1ff293a814687900efa1ab3508b9881c32b57372810c2d9b8068ff75ba8e776a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

textureatlas_to_gif_and_frames_43f7e.exe
Size

29.6MB
MD5

d0d8f4e7a97fcb9267a01873baf82e77
SHA1

8cd8ee8d17c735b03338626e086f94d82c82ade0
SHA256

1ff293a814687900efa1ab3508b9881c32b57372810c2d9b8068ff75ba8e776a
SHA512

c27b004648cda8f2d8109419fae8778daeb9e810a533507f9c4e39d0c76f25f37447142012cbaf89987a280b30866eda6c20b81f1dca403e4b2a321cc2d12dfc
SSDEEP

786432:BaAWfBoq1QtIJ2j6+s7LWB75zuPN6a8DZceCeW8cnVVrK:Bapo2iIJ2qHWB75iVb6NCeWZnr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe
1272	textureatlas_to_gif_and_frames_43f7e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1272	1048	textureatlas_to_gif_and_frames_43f7e.exe	28
PID 1048 wrote to memory of 1272	1048	textureatlas_to_gif_and_frames_43f7e.exe	28
PID 1048 wrote to memory of 1272	1048	textureatlas_to_gif_and_frames_43f7e.exe	28

C:\Users\Admin\AppData\Local\Temp\textureatlas_to_gif_and_frames_43f7e.exe
"C:\Users\Admin\AppData\Local\Temp\textureatlas_to_gif_and_frames_43f7e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\textureatlas_to_gif_and_frames_43f7e.exe
  "C:\Users\Admin\AppData\Local\Temp\textureatlas_to_gif_and_frames_43f7e.exe"
  2⤵
  - Loads dropped DLL
  PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
309ff152e830995a7978da8b20ebb318

SHA1
7daaf752d511b0fdae74008a5d0808f51553f21e

SHA256
940a9a02e564e2ce13280b78f4aa7b794b97685830edf2be3fbb0aecfdee707d

SHA512
565ea894214b88ea1a50779a1f36db2cbeb0aaf77a24d92b3d66c1ddab2dc57876205aa02721f79d3d4d01012df7347b62f4b8504f65915e07170b6901a7679c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
1e10f8ae883cdf8fc5fe166e61bd4c45

SHA1
5bc3de1f03674a32b309869a5f1b48d89790ff40

SHA256
e9e0a414c092ac237ee2c0e5f167efe9ff5e62314a5eb529011f85bdf7c0b2b7

SHA512
2ab555986a57f7fda8e284d472d1c1ca583e2415b6e9deccb0f1b0c72ce81fcddb1c733dc0b8f9d0f3ab8eae21864080c9091202ff99655534019b28a3ea866a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d13d82a9f3a0ee74f5c778ea50de9d4b

SHA1
afbf2470f0d46caf56f792ee10f6e86d58fc1aef

SHA256
139594138f923f34192b84edd810a6292eeb880e7797aeb3b9f22e69613426cf

SHA512
8544c73b9fb957ce0af9c112e0e06f3548525995d242098bf54c6d9e1a9822b1687bb5c32f85a7496632bfcabd4982ad8d573d74e1dc500c51cbd51558f8d6ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e105a7a95c3446b76a521c741ab03d1b

SHA1
b8371e3d938daca45bfd7ef2101e6fabd0e2450d

SHA256
a2947ba9d0c5510a62f685c839990cbe4ec43e2c7b38e20938420b562229090f

SHA512
10d4ed9e7a47d21bf04bb6c3b181e66528755601b1b748d2c23c20c9543f18e2cc2e87e133db5569b19d04748356891159ba210c1e3e719bb6dafce054a7c55a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
e27aa1ee2a6b5aa8d746ceed7095fdaf

SHA1
e7bc272932c30c494e672bc2871bbc26d2c758b6

SHA256
31e96eaf08a5dad4afe4304c97d18aefdfdc22c444c9f67be272f8e6282aa76a

SHA512
4c075c2ebab277480a05108588155d6f669c32d0bffd4264bc4d316fbaee613f940ffe4432ff906346f4290c5e379c7449a989c932834aed4c3f972d905b59e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10482\ucrtbase.dll

Filesize
987KB

MD5
28647d8fb402416cb1c986894d849c50

SHA1
bf0eaa587001214a4d6e6876b8adfcb49254450b

SHA256
b3591e2ba725934a1a659882444b85b186da44d2dddaba3b66587dd3f97364ab

SHA512
689346b9d9fa2f93a5d50af15eee9cc18ee819c00986dabbdd102126556466adecc412a8c539a8d22239cddccc1c3d3dd5783dff047f593bfd7be761c0ab9b12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads