63da41f48018b8e66cf9d81a4f144ccc008f527b7134617c1a885fc2db18daa7 | Triage

Resubmissions

10/03/2024, 12:40

240310-pv6ljsda6t 7

10/03/2024, 12:34

240310-prr9racf88 7

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 12:34

Sharing

Report Analysis Logs

General

Target

CreateStudio/CreateStudio.exe
Size

6.3MB
MD5

7235f1d04f41d635dedcf6795c9fd286
SHA1

3fe3eb8d4cdbe2cd059e883f476a5effed813ac2
SHA256

4a74e3ab6273d6efb2ed30159879fab136177eee62bbcfa0863105b0868fcabf
SHA512

bc5d016fa6e8e7f1142ab495fc12ca08962890ef9d28e51ec79c8ab976a52ca7ead6220e62fb208347f085f613901d1fb308c15d4af6a049802f7628458874af
SSDEEP

196608:FR4jYdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZIeghiBV7I:vWYdQuslXrAZYCuPJOIegR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2240	CreateStudio.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2240	2164	CreateStudio.exe	28
PID 2164 wrote to memory of 2240	2164	CreateStudio.exe	28
PID 2164 wrote to memory of 2240	2164	CreateStudio.exe	28

C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe
"C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe
  "C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe"
  2⤵
  - Loads dropped DLL
  PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21642\python310.dll

Filesize
4.3MB

MD5
54f8267c6c116d7240f8e8cd3b241cd9

SHA1
907b965b6ce502dad59cde70e486eb28c5517b42

SHA256
c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

SHA512
f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

Download Submit