15548dc4aab59a1ecc65d7cbe37b2a6224e8be7682621e8f6b9ed851ab6f4e97 | Triage

Analysis

max time kernel
1558s
max time network
1562s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 15:19

Sharing

Report Analysis Logs

General

Target

Creal.exe
Size

13.2MB
MD5

125a5c30fd99f5f53b2914e9f6cf1627
SHA1

c26195a24760f7c6621c63bf79b8d1f36e3ec04b
SHA256

15548dc4aab59a1ecc65d7cbe37b2a6224e8be7682621e8f6b9ed851ab6f4e97
SHA512

a40f99dbf33afbb7a9a6f8425da9f3fdc564fcd3a8a0e8f76a830a5c6da558158ef51fb907c24897aba82c1499156aeac636ca0eeb4f527bf5ec8fb43b39905a
SSDEEP

393216:iiIE7YoSD2nwW+eGQRIMTozGxu8C0ibfz6e57Z1bmXdWCUI:L7rSDawW+e5R5oztZ026e5DkVUI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2424	Creal.exe
772	Creal.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
772	Creal.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2424	2176	Creal.exe	28
PID 2176 wrote to memory of 2424	2176	Creal.exe	28
PID 2176 wrote to memory of 2424	2176	Creal.exe	28
PID 912 wrote to memory of 772	912	Creal.exe	35
PID 912 wrote to memory of 772	912	Creal.exe	35
PID 912 wrote to memory of 772	912	Creal.exe	35

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  PID:2424

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit