2b9bd18500ea9ff7b8009b09fcd07f1acae0f4ca30c149c6df07be300a6a1ada

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Amnesia Mod Menu.exe
Size

14.2MB
MD5

9521094215c5767152c92d6c0598b1ad
SHA1

ae121d8ee401dcba23e5db8fd47d7c51e9dee740
SHA256

c95d8fd91927aa49039e4a30c78980ae0e7c6794de9f566d6abb2075f9cb5afe
SHA512

a108a7908d44c192b212485763136fd87d47e90b60b78b7f4228d8dc3eef45e63d588845a5ea334b4447aa07f279a1bdafd4ef6033ba168352fc1836ffce1b7b
SSDEEP

393216:OEkZgf8Mxq1+TtIiFGvvB5IjWqn6ekWz1QypX8Wjs+da:ORbqq1QtIZX3ILn6ek9yCes+da

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe
2676	Amnesia Mod Menu.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2676	1972	Amnesia Mod Menu.exe	28
PID 1972 wrote to memory of 2676	1972	Amnesia Mod Menu.exe	28
PID 1972 wrote to memory of 2676	1972	Amnesia Mod Menu.exe	28

C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe
  "C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe"
  2⤵
  - Loads dropped DLL
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19722\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
9bc4835950a7f3476820af95dfe43d6d

SHA1
28e9d96c6dde13cd03ef989c0ae13a0f062b16d5

SHA256
45e67e7b5c491aa3a92cd54b401696d147b1f5adab4a9e275dd2fd28b64851d6

SHA512
3509bb892406ffb4445267de150c08ee648189659838403f47628b535b47a71c02e40fa3e47e881e0225461a7d66e791a13894cab30f8cd1247c01f10d7ffc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
45e820df2e3930ea7ec5fd8f00176dfa

SHA1
67adc9eb2e4692661d318cad31b6cb059dcc6ed9

SHA256
21d59cacfd35738c790cb5a4ce9ae1eff859d967b820fec0e566e1c9cd52daf7

SHA512
a1033c985bf47f9b367c954592806a002fa3bbd3e87314f91e18564dbc96f61e0735ab8b0d12ec7ae8692edb7cb05662d780dd72ac4b971153cd61cddf5f022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
335430a90b091bb2fa1b4413ad820249

SHA1
6e36f48db57ae04515b6ec307894dc15e591924b

SHA256
0b8d2b999bdccfc549277631d9643431ea2babbab4abd7b6e876f9c38dc1bcd2

SHA512
748fc6ee330e9976e46138f3930bd9d018e05da8d3802dcaa308d5ae23c674f75707992afbcb4031b0ff4a35a9492277fbe0fe762b603a11187c1ae958c8d4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
3a27cb98ca41718a6b195605a4645b97

SHA1
e36a5cffe3ce81d07816a4d343723a3852fabc02

SHA256
6eda1d6b3e6c42062339275fb266e310226f8e1b401ce38b7db0b594fbe3067f

SHA512
dd7f8039383bc339250bddff1010a95b3db3f07b6b27be1b797eeed45c7fea7e85c064315cc85616048f19a8125dc37912278a3183433fc03428a42717b2ce55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
2b8746bde570dd3158659a1773633ee7

SHA1
fbf57cd42796fa45b7df406a6e5cb3145e2c82b3

SHA256
48ad199008d76485ac0b53fed0a6fe65db48eba9eabb2b30527639e0b9bcd0db

SHA512
efce98cadf1b161e6dcb1783aa297e7ff37fe01ababcbd9e92114041a9b51ba74766b2ccd2127dd309c0b341f5a73f2a11ea78d8eca4564122a202324688bf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19722\ucrtbase.dll

Filesize
987KB

MD5
6d937b4dced2b6f8f8ca694edbee5cc4

SHA1
4da06634e690c6f3fbcb657d4786964357925e07

SHA256
878816948a27a2409a2a3ab9367e28d72d03ced0ebb70b84cff66f764e5cc2e2

SHA512
35ce260501926746f13725ea1b01138eb56123a67b62e24041a1b71f58d999b283e74dfb0b740ae33c163e8089b0fa340ab747ead1a03d7edb14be2694cea7fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads