d170014277214f74501a938ccf9eee91d1563c6373a22f880662d2baf02ff156

Resubmissions

20/02/2024, 14:13

240220-rjxwdaaa24 10

20/02/2024, 14:10

240220-rgvm8shc9w 10

20/02/2024, 14:08

240220-rfkrmshh78 10

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

injector.exe
Size

7.4MB
MD5

0bfee5412cd99e93e30542149b0482e5
SHA1

7dd9c7fa990b37a5ea24e368ded33ada18f07415
SHA256

7a30b95daa3fb58eb7c5553ebb4d3d3f904f19b95b03b5aef20cd7e926ae2f1d
SHA512

2448246484a9f0c669ec7d381162b9d41cdfbbfbc0713ba89ca010371d98c4a1ca6b4679859dfcee7620fe9a256aaa8cc1ccd5c86dec749071d2822ec594bc25
SSDEEP

98304:NRMcKHurErvz81LpWjjUlLkvzgXO9hAlaYrzzuJZYJ1JIuIHKU73bcgVowgD:NYHurErvI9pWjgyvoaYrE41JIuIqoxkD

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2732	injector.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x00060000000170b7-21.dat	upx
behavioral3/files/0x00060000000170b7-22.dat	upx
behavioral3/memory/2732-23-0x000007FEF5B40000-0x000007FEF6130000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2732	injector.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2732	2452	injector.exe	28
PID 2452 wrote to memory of 2732	2452	injector.exe	28
PID 2452 wrote to memory of 2732	2452	injector.exe	28

C:\Users\Admin\AppData\Local\Temp\injector.exe
"C:\Users\Admin\AppData\Local\Temp\injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\injector.exe
  "C:\Users\Admin\AppData\Local\Temp\injector.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24522\python311.dll

Filesize
1.6MB

MD5
b167b98fc5c89d65cb1fa8df31c5de13

SHA1
3a6597007f572ea09ed233d813462e80e14c5444

SHA256
28eda3ba32f5247c1a7bd2777ead982c24175765c4e2c1c28a0ef708079f2c76

SHA512
40a1f5cd2af7e7c28d4c8e327310ea1982478a9f6d300950c7372634df0d9ad840f3c64fe35cc01db4c798bd153b210c0a8472ae0898bebf8cf9c25dd3638de8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24522\python311.dll

Filesize
307KB

MD5
7bc84490f151df4fd6fc8ef7132e80e4

SHA1
20e87be3646593dadebf5a6a081eee834b26b65b

SHA256
9031f7c2a85407cda05671408089c06f1787c649e220b4b3e06caa9a3a1ce30f

SHA512
6c6c2c6a4a44ed14a288524e6ea6dd09f173230d0ea297b53022a1cd83dcdb5f07b9240fade8d348d20d01cee636108da77351e2209c3f4c15b7b52847814f79

Download Submit
memory/2732-23-0x000007FEF5B40000-0x000007FEF6130000-memory.dmp

Filesize
5.9MB

Download