Overview

overview

7

Static

static

3

Rockstar_method_2.rar

windows7-x64

7

Rockstar_method_2.rar

windows10-2004-x64

3

Log checker.exe

windows7-x64

7

Log checker.exe

windows10-2004-x64

7

deliveredG...2).txt

windows7-x64

1

deliveredG...2).txt

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 10:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Log checker.exe

  • Size

    16.0MB

  • MD5

    7bbfb8d2359f13dab444803e9a0fd5e0

  • SHA1

    bd5896b6d3e1576567db303de9c1d6ae35a86b2d

  • SHA256

    9855b51749951297120268dcef92442bddc39c8374c2e8edbe4e80fcddc09966

  • SHA512

    150d66304c01d000d74f550c34ba475422a028171df160962faa60391b49d59a39533aeb9a4affc4de44f3a1f2ba0e622cf1d1e92d0b6dc72c47179b387a568c

  • SSDEEP

    393216:zlPiKyPxsHjFofQo5xHSdX30GVrSVSJ3QJIIg++462:zlKlZ6mYsx0rVrdJ3qgw62

Score
7/10
pyinstaller

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Log checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Log checker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Users\Admin\AppData\Local\Temp\creal.exe
      "C:\Users\Admin\AppData\Local\Temp\creal.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Users\Admin\AppData\Local\Temp\creal.exe
        "C:\Users\Admin\AppData\Local\Temp\creal.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1488

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI29242\python312.dll
          Filesize

          6.6MB

          MD5

          3c388ce47c0d9117d2a50b3fa5ac981d

          SHA1

          038484ff7460d03d1d36c23f0de4874cbaea2c48

          SHA256

          c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

          SHA512

          e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

          Download Submit

        • \Users\Admin\AppData\Local\Temp\creal.exe
          Filesize

          16.2MB

          MD5

          f1ff8286a79c2448162494964947121a

          SHA1

          351ee4e12a653277c3ab9bbd0298d07995b4fe9e

          SHA256

          0fe01e43fa1cf10cd81ae3502bfae0f18935787f2b43c9a40f76d896c3384f55

          SHA512

          dbb80fc9fe67ae7bd0c0fc23ae7af042810d8f7fa0e0c7fa379aa7a37d45c80f1d58fd4500c955d2b33278b90c60685b175ed5eb70063e2534051e5ad2a6d3e5

          Download Submit

        • memory/1876-0-0x000007FEF5D53000-0x000007FEF5D54000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1876-1-0x0000000000ED0000-0x0000000001ED2000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/1876-2-0x000007FEF5D50000-0x000007FEF673C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/1876-13-0x000007FEF5D50000-0x000007FEF673C000-memory.dmp

          Filesize

          9.9MB

          Download