adfc504073e04ebd8b56f957525e10686b7a1b4dfe03204ad8cfcb7733536b8a | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 13:25

Sharing

Report Analysis Logs

General

Target

corruptor.exe
Size

10.9MB
MD5

3d3e1579c5e05c002e4c7d469153901f
SHA1

a3821824f1c364c0c6af30eec3de3615c9b22381
SHA256

adfc504073e04ebd8b56f957525e10686b7a1b4dfe03204ad8cfcb7733536b8a
SHA512

557269b035ab4231caa6e2aa561a0449943c1acac0dc23458b3dd5ff62ba56a25c140e6092592a55e8b9348a66bc2bd12a4dfeb5cd2498acf16671d8df55e481
SSDEEP

196608:OS4OekDwGcsAgejtcGfcY3gtlaA0W8/LV2ck6q1PgVKrR3IL:+Ck3meBcGfd8aHW8p2FZlYL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1068	corruptor.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 1068	1680	corruptor.exe	28
PID 1680 wrote to memory of 1068	1680	corruptor.exe	28
PID 1680 wrote to memory of 1068	1680	corruptor.exe	28

C:\Users\Admin\AppData\Local\Temp\corruptor.exe
"C:\Users\Admin\AppData\Local\Temp\corruptor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Users\Admin\AppData\Local\Temp\corruptor.exe
  "C:\Users\Admin\AppData\Local\Temp\corruptor.exe"
  2⤵
  - Loads dropped DLL
  PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16802\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit