2c961060c113dafc3e22372a5e2f89fd70d59b2c491274161f5a64fc7ebe7e60 | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 14:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

plik.exe
Size

20.6MB
MD5

cad2d2c934e809554a6a3cf655592ed6
SHA1

3c33a636e10af09127fd17871d529fcae39a1a90
SHA256

2c961060c113dafc3e22372a5e2f89fd70d59b2c491274161f5a64fc7ebe7e60
SHA512

0e44eed3e96d2c1b8553e26685dcdf41e717da69ba4d23c0004a375fb93fad26711e6e0990dcac9148811351797f6c49d7083245274725cac789c56e8e4f1389
SSDEEP

393216:2OL3/pvQ8OG8B1+TtIiFpvvB5IjWqpau5qW80hoA/xzmCbSzWK:ndQlB1QtIgX3ILv5qW80hhuzWK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1924	plik.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1924	2928	plik.exe	28
PID 2928 wrote to memory of 1924	2928	plik.exe	28
PID 2928 wrote to memory of 1924	2928	plik.exe	28

C:\Users\Admin\AppData\Local\Temp\plik.exe
"C:\Users\Admin\AppData\Local\Temp\plik.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\plik.exe
  "C:\Users\Admin\AppData\Local\Temp\plik.exe"
  2⤵
  - Loads dropped DLL
  PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29282\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit