9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a

Resubmissions

28-05-2024 08:41

240528-klen9adh94 7

28-05-2024 08:34

240528-kgp97acg2z 7

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ethereal.exe
Size

11.1MB
MD5

378e476a483942485b9fc91c45a352f2
SHA1

54860021523e00f1dfc6bfb887a51c5b987ff56d
SHA256

9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a
SHA512

c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8
SSDEEP

196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Ethereal.exe

pid process

2964 Ethereal.exe
2964 Ethereal.exe
2964 Ethereal.exe
2964 Ethereal.exe
2964 Ethereal.exe
2964 Ethereal.exe
2964 Ethereal.exe

pid	process
2964	Ethereal.exe
2964	Ethereal.exe
2964	Ethereal.exe
2964	Ethereal.exe
2964	Ethereal.exe
2964	Ethereal.exe
2964	Ethereal.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ethereal.exe

description	pid	process	target process
PID 1260 wrote to memory of 2964	1260	Ethereal.exe	Ethereal.exe
PID 1260 wrote to memory of 2964	1260	Ethereal.exe	Ethereal.exe
PID 1260 wrote to memory of 2964	1260	Ethereal.exe	Ethereal.exe

C:\Users\Admin\AppData\Local\Temp\Ethereal.exe
"C:\Users\Admin\AppData\Local\Temp\Ethereal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1260

C:\Users\Admin\AppData\Local\Temp\Ethereal.exe
"C:\Users\Admin\AppData\Local\Temp\Ethereal.exe"
2⤵
- Loads dropped DLL
PID:2964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12602\api-ms-win-core-file-l1-2-0.dll
Filesize
22KB

MD5
b38d5b15f77e6cd93763c76ff1bc79ee

SHA1
cadffe8a06835a7c1aa136a5515302d80d8e7419

SHA256
aa9e41933f1cf1c3bcc3b65771297b0ef088fac153c7997c0d48e7882714d05f

SHA512
46eaeb419654efd999146b9cd55ece42939e071f089ccb4698a09f4bb6b881106a3e342901439f867f609c1147ef151832b2919d2a33726643a6e5c4086a5f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\api-ms-win-core-file-l2-1-0.dll
Filesize
22KB

MD5
e1d37d21f7875483ae0d187032d5714c

SHA1
51a945a9e6ccf994781a028cd07ab8ee820f542c

SHA256
1076a19f2a42a35c8639fb1ce1666d046e0fd259142f7e645e350211d9d6390f

SHA512
77973d6e5e6ad68b304f50184a95be9d4993338f4f69e07c11275951b2fcfdc02c061182d1a7a394dc18fe77d6d021dd9e8e17cdfbbb8d0c77752c6df1979011

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\api-ms-win-core-localization-l1-2-0.dll
Filesize
22KB

MD5
09fed91680050e3149c29cf068bc10e5

SHA1
e9933b81c1d7b717f230ea98bb6bafbc1761ec4a

SHA256
3c5900c9e7fbada56e86d8973a582771dde6bff79ca80ae05920a33a2cc435df

SHA512
e514590385561731f2ad18afd6bcefac012ea8061a40b6ccfda4e45ff5768617b2e1b06e849e8a640a10ca59039e89ba88cac5d3b7ff088968eb4bc78e212d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
22KB

MD5
0f99a725b93375f0ba8795e67e5a4fdf

SHA1
9825f0ec9cc4ba99471f4587d4bf97f7083d5f93

SHA256
be77a15dcaf73a7c1be6c62f57e79ef7bbc305e1b7753a4345ba1d88851dba08

SHA512
f95b6472b78f2bea732c6cc4933c83da7cbbf3eec67544b9faf86c6d6183c23e47afadb23e78420ed2dcec7ddde819e0fcb14345614c5acb3d959fca7c5a7468

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\api-ms-win-core-timezone-l1-1-0.dll
Filesize
22KB

MD5
dd86613bbc3da5e41d8bd30803d87c1f

SHA1
35690b9b0fe48f045568e25221694be041f56d4f

SHA256
2312923d7e07c1f58f457ac434b89c01ce675ff42d74bb279326d6c573f675ed

SHA512
6d4a29c99e819368389a9347a719e78125dfbc3166af85425db81f38833b57ba28251472dd42db974876bcf8bc73465d638678b06e3482ceb36c19b943f41ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12602\ucrtbase.dll
Filesize
1.1MB

MD5
a6b4fba258d519da313f7be057435ee4

SHA1
0bf414057d0749e9db4da7683eb6d11be174cdd5

SHA256
aa092722797b9a74e9463516e6c63d4d3c904ac263f4a4ea421b0d4d4875f606

SHA512
34f3d006a9bb7835e9d82465874e059a328c8d69abd61c79d6a85a7702df582dabc93126918a0514356fda2810c77acc1d6070ad4418921bd9e8efe34697e4a1

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads