5968f58ef7ba110b7a74507e15b0b03ccc9dbceaab215404b7379f1232bd6083 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:46

Sharing

Report Analysis Logs

General

Target

burial.exe
Size

8.1MB
MD5

7455c1477831102fe315f7d0096772ef
SHA1

0d265d8e4872b302a0bf26e8db3dcbcd0d494aef
SHA256

5968f58ef7ba110b7a74507e15b0b03ccc9dbceaab215404b7379f1232bd6083
SHA512

224b0df77339d717a0d0faaedbf9efef1f92c44076bcd68173e8cfc67bdc5fd47230d6c92ccfab68ce2ac32f068cdb9ef57e84256e2375876067677eddd3b8f9
SSDEEP

196608:G5hQWfSCsXDjDyf8ZkTMU9ZqlRASPrRIq8G:shQ9CEDxZkjIRAErqc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

burial.exe

pid process

2652 burial.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

burial.exe

description	pid	process	target process
PID 1960 wrote to memory of 2652	1960	burial.exe	burial.exe
PID 1960 wrote to memory of 2652	1960	burial.exe	burial.exe
PID 1960 wrote to memory of 2652	1960	burial.exe	burial.exe

C:\Users\Admin\AppData\Local\Temp\burial.exe
"C:\Users\Admin\AppData\Local\Temp\burial.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960

C:\Users\Admin\AppData\Local\Temp\burial.exe
"C:\Users\Admin\AppData\Local\Temp\burial.exe"
2⤵
- Loads dropped DLL
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19602\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit