9d3fd780501acdf1f8d3043f0345614d93e06b8a18e3a164ed6793ccca6b2a3c | Triage

Resubmissions

05/03/2024, 11:46

240305-nxfx8seh48 7

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 11:46

Sharing

Report Analysis Logs

General

Target

test.exe
Size

5.3MB
MD5

ffa552537a90838f63fe2ce1e40d3060
SHA1

818300d4b08608c37b7312870155244efdeb684b
SHA256

9d3fd780501acdf1f8d3043f0345614d93e06b8a18e3a164ed6793ccca6b2a3c
SHA512

0fa7d8b2899179260de4b352684ac895ffbcdaedb71a819a9a5db4a7bb4f09ddaa24a482aabbabcce17c9847751073db7e4e9d630f7102b3df7e35fd14ef32c6
SSDEEP

98304:JK8iCIfnazMD/x/0feyGg8Q940BDlgwdnpka9R/k9t+2MGt+puMu5+:JKcUDfyGg8wBdnpkYRM6Xu

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2544	test.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2544	2160	test.exe	29
PID 2160 wrote to memory of 2544	2160	test.exe	29
PID 2160 wrote to memory of 2544	2160	test.exe	29

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Users\Admin\AppData\Local\Temp\test.exe
  "C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  - Loads dropped DLL
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21602\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit