705dffc3bbb0269cf07dd30663eac4d42774400a995d35b9a852f35d97548889 | Triage

Resubmissions

11-03-2024 08:37

240311-kjdn6sfg5y 10

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 08:37

Sharing

Report Analysis Logs

General

Target

BoostTool/BoostTool.exe
Size

14.4MB
MD5

2ec355cdf7ed2a42dfd7f8fd99832e7b
SHA1

4188809c194cff19aa2ac1be92880b1d94671eee
SHA256

e4e4a02242c6416be563ae09cb9e46e10a68809fd4cde16104d9d4dfb578ad4f
SHA512

a30f3b310b8b01f102d9936d2dbb7044db07b15ebfdf90e0afc8d6086d50c5b26e39643bdb6970fb4a67e933ea8176af1febf35b4bb3ab9c10f4cfd854318fc7
SSDEEP

393216:UiIE7YoPQMidQuslSq99oWOv+9fg03raqVvHBw:t7rPQ3dQuSDorvSY03rpve

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2456	BoostTool.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2456	2944	BoostTool.exe	28
PID 2944 wrote to memory of 2456	2944	BoostTool.exe	28
PID 2944 wrote to memory of 2456	2944	BoostTool.exe	28

C:\Users\Admin\AppData\Local\Temp\BoostTool\BoostTool.exe
"C:\Users\Admin\AppData\Local\Temp\BoostTool\BoostTool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\BoostTool\BoostTool.exe
  "C:\Users\Admin\AppData\Local\Temp\BoostTool\BoostTool.exe"
  2⤵
  - Loads dropped DLL
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\_MEI29442\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit