d97fed7ded1b6c208698b38108b28fa7773391b77b177dacbb648bc76c46fdd9 | Triage

Analysis

max time kernel
43s
max time network
16s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 18:09

Sharing

Report Analysis Logs

General

Target

Bird x.exe
Size

16.1MB
MD5

6d5700964a39aa393e1dacf63fc8237a
SHA1

40749012ff9845b9a69214eb923d368b0d0449a7
SHA256

d97fed7ded1b6c208698b38108b28fa7773391b77b177dacbb648bc76c46fdd9
SHA512

440c28495499891cb03ce8ec89d9bd091b78cbc6f6e80ac0de28c226b254bc9d4b554a70c8486708929bcd76086acd0e766e3e79ab320e408e6f6b4031d17646
SSDEEP

393216:iEkZQND/v3JWQsUcR4NzDL2Vmd6m0RJVAzDak/ikzndY3gHwFeapt:ihQ9X3YQFryVmd4DAvLpW3yYt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2572	Bird x.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2572	2236	Bird x.exe	28
PID 2236 wrote to memory of 2572	2236	Bird x.exe	28
PID 2236 wrote to memory of 2572	2236	Bird x.exe	28

C:\Users\Admin\AppData\Local\Temp\Bird x.exe
"C:\Users\Admin\AppData\Local\Temp\Bird x.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\Bird x.exe
  "C:\Users\Admin\AppData\Local\Temp\Bird x.exe"
  2⤵
  - Loads dropped DLL
  PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22362\python39.dll

Filesize
4.3MB

MD5
19e6d310c1bd0578d468a888d3ec0e3d

SHA1
32561ad9b89dc9e9a086569780890ad10337e698

SHA256
f4609ec3bbcc74ed9257e3440ec15adf3061f7162a89e4e9a370e1c2273370a1

SHA512
4a8332c22a40a170ea83fc8cfd5b8a0ed0df1d59fd22ebe10088ba0be78cc0e91a537d7085549a4d06204cbe77e83154a812daed885c25aa4b4cb4aca5b9cc85

Download Submit