Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 15:31
Behavioral task
behavioral1
Sample
FlaggexDE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FlaggexDE.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240426-en
General
-
Target
FlaggexDE.exe
-
Size
40.4MB
-
MD5
0abe277e07ec1165ca20a74304e4baff
-
SHA1
6c15f025474289d8fe38583c49d54c814f5e24eb
-
SHA256
deac181d9f369808808e3aff6effa4d8baa128c5408091ad771c0aa84159ef28
-
SHA512
51670041bcbe29baca5b44e2d568eda7e16489f9a743cf35576c166edc6ef2b26a97874312b4be0af248e6edfd76cbf6fa03a0f69242f3fa0ee52e51d02adbf2
-
SSDEEP
786432:/oZOzsN1haPnf3Bd2e9YTQuR06u8tBoH13wH2lCTl7Th19sJkAdF6bqyV7XNzj7k:QZOz+UPnfWe9du1ZoH13+2kTlfCJkA/l
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
FlaggexDE.exepid process 2660 FlaggexDE.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
FlaggexDE.exedescription pid process target process PID 1740 wrote to memory of 2660 1740 FlaggexDE.exe FlaggexDE.exe PID 1740 wrote to memory of 2660 1740 FlaggexDE.exe FlaggexDE.exe PID 1740 wrote to memory of 2660 1740 FlaggexDE.exe FlaggexDE.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI17402\python310.dllFilesize
4.2MB
MD5a1185bef38fdba5e3fe6a71f93a9d142
SHA1e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA2568d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4