157f185eb1e9ca243f858370eeae40629cd810a8774b567e87e99253b78e1ed9

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 19:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2g4 loves sex/main.exe
Size

7.5MB
MD5

81afbfc1979b0bf0e28c7140d1b18552
SHA1

df8bdfae6cd749a576ab2babe1d356b283c42e52
SHA256

9a2cfb39ea852bbda32cdbe0f54f470c97d21831c60187845b5c876273b80cd2
SHA512

3df5eb7682e265814071c6a96f0ec1829fac66565fa4bbd37fe8b9bb3a75816b82773f732d3d5769b98d2d6cd3b3094c0a072b22415f08928d5204407c72316a
SSDEEP

196608:PAH7uoZ7saxXYPSqd4m9mNjm26T5c88TCVcqtmOuVI:4blVsa9YPvdbmkndaT4cqgO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2200	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2948	main.exe
2200	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2200	2948	main.exe	28
PID 2948 wrote to memory of 2200	2948	main.exe	28
PID 2948 wrote to memory of 2200	2948	main.exe	28

C:\Users\Admin\AppData\Local\Temp\2g4 loves sex\main.exe
"C:\Users\Admin\AppData\Local\Temp\2g4 loves sex\main.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\onefile_2948_133582877764172000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\2g4 loves sex\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2948_133582877764172000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2948_133582877764172000\main.exe

Filesize
9.6MB

MD5
4e8d12c2d39a81903a9682ba96008e41

SHA1
1b584a11ed392d8047d7a5a9fe9a1c94a8038a4c

SHA256
24dc89dd5387f2af807aa9a982f6d059c5028d4054d0a12c5c4187f4b25f0d8c

SHA512
ab078f3bb86f12fe343bc5ed590972c2e4f06a0c0656265a2cc1654bf21b6860403dfe42d67ac1431302d01ea738ba106366b091b8aeed6b58b4a51fb59c4d44

Download Submit