa007ef22173829e9ff41e4c44dcf58be2f139e9954
SHA512

8dad096ebc996ac9f151234cc467ef084e72373119e4fef2d0e5849569798d3853534192847f71feb0f74084e15c0d7967a78003f34dbf271dac1e5cb924b72b
SSDEEP

196608:A7+gp1DAVhQ9onJ5hrZER9xQ3jo4UKa37+JTzLM:apNAVm9c5hlER9xA2BSNz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe
2696	99f3fdac186020aa08025af4dfe918ab.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2696	1988	99f3fdac186020aa08025af4dfe918ab.exe	28
PID 1988 wrote to memory of 2696	1988	99f3fdac186020aa08025af4dfe918ab.exe	28
PID 1988 wrote to memory of 2696	1988	99f3fdac186020aa08025af4dfe918ab.exe	28

C:\Users\Admin\AppData\Local\Temp\99f3fdac186020aa08025af4dfe918ab.exe
"C:\Users\Admin\AppData\Local\Temp\99f3fdac186020aa08025af4dfe918ab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Users\Admin\AppData\Local\Temp\99f3fdac186020aa08025af4dfe918ab.exe
  "C:\Users\Admin\AppData\Local\Temp\99f3fdac186020aa08025af4dfe918ab.exe"
  2⤵
  - Loads dropped DLL
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
9d8413744097196f92327f632a85acee

SHA1
dfc07f5e5a0634dd1f15fdc9ff9731748fbff919

SHA256
6878d8168d5cc159efe58f14e5ba10310d99b53ab8495521e54c966994dac50b

SHA512
a8f6e9ee1c5d65f68b8b20d406d3e666c186e15cb3b92575257b5637fe7dd5ac7d75e9ad51c839ba4490512f68f6b48822fc9edd316dd7625d3627d3b975fb2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
361c6bcfcea263749419b0fbed7a0ce8

SHA1
03db13108ce9d5fc01cecf3199619ffbccbd855a

SHA256
b74aefd6fa638be3f415165c8109121a2093597421101abc312ee7ffa1130278

SHA512
aa8b585000cc65f9841b938e4523d91d8f6db650e0b4bb11efd740c27309bf81cdb77f05d0beda2489bf26f4fbc6d02c93ce3b64946502e2c044eea89696cc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
b402ed77d6f31d825bda175dbc0c4f92

SHA1
1f2a4b8753b3aae225feac5487cc0011b73c0eb7

SHA256
6ed17fb3ca5156b39fbc1ef7d1eefa95e739857607de4cd8d41cecfcd1350705

SHA512
ec04013139f3fd9dbf22b92121d82b2eb97e136f8619790cde2d0b660280e838962f9006d3e4c3a359627b017f2b6ade7edff3bbc26e559c3de37540585602d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
3d872be898581f00d0310d7ab9abaf2b

SHA1
420e0ab98bb748723130de414f0ffed117ef3f7e

SHA256
4de821884cbef4182b29d8c33cfe13e43e130ad58ee1281679e8d40a2edcb8ea

SHA512
35cfb9888a5f4299403a0d9c57f0ba79e3625431a9acc5e04ae2ae101b3dc521a0dcff5d4a1bf508b25dbf05dd432f6987d860ff494d15538ed95673a8b7376b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
6c180c8de3ecf27de7a5812ff055737e

SHA1
3aad20b71bb374bb2c5f7431a1b75b60956a01fd

SHA256
630466fd77ac7009c947a8370a0d0c20652169824c54ddcb8c05e8df45e23197

SHA512
e4aa79eb2b6b3be9b545e8cb8b43cd6052036dc5cce7077be40441b9942931b30d76c475d550a178d4e94c9c366cabc852f500e482b7fdcd361fc2a08e41c00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\ucrtbase.dll

Filesize
1020KB

MD5
2c8fe06966d5085a595ffa3c98fe3098

SHA1
e82945e3e63ffef0974d6dd74f2aef2bf6d0a908

SHA256
de8d08d01291df93821314176381f3d1ae863e6c5584a7f8ea42f0b94b15ef65

SHA512
fb08838983c16082a362b3fc89d5b82e61ae629207c13c3cb76b8a0af557ad95c842ce5197ae458b5af61e5449cbab579f509fa72866308aa6fbd3d751522d0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads