Analysis
-
max time kernel
7s -
max time network
5s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-05-2024 08:34
Behavioral task
behavioral1
Sample
Ethereal.exe
Resource
win7-20240221-en
General
-
Target
Ethereal.exe
-
Size
11.1MB
-
MD5
378e476a483942485b9fc91c45a352f2
-
SHA1
54860021523e00f1dfc6bfb887a51c5b987ff56d
-
SHA256
9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a
-
SHA512
c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8
-
SSDEEP
196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
Ethereal.exepid process 2408 Ethereal.exe 2408 Ethereal.exe 2408 Ethereal.exe 2408 Ethereal.exe 2408 Ethereal.exe 2408 Ethereal.exe 2408 Ethereal.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Ethereal.exedescription pid process target process PID 2020 wrote to memory of 2408 2020 Ethereal.exe Ethereal.exe PID 2020 wrote to memory of 2408 2020 Ethereal.exe Ethereal.exe PID 2020 wrote to memory of 2408 2020 Ethereal.exe Ethereal.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\api-ms-win-core-file-l1-2-0.dllFilesize
22KB
MD5b38d5b15f77e6cd93763c76ff1bc79ee
SHA1cadffe8a06835a7c1aa136a5515302d80d8e7419
SHA256aa9e41933f1cf1c3bcc3b65771297b0ef088fac153c7997c0d48e7882714d05f
SHA51246eaeb419654efd999146b9cd55ece42939e071f089ccb4698a09f4bb6b881106a3e342901439f867f609c1147ef151832b2919d2a33726643a6e5c4086a5f3a
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\api-ms-win-core-file-l2-1-0.dllFilesize
22KB
MD5e1d37d21f7875483ae0d187032d5714c
SHA151a945a9e6ccf994781a028cd07ab8ee820f542c
SHA2561076a19f2a42a35c8639fb1ce1666d046e0fd259142f7e645e350211d9d6390f
SHA51277973d6e5e6ad68b304f50184a95be9d4993338f4f69e07c11275951b2fcfdc02c061182d1a7a394dc18fe77d6d021dd9e8e17cdfbbb8d0c77752c6df1979011
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\api-ms-win-core-localization-l1-2-0.dllFilesize
22KB
MD509fed91680050e3149c29cf068bc10e5
SHA1e9933b81c1d7b717f230ea98bb6bafbc1761ec4a
SHA2563c5900c9e7fbada56e86d8973a582771dde6bff79ca80ae05920a33a2cc435df
SHA512e514590385561731f2ad18afd6bcefac012ea8061a40b6ccfda4e45ff5768617b2e1b06e849e8a640a10ca59039e89ba88cac5d3b7ff088968eb4bc78e212d3a
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\api-ms-win-core-processthreads-l1-1-1.dllFilesize
22KB
MD50f99a725b93375f0ba8795e67e5a4fdf
SHA19825f0ec9cc4ba99471f4587d4bf97f7083d5f93
SHA256be77a15dcaf73a7c1be6c62f57e79ef7bbc305e1b7753a4345ba1d88851dba08
SHA512f95b6472b78f2bea732c6cc4933c83da7cbbf3eec67544b9faf86c6d6183c23e47afadb23e78420ed2dcec7ddde819e0fcb14345614c5acb3d959fca7c5a7468
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\api-ms-win-core-timezone-l1-1-0.dllFilesize
22KB
MD5dd86613bbc3da5e41d8bd30803d87c1f
SHA135690b9b0fe48f045568e25221694be041f56d4f
SHA2562312923d7e07c1f58f457ac434b89c01ce675ff42d74bb279326d6c573f675ed
SHA5126d4a29c99e819368389a9347a719e78125dfbc3166af85425db81f38833b57ba28251472dd42db974876bcf8bc73465d638678b06e3482ceb36c19b943f41ca4
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\python312.dllFilesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35
-
C:\Users\Admin\AppData\Local\Temp\_MEI20202\ucrtbase.dllFilesize
1.1MB
MD5a6b4fba258d519da313f7be057435ee4
SHA10bf414057d0749e9db4da7683eb6d11be174cdd5
SHA256aa092722797b9a74e9463516e6c63d4d3c904ac263f4a4ea421b0d4d4875f606
SHA51234f3d006a9bb7835e9d82465874e059a328c8d69abd61c79d6a85a7702df582dabc93126918a0514356fda2810c77acc1d6070ad4418921bd9e8efe34697e4a1