Analysis
-
max time kernel
357s -
max time network
359s -
platform
windows7_x64 -
resource
win7-20240419-it -
resource tags
arch:x64arch:x86image:win7-20240419-itlocale:it-itos:windows7-x64systemwindows -
submitted
25-05-2024 12:23
Behavioral task
behavioral1
Sample
L3AK.exe
Resource
win7-20240419-it
Behavioral task
behavioral2
Sample
L3AK.exe
Resource
win10v2004-20240426-it
Behavioral task
behavioral3
Sample
keylogger.pyc
Resource
win7-20240215-it
Behavioral task
behavioral4
Sample
keylogger.pyc
Resource
win10v2004-20240426-it
General
-
Target
L3AK.exe
-
Size
14.3MB
-
MD5
1bcf3fc352cf570466a5aeff4ff9e385
-
SHA1
ad3663c5f6d3752a4b141f4ab23db0fe6c678918
-
SHA256
d448cfe08b8d84ff2d17f7431a4aaa006cdc9bf6971a3cb54963ee57a7fae0c9
-
SHA512
b858fc9202f75210a8b491f8837ff95de7a5ca416556ea6cde8529a6c4a582f1a83b771255e4fda1ffed0524dff5be6066686771fdcbba16ec65977089d19475
-
SSDEEP
393216:xmL7tpUTLfhJq1+TtIiFqY9Z8D8Ccl18ICDnotiWyKAx:xO7HUTLJM1QtIZa8DZcsICDvdKA
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
L3AK.exepid process 2472 L3AK.exe 2472 L3AK.exe 2472 L3AK.exe 2472 L3AK.exe 2472 L3AK.exe 2472 L3AK.exe 2472 L3AK.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
L3AK.exedescription pid process target process PID 2204 wrote to memory of 2472 2204 L3AK.exe L3AK.exe PID 2204 wrote to memory of 2472 2204 L3AK.exe L3AK.exe PID 2204 wrote to memory of 2472 2204 L3AK.exe L3AK.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l1-2-0.dllFilesize
21KB
MD5e2a03fb652b3f3f2a39d305e0fc991f9
SHA149292471fb6b2a08a3b5ea4d55c7ba63d7c22df4
SHA2566d6aa0c0de2e39580807b2996070033fdbae5b41c4fa9520a102479731ba1e29
SHA512b2f4336c29a9b8b59d206b11ef39208f95abde83efee90fb12ae9cb9cd84b983d431eebfd2b9550bd2ad47ba0332b0e57f86699aa2198d0f94e615adcc3ea9bc
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-file-l2-1-0.dllFilesize
20KB
MD550abf0a7ee67f00f247bada185a7661c
SHA10cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1
SHA256f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7
SHA512c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-localization-l1-2-0.dllFilesize
21KB
MD53e4e4b68179d85d2ef56d63cb6b4caa2
SHA15e75a9e9805ea454d9fb646b4cacff936357cbba
SHA256897b716684eed10bd4214c9f518bbbbb8b5f76152a3f91355112873b0677d05c
SHA51281e85262c3db997a021d4e73f80251783b9ec8fe022f4dce846e824252abd01fdc5f1f1084d6aad0b9cbbe30e08142a0d648816b856dc7068b2ce412399cef8b
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-processthreads-l1-1-1.dllFilesize
21KB
MD53d73a0d2988f2d91e8bf09f1df449bf0
SHA16ccd48cd3dc1c23700c3b8f4a3b9dfdf8c08ff08
SHA256521340b666bd5e74b395d56b7886a795b95dea9997a2eb6ff198c16745b55f18
SHA51222713e21375dd0c87881862c74bf1945265ef81e4f91bf6a7b1cc3727a923e113c8dc2b12bc538f2f0fe8c3224ce6b776284b42be075831478d2d1fc251fb32e
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\api-ms-win-core-timezone-l1-1-0.dllFilesize
21KB
MD53f319e5743e66e32488529d75ec15981
SHA133f2ce75ede1df246703871331e7c4934790c639
SHA25644704de5e39e481928088e5e3eab77498b1215ffb1ac10edb0568c0b29896232
SHA512c8ac4fec1cd02851420480c379077af41f6cbb31fbeb66af114a7bef856b4e548aecc34ab816f0f7e3675ae3e0b35d789068e095241bc4e5fdcdbf6e55f1ded2
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\python312.dllFilesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35
-
C:\Users\Admin\AppData\Local\Temp\_MEI22042\ucrtbase.dllFilesize
1.1MB
MD53b337c2d41069b0a1e43e30f891c3813
SHA1ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499