Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 22:02
Behavioral task
behavioral1
Sample
DripLite.exe
Resource
win7-20240221-en
General
-
Target
DripLite.exe
-
Size
22.6MB
-
MD5
29b37ee7f2e4f83f5a9151c76d78c38c
-
SHA1
1f90143516f42b1b4a9ba9554b9a4ca8944b9e42
-
SHA256
3c4f8fcd2f82e81b62149ec02a9db9fe414e643b36259abfd9fd1ccc34c9d191
-
SHA512
f6a9e6db96f4caf219669d3595e146fb6b7117377bc8a4e863708f8ff0d357928a060d5e6ae3ed6de7f3709d199c57b4a6f7605ce68d7f25be0593254a03ccd0
-
SSDEEP
393216:uo9DM45Cto5L1V8dkurEUWj5EnBSVkRIrY87FNwrMiE1PcZYE9buK+:P9NMgRndbQzcY87FyMiRYEEK+
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
DripLite.exepid process 1632 DripLite.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI26642\python312.dll upx behavioral1/memory/1632-112-0x000007FEF6320000-0x000007FEF69E5000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
DripLite.exedescription pid process target process PID 2664 wrote to memory of 1632 2664 DripLite.exe DripLite.exe PID 2664 wrote to memory of 1632 2664 DripLite.exe DripLite.exe PID 2664 wrote to memory of 1632 2664 DripLite.exe DripLite.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI26642\python312.dllFilesize
1.7MB
MD5fb8bedf8440eb432c9f3587b8114abc0
SHA1136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63
-
memory/1632-112-0x000007FEF6320000-0x000007FEF69E5000-memory.dmpFilesize
6.8MB