Overview

overview

7

Static

static

3

sample1.exe

windows7-x64

7

sample1.exe

windows10-2004-x64

7

doc_details.pyc

windows7-x64

3

doc_details.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample1.exe

  • Size

    15.6MB

  • MD5

    6b348a39a04048f52114c2431dab3013

  • SHA1

    f5871c6aad24a5bf6b9124e34720769a707daa35

  • SHA256

    a267a87d74e15c2b281f4268cf1e3d7e5c5586cf856549528e42d9436e04c9b9

  • SHA512

    0b4f6eb3d1a66bae6e791862cb59d6a6d95a2a21f6aed6933dab73be0be2d1e9f9695f164f5f30873e1d985e9f5b8ce820823c0ebc68e845f69cfbedccc7dece

  • SSDEEP

    393216:W+HuMHZKZxlHOFXlABlh2pDOHuHOnoLq0JTt3p:W+O4MByCHQpDdHXq0JR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample1.exe
    "C:\Users\Admin\AppData\Local\Temp\sample1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\sample1.exe
      "C:\Users\Admin\AppData\Local\Temp\sample1.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22282\python39.dll
    Filesize

    3.4MB

    MD5

    24bfbaba7b3c22ae1c1abb12d2ad8393

    SHA1

    041b1ae10fe0227ff89579556622c96aabf5604c

    SHA256

    fb5282cced65bd7320e54365fe581f856a5bec82e39005bee6f9ecd3fdee387e

    SHA512

    4679b288b953296548ea5d58dded23489f9588c4023664f1bb4dff3dc3ca326c3c2e5da718e2dd1f9ced27fb02ee6dc903f3b3627a2a8d37f74e7d3ab7bcd5a5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI22282\python39.dll
    Filesize

    3.1MB

    MD5

    34bb7981e99bd1096ddf983a520ee8ca

    SHA1

    19429a45c101cecd4b9503ebff36b02939757d27

    SHA256

    50475c43c2d9e60310402b76afd1c881661591819082765b70b4077b8cb6440a

    SHA512

    388238eb820f245a2d8a61369633e6b8f035fa107667ad204b2aa0046140bd04e86c3c65bf83d9f4e6896a76f077777117584181005c5351d87d2517c5c23c25

    Download Submit