8a714538823fc5e4cdbec6114c6d30fe3ab2eb2b557b81de4c59e073c85aa765 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 22:34

Sharing

Report Analysis Logs

General

Target

NSFW Generator/start.bat
Size

17B
MD5

7832b275978713ff3c40544308894cda
SHA1

981608258b7ca6860bc90981321716d167884302
SHA256

fa52f3a6d700af1047bd644f48985baa147256b612cc0751968cc3e0715c69c1
SHA512

d77c0216f1a4e7dae6b417c3c1e3339fce4cf30b112dc8251011ebb82ad489b2366e71699323af14e72c96a4793fc5bb86a22b6bb723d2302cf5e6712a3cac85

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2440	NSFWGEN.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1788	2292	cmd.exe	29
PID 2292 wrote to memory of 1788	2292	cmd.exe	29
PID 2292 wrote to memory of 1788	2292	cmd.exe	29
PID 1788 wrote to memory of 2440	1788	NSFWGEN.exe	30
PID 1788 wrote to memory of 2440	1788	NSFWGEN.exe	30
PID 1788 wrote to memory of 2440	1788	NSFWGEN.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NSFW Generator\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe
  NSFWGEN.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\NSFW Generator\NSFWGEN.exe
    NSFWGEN.exe
    3⤵
    - Loads dropped DLL
    PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17882\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit