721a4b64330caaa0a64de7a355c76add6f50a90ce6039fbb17a8db6ddfd8debc | Triage

Analysis

max time kernel
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 12:25

Sharing

Report Analysis Logs

General

Target

TBK.exe
Size

7.4MB
MD5

c4f886d3b4ce022c73dff1312b5e6d2a
SHA1

e9c2e75578956fd75dd60765c968b9ce1023073b
SHA256

721a4b64330caaa0a64de7a355c76add6f50a90ce6039fbb17a8db6ddfd8debc
SHA512

806a1b1c4f021d49735d7686de5bd0c3ef8f64d50761ba1ed58ea3c80fc4ff141c62aed6adcefb359c563f6e45733d60892e64a636cd3c3f99432b46d9d84687
SSDEEP

196608:f+24uWJysVYvsOSVoyMxxvjDDAx4Br/nKsM/d0kkS2hTyZpMTx:DWJzoyMxtDDAxmxM/d0k1myZpMT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

TBK.exe

pid process

2632 TBK.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

TBK.exe

description	pid	process	target process
PID 1040 wrote to memory of 2632	1040	TBK.exe	TBK.exe
PID 1040 wrote to memory of 2632	1040	TBK.exe	TBK.exe
PID 1040 wrote to memory of 2632	1040	TBK.exe	TBK.exe

C:\Users\Admin\AppData\Local\Temp\TBK.exe
"C:\Users\Admin\AppData\Local\Temp\TBK.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1040

C:\Users\Admin\AppData\Local\Temp\TBK.exe
"C:\Users\Admin\AppData\Local\Temp\TBK.exe"
2⤵
- Loads dropped DLL
PID:2632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10402\python38.dll
Filesize
1.6MB

MD5
a39210792dd203f0c2f1e7c8c5c86a9d

SHA1
4267e6bb3eb35ed03d8bd4658d7bd66056188454

SHA256
90b10b8f9c89937c35b207eada1bc8079c42aa56c32b70ae2ca5d63c8717dbbf

SHA512
4850b860878ca6c26c651cdd5707f2444799cb7806134db6687853f32dc3f8ca1af0c11880ff1fc2a92c4a9aae34dbe2023be467291e1118ad467d4ac26801d1

Download Submit