257079c22c264fd97bd7e9556fc8031fa51ea854ce24ff7f7d4cb501481ad0f5 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 10:56

Sharing

Report Analysis Logs

General

Target

office自动激活.exe
Size

10.2MB
MD5

6a3b07a0a09474805e1f62d001b74f6e
SHA1

c9ff6bfa4bf835bd89b83e62b57c11856a22e8ea
SHA256

257079c22c264fd97bd7e9556fc8031fa51ea854ce24ff7f7d4cb501481ad0f5
SHA512

9dbeb7268eef265d2ab68a6add65b4aa8cc5da664121faab4c726cdce60044a01375618a45cea3ad6227b8f2cdc790a02218c7887c493584e2bdb909624812bd
SSDEEP

196608:LqTF0DfyGgm0sKYu/PaQ9wBdnpkYRM6YDu8QcBW7W2c:nDfDg8Q9c66uFBW7W2c

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

office自动激活.exe

pid process

3036 office自动激活.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

office自动激活.exe

description	pid	process	target process
PID 2108 wrote to memory of 3036	2108	office自动激活.exe	office自动激活.exe
PID 2108 wrote to memory of 3036	2108	office自动激活.exe	office自动激活.exe
PID 2108 wrote to memory of 3036	2108	office自动激活.exe	office自动激活.exe

C:\Users\Admin\AppData\Local\Temp\office自动激活.exe
"C:\Users\Admin\AppData\Local\Temp\office自动激活.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\office自动激活.exe
  "C:\Users\Admin\AppData\Local\Temp\office自动激活.exe"
  2⤵
  - Loads dropped DLL
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21082\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit