f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75

Analysis

max time kernel
37s
max time network
18s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-02-2024 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe
Size

16.8MB
MD5

afe44e5dda35569e140a3efb397c1262
SHA1

0f340b5a53fed24258aed14f3cc60425f0def88f
SHA256

f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75
SHA512

231fef7c5efcbf591c46619a66de3501d01f106e895564fdee027c5c64a57767cfe91d9a4cd8138064f7ed7b1492a2d2f8ce5245f5530e3fae578f8d4a0efed7
SSDEEP

393216:MCFhLyclaoAzPZiaGXJy3q5HV+CcpPFB1047FNY9pP:BhOcQnZ1GXJqkHVvSCcYf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2436	main.exe

Loads dropped DLL 2 IoCs

pid	Process
1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe
2436	main.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2436	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	28
PID 1660 wrote to memory of 2436	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	28
PID 1660 wrote to memory of 2436	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	28
PID 1660 wrote to memory of 2720	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	29
PID 1660 wrote to memory of 2720	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	29
PID 1660 wrote to memory of 2720	1660	f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe	29

C:\Users\Admin\AppData\Local\Temp\f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe
"C:\Users\Admin\AppData\Local\Temp\f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\onefile_1660_133530760647890000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\f458ff0059fd31ff6ad7d0e302db4ae4565c255d4c03c63843372089f1142c75.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1660 -s 568
  2⤵
  PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1660_133530760647890000\main.exe

Filesize
3.1MB

MD5
4257f3935cce55e1fab1d121f8c2d646

SHA1
ec4e2cf9ebec404be62e4d7b96792f84e8d4471f

SHA256
cca4ba6cf91a7d6826af06d055c216db442211db082ce447ce4ee0d9e7571b34

SHA512
5e109928296bb2e4a880a94ef70f726b563eb76f8420bd704df197e68bc0ddcb98f300ccf4c50a176f6728c62529d7b1000090f8ef5687b5119df8b22aff9ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1660_133530760647890000\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1660_133530760647890000\main.exe

Filesize
3.0MB

MD5
fdba5a15b64dedab4f6e7cf3ba242503

SHA1
c70cfa72251163f44ae958cd107f833375832354

SHA256
f728f4472724ea78ccc6380bc93c199e139ee86354c5dce6be0ebacf10ac7b42

SHA512
3775eba644a3c26f6bd52557f598afaf24bf1d415e2a1e8629982e0557cd01b70b396588bc87a58da6d8d6c0e5bedad0b4d3114867263ead6a04a73789591c03

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1660_133530760647890000\python311.dll

Filesize
2.0MB

MD5
aef4d5b1c0534f4044e74f0de422a218

SHA1
e229d21ef78320fb31468541da0d8788c8cb6893

SHA256
981a95f331462a04b1fe956c22b97f45a39e6bfb20d59ff1b0093df37310148e

SHA512
7c80f52430544c6e2568551ef80913218126e398368c966793eb8fa3057314404aa166928b6c7d1de4e9b1c13b049cea14a35176cda808f2e892312c1d942954

Download Submit
memory/1660-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1660-1-0x0000000004C40000-0x000000000594E000-memory.dmp

Filesize
13.1MB

Download
memory/1660-2-0x0000000007390000-0x00000000080B5000-memory.dmp

Filesize
13.1MB

Download
memory/1660-81-0x0000000000400000-0x00000000014D8000-memory.dmp

Filesize
16.8MB

Download
memory/1660-83-0x0000000004C40000-0x000000000594E000-memory.dmp

Filesize
13.1MB

Download
memory/2436-77-0x000000013FD20000-0x0000000141604000-memory.dmp

Filesize
24.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads