dd9a95436bbce09e0049ab8a8c59069ae43b4b4e400f41ab8cad933b2cde69fd | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 15:31

Sharing

Report Analysis Logs

General

Target

Complex Tool/Complex.exe
Size

25.4MB
MD5

7100a9a2a3b3efc89f4883011d67af00
SHA1

517ec282fe57541abdbce0fe623a69e430e71664
SHA256

7472eaa82e2304902f2ca359c19ea712cea58f17c3fe61b171cc6d8cea5bb2e0
SHA512

88965c55640d34cacce3c1c5a6cc6a346e98b4f3ab80866ee68bbfb3a99785b254d15bda4c6a57150e3dc0a52fafab3d7c8addcf7df0e2b21e4de7e6ba303bcd
SSDEEP

786432:1yjK3po69FE/JMs1xJJcpGqaDCpd1KW8LWg18keEV:s4o6rE/7xLcpGTWpdQWYxxeEV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2716	Complex.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2716	2084	Complex.exe	29
PID 2084 wrote to memory of 2716	2084	Complex.exe	29
PID 2084 wrote to memory of 2716	2084	Complex.exe	29
PID 2084 wrote to memory of 2716	2084	Complex.exe	29

C:\Users\Admin\AppData\Local\Temp\Complex Tool\Complex.exe
"C:\Users\Admin\AppData\Local\Temp\Complex Tool\Complex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Complex Tool\Complex.exe
  "C:\Users\Admin\AppData\Local\Temp\Complex Tool\Complex.exe"
  2⤵
  - Loads dropped DLL
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20842\python310.dll

Filesize
3.9MB

MD5
f66fd016b3fdab37eeecd099f0ba4049

SHA1
9497038597aee9916911c6f25371893980f96862

SHA256
4a51ba44e1960315007d714c1ad36f68f07b396700982e34848c4f7bbb367c6f

SHA512
24955fab8eaf5a8e8b966aa88b03366ff24a87e6a15c086bf902d2aafe56fed1f373a4731e3179707d2706f3a2a9aab5fb0528d792ec6bce2b88a1d81e5b5f80

Download Submit