f7a943ecd80633da1e52538b56dadb6e8ab6cbf7a7cd5005b58ce1a844cb02fb

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-03-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TR4SH.exe
Size

21.2MB
MD5

c069d10ecdfd8a24d4718cc882a6ea3c
SHA1

11fed76430d553b1a91146b17922fd11b32c815f
SHA256

f7a943ecd80633da1e52538b56dadb6e8ab6cbf7a7cd5005b58ce1a844cb02fb
SHA512

6097a62ff864866d2050071cde2566540a78394ef1dae92197250f708cdb21d41e0a6f6203508401b9503d2a0e6911dfc721ec881e910d5fb64e730b728f1b0a
SSDEEP

393216:rzQtsfh5mKmr2pu0tTkQETS8vJQn+9PWkA75umhTdbgDqxMwsQkd:rzQtsfXmKmr2puIYQEW8hQ+ZWl9Jb0wS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2292	TR4SH.exe
2292	TR4SH.exe
2292	TR4SH.exe
2292	TR4SH.exe
2292	TR4SH.exe
2292	TR4SH.exe
2292	TR4SH.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2292	2104	TR4SH.exe	28
PID 2104 wrote to memory of 2292	2104	TR4SH.exe	28
PID 2104 wrote to memory of 2292	2104	TR4SH.exe	28

C:\Users\Admin\AppData\Local\Temp\TR4SH.exe
"C:\Users\Admin\AppData\Local\Temp\TR4SH.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\TR4SH.exe
  "C:\Users\Admin\AppData\Local\Temp\TR4SH.exe"
  2⤵
  - Loads dropped DLL
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21042\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
b9207fe4f683b7bc99afaed15418f2a8

SHA1
60ff112e13e3697bef357415b7a0a98ef9f0b240

SHA256
15e75e9622a17c6250c3258a2c0f0be5376275185a25671a44b18375e032396b

SHA512
5b2af2ffda1b286a473d7d761b00dca08e89e133c0089bcdffa305002e6164f6ccf01448fd78cda2eff81067018ba5ffdd877480e655240700485156bec1ab97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
f16e0d42f5294154d8cfce35cb74a599

SHA1
e9cea591b5cfaa9a6f7b36ea554cf7e7c92ca74f

SHA256
a0f5964785fee3289bfbc5d40e68740aa408fe2049a9a8bd328694e37d300a42

SHA512
a14c4515b38a3e60155d4de9f80f3bb85c5ab63f58ad4a2f5abe6df18d35f0930583f17e837928683174e678bf1ede4cbcda1a2bb35aa489d80a9e1408e5f153

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
c9c74b664ec89a563b505df7cd1a43db

SHA1
f82d8341b8962d6ebf1a9bb3e53400cf4864e0c7

SHA256
39c5e4fa51ed17e2edefce0f6c0f577b52138c526a69b9763ce562618f959a5e

SHA512
3f5aad204020b90102ad483c323850794acfae78902b9e7ec23937bbf66a95567d98b24720dc73eb1f443ba9284543387b5705ba3e0f40f90204eb8c88ec4c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
652a6e06056ef20d498d386ea710dea3

SHA1
d85cb215bb33dc943065a025b810f51127d6196d

SHA256
d5450dc00bcbe823627d2dc5074bb25f772cde65305d511698bbd518667094f5

SHA512
cefd6f09f9a2414f0018f52fa4cde0f15d392075e1744f90cc506140d0f9ee2ff70e0c8c64a9adad376fce8b9fbc67d168a09a841343cf1973eae73316dca387

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
b81b677c1c3b76c07cdc41bbb2ea519c

SHA1
cd581d99ceeb2e1cef863e4df7af213aaf70759f

SHA256
4b4c5eb98253a7fd13dfae51b88a1d3afc364c310499c013703f0b7542d65ea8

SHA512
a06ecebeb39b6d5dc617dca9b9d535e8cc6989f83ba7cfff0f7b67afb56076aaa47197aea0f5aef72ed8c46bbf44106b01b64849849e0d39a6615d9738f9a97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\ucrtbase.dll

Filesize
987KB

MD5
0a5632da3e5d51ac53c58f965be121ca

SHA1
b585d2b902214c45ad8072a9126c0d464d1da4ad

SHA256
9f627acf1839cdf1b503080ea98f4da3e2e273cad7e6f07c7f64c3fd3a2563c5

SHA512
c9991e18fd4685bb327b59d1fd5aa18973f10b67a01eafc3ffef72988caf6e5f07a5f4c56c9d485a3b733142152cbcc8dbf43122112f952f525cda57a8a56b18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads