9299c3d540e284808d76c74d0718f94d94ae098e979846f293f0aa58e029ac90 | Triage

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 16:25

Sharing

Report Analysis Logs

General

Target

START.exe
Size

6.7MB
MD5

b755d0fdc9022c1b0100d9043a7b6b00
SHA1

7a02dfd01d48da8ae1ba31eafed5d28ee412102d
SHA256

9299c3d540e284808d76c74d0718f94d94ae098e979846f293f0aa58e029ac90
SHA512

9f5f6e4b61ff8984899a53a891e1487933c41e88ba2b73ba7c079ae18bec936feaf09db25a6731c38ddfa1c3d18d2dab87430f0238384473939d77d812c29c22
SSDEEP

196608:KhFquNeTE1W903eV4QE4KF5ikWMWKACygfeuK:uNeT6W+eGQEn/ikWMW7uK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2704	START.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2704	2196	START.exe	28
PID 2196 wrote to memory of 2704	2196	START.exe	28
PID 2196 wrote to memory of 2704	2196	START.exe	28

C:\Users\Admin\AppData\Local\Temp\START.exe
"C:\Users\Admin\AppData\Local\Temp\START.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\START.exe
  "C:\Users\Admin\AppData\Local\Temp\START.exe"
  2⤵
  - Loads dropped DLL
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21962\python311.dll

Filesize
5.5MB

MD5
86e0ad6ba8a9052d1729db2c015daf1c

SHA1
48112072903fff2ec5726cca19cc09e42d6384c7

SHA256
5ecda62f6fd2822355c560412f6d90be46a7f763f0ffeec9854177904632ac2d

SHA512
5d6e32f9ff90a9a584183dad1583aea2327b4aea32184b0ebbec3df41b0b833e6bb3cd40822dd64d1033125f52255812b17e4fa0add38fcda6bab1724dfaa2eb

Download Submit