1e758eeb81e0eba7c940ad8926ac6bada14fa863578f0f57b5f0f3a539bb1fc4

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

10.0MB
MD5

5918a860ac16c1c1d80f904036275c33
SHA1

d54627d3da5ecf92bf68adc5f8b6595714587a92
SHA256

1e758eeb81e0eba7c940ad8926ac6bada14fa863578f0f57b5f0f3a539bb1fc4
SHA512

05ebf00de65925b81bef61b6dea119ae9c18ed312f6e6acc540f4be18161f474fec5d1422a00803f3283d60493ce200066283d5f14b7d497c1af3a5b1e13a7c3
SSDEEP

196608:PsS+EkT/AfRSiL2Vmd6+DXcLZy7YM30Lzajl1ljvYDCfn5pFhJnwzsj:6EkTAZ1L2Vmd6mu0Gzajlfrv5jXwzsj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

main.exe

pid process

2108 main.exe
2108 main.exe
2108 main.exe
2108 main.exe
2108 main.exe
2108 main.exe
2108 main.exe

pid	process
2108	main.exe
2108	main.exe
2108	main.exe
2108	main.exe
2108	main.exe
2108	main.exe
2108	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description	pid	process	target process
PID 2228 wrote to memory of 2108	2228	main.exe	main.exe
PID 2228 wrote to memory of 2108	2228	main.exe	main.exe
PID 2228 wrote to memory of 2108	2228	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
2⤵
- Loads dropped DLL
PID:2108

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
6b280015cf873517051ccbda728dea4b

SHA1
c83f9bc0e27eb1969559d6aeaa268c99a5a4dde1

SHA256
f2a0d0fc3d24e72f3cc46111d7166ab8a4511674b73617d2019f235c61b30654

SHA512
fcb108b3a95d13059434415c3d054669b4741c85f4a21dc60f69af870a306aa6c2726b03e746f9ad5ff916cfc23a1bc1ed541e635b4720e430b334e921e568e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
37fcc989b5ae55d0d18ee69edf57f6c6

SHA1
c4b2cdc1aee7137fbe4993b03859e9fb45fc3e14

SHA256
4047ec069444b0b466c4b375bd55aa1e1b6c177bda61eca391969b3d0d07f534

SHA512
bcbf7c4bd709ab1b7fbac483bf2b002abaac93e7e74ec465c31ab9ece6cd7874ffeced5a998302514e3f0cf15e571c09d7197d146f6fe490dbf429ea2a964d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
d48de46dc141d9cad89cd97a9ac326da

SHA1
6ae6491924a7ea716f907490cf1851da014ee3c5

SHA256
aaacc72a5e85ceb15181b4604683543f81b37dd1d5215d647ff3fb464935f890

SHA512
6bcd7f62c293f8a3aea9937c4520851babd8ed796b138860e3e3aac7bb95715b5987485f8ee8255209bbb704e73e833d4cddf1c8e57bd2a39448dc292bb4f6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
d23eb2dbfb3094b4bd37cb304f6c2a8d

SHA1
9f2ed84b2a8d46bd8ca0704917e95a44c3426ef3

SHA256
af4d0083bac90404962e846a91385fc10b62dc739d1a763ec11950636a62a1f3

SHA512
d1cfbcdb9f97958593c561c3e7bdf6da7fe1ab586592c74bff7dd5cf1296fb2f5f7139ebeebe55bf4ae62c4043819955fc6764a6e724e00e9bbdb77d52d8f7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
a9b11e4a24f3dfd567f79e1fca5375d2

SHA1
90a76ed33255c1db551fe95debbefdf07d3617a3

SHA256
df91a750aad544f3c1048d2b397890aa91282e115652ac833639196f8e945a3d

SHA512
2fc0163d74fb121d4d426b99ba70c65a1f847c9b867fad0f86e9caa7b295e101958b2bf05a8b2498fbe0027cad71ea8c09ece3e5d2c4d707936e42c21f840236

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\python39.dll
Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\ucrtbase.dll
Filesize
987KB

MD5
907116582b20dab2c7952d283b2859e0

SHA1
92ed93d90e3dbed0bede26684618cdf40824f3f7

SHA256
aaada1f31f5862c7f7ebd68b15a4b854465d9e0c525228632ab6c85c2f321acb

SHA512
eb468b1537c299ddb486d6b8ebf4edf5821458bd012400b995c4c2d351aee67e5e292f5828baef07cc52a8c57940cb0d7cda7a99ef83e21978818fd28a7e4bc4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads