Overview

overview

7

Static

static

3

b49d304a89...73.exe

windows7-x64

7

b49d304a89...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b49d304a893a43f78fe5c0159fc11773.exe

  • Size

    10.2MB

  • MD5

    b49d304a893a43f78fe5c0159fc11773

  • SHA1

    7e4b816a2e40a5baf7890468f4496332e421ec04

  • SHA256

    c1923f70c27dff80e71849628cdbc451dd6b9e3c5cb5aa5a233c2cd32d49e7fa

  • SHA512

    f8279f1ff70504a4d8509c82310aabd2db2d939e9451c174cf38b036eb1548aa3fb088c5677789472421afa666fa73c539711f46926311af98b5be7ab91282f6

  • SSDEEP

    196608:dBEbtIxnNqGICteEroXfLaSzVtJiEqlbkkwR7VTEJ+33F+F+/hGFW3P6D:PEbt8dInEroXT5tJiEqirRRoJ+33F+Fr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b49d304a893a43f78fe5c0159fc11773.exe
    "C:\Users\Admin\AppData\Local\Temp\b49d304a893a43f78fe5c0159fc11773.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Users\Admin\AppData\Local\Temp\b49d304a893a43f78fe5c0159fc11773.exe
      "C:\Users\Admin\AppData\Local\Temp\b49d304a893a43f78fe5c0159fc11773.exe"
      2⤵
      • Loads dropped DLL
      PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI15402\python39.dll
    Filesize

    3.2MB

    MD5

    bbca8549c5deec6838a5099143e3b3ad

    SHA1

    9013773cfdce2ffc850c1727347f03d5be2e7b4a

    SHA256

    851dca39a9b57d931b8306bcf8519dd5ac3b89e41638a47192ddfb1ad6445861

    SHA512

    796af09f30a30f6c73e6789e04e38f71948e5f04f8359975055cde6fc34793c65440716aeb8ef483900318af8a606ebcb74539e3bde010025733744857bc4de8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI15402\python39.dll
    Filesize

    1.0MB

    MD5

    a8e4b61bfbe4d3756aab721334065961

    SHA1

    906cf71470255447f821548d0925974ea81791c0

    SHA256

    3722fd14a5b2b139d863125bdba4243797162c86d19da7342709beaf3351a5ae

    SHA512

    915ad6c56d06c76bc45a7c5668cd0df9cda412250c8fbfdb189f34e692ae39cde3697f66aee9c51149a4166711cbd4204fcefb7d83a7e067071257207196eb03

    Download Submit