4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3 | Triage

Resubmissions

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/04/2024, 20:16

Sharing

Report Analysis Logs

General

Target

MonkeModManager (2).exe
Size

13.2MB
MD5

a64a50d764de2af1e198bfd517eec2f3
SHA1

913b4cdc597642e4ac33e1a6526cd163f2bc29cb
SHA256

4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3
SHA512

efb92705d50713b06c208a308c0a8eee17c8b05c8622b0158c5974b89484739d2b48d96a860268d86afd5b51f715362542208a12b7e441c6d29d95d5ca3fa1a4
SSDEEP

393216:BiIE7Yo9+4ucW+eGQRJ9jo7BGcGmY/dt1Wom2:u7r9+RcW+e5RJ9Mgpm2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1780	MonkeModManager (2).exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1780	2932	MonkeModManager (2).exe	28
PID 2932 wrote to memory of 1780	2932	MonkeModManager (2).exe	28
PID 2932 wrote to memory of 1780	2932	MonkeModManager (2).exe	28

C:\Users\Admin\AppData\Local\Temp\MonkeModManager (2).exe
"C:\Users\Admin\AppData\Local\Temp\MonkeModManager (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\MonkeModManager (2).exe
  "C:\Users\Admin\AppData\Local\Temp\MonkeModManager (2).exe"
  2⤵
  - Loads dropped DLL
  PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29322\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit