Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
28-05-2024 16:56
Behavioral task
behavioral1
Sample
gift.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
gift.exe
Resource
win10v2004-20240426-en
General
-
Target
gift.exe
-
Size
7.8MB
-
MD5
a09e1ff55b8c74a1dede4015ae2d6906
-
SHA1
165fe05d69b5411a887e7bf934b28b7bff6bd55d
-
SHA256
34981fde26aa67fa0c84e240abbc6603c7a27a49151fb1efe298583a9e0ffdca
-
SHA512
891f8a0317bd25712db81190fb52672049af2f3e371e4ed2e6dcfc0928b47c60bbed56d41fdf9da64ec03a2a98bfd7773ef80e89d7fe63cece6342f379f1c2f5
-
SSDEEP
196608:z6ur1W903eV4Q+tpDjIIAcwDNjRPJvvk9LIL:5W+eGQ69jodyk
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
gift.exepid process 2728 gift.exe 2728 gift.exe 2728 gift.exe 2728 gift.exe 2728 gift.exe 2728 gift.exe 2728 gift.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
gift.exedescription pid process target process PID 2292 wrote to memory of 2728 2292 gift.exe gift.exe PID 2292 wrote to memory of 2728 2292 gift.exe gift.exe PID 2292 wrote to memory of 2728 2292 gift.exe gift.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI22922\api-ms-win-core-localization-l1-2-0.dllFilesize
22KB
MD521077a051ef0f7a06f11b2270920bb9b
SHA16d3ae3eabf83c8206ff3eea1c73ac02e1e649de4
SHA256fb37e0ad35ca4446e9edafdf5c2ac55cae0b40f3a609f6fa63688d2f5bc90df4
SHA5123bdded7681618d62e430e4ead2101b5e6cc39866eaeb1bb5330234006d86eb884f388cbd3a4e56dbcad02f9573a69f4d9164dbfb58d773fc92bb810b1bf0075f
-
C:\Users\Admin\AppData\Local\Temp\_MEI22922\python312.dllFilesize
6.6MB
MD55c5602cda7ab8418420f223366fff5db
SHA152f81ee0aef9b6906f7751fd2bbd4953e3f3b798
SHA256e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce
SHA51251c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f
-
C:\Users\Admin\AppData\Local\Temp\_MEI22922\ucrtbase.dllFilesize
1.1MB
MD5b0ceb85c5e954f543abc076fa8de17f9
SHA10969b9819d72e24139d1f931c27710e814581d27
SHA2561e316042bf54883cde951203633b087c2dcfdb2195af0526fb9d686541b14950
SHA51236d9182a73edcd14949f93dfefd47f513fce5760efb8fa8a111af9001a0752f2dc90a92374aaafa9f58ff58f6603ee9e6efdd49ff5359fe6e69f2e1ef7a6cd73
-
\Users\Admin\AppData\Local\Temp\_MEI22922\api-ms-win-core-file-l1-2-0.dllFilesize
22KB
MD5ac4df73c97799aa9f5bec3c5fd78937e
SHA16a95f8f24b6faf92580be7d2b587eb43714937e8
SHA256796896827a8eb53cfc40e49ffd56ce4c5e40671c94b8102f97dce67a351e997c
SHA5124db9636f306bf851678d4ad12c7b33dfeaeecf65393ac9f843dc5cb7382532644475a653d708dbd1cb6bae4db1b5273e84ce76ee0941649cb02ebca9e7afb44a
-
\Users\Admin\AppData\Local\Temp\_MEI22922\api-ms-win-core-file-l2-1-0.dllFilesize
22KB
MD55bf0d34b49a16004c9b2297502c736da
SHA160d30cad05932086fafd87890b40ea798ff5143e
SHA25694d0ea1ff3707665bbbe9942d000e497306504575bee4e687fa8a51a29b841e6
SHA5129feaf1e7b602370edb67a2dfa627b09a96aa905b946ffe2af2d595288ed784d43d8e4bb1d29f23f459535b5892d38088dfd9a73fdf636dc21b6d9143f56e77a8
-
\Users\Admin\AppData\Local\Temp\_MEI22922\api-ms-win-core-processthreads-l1-1-1.dllFilesize
22KB
MD5d5cb714b845fbd16f4139412417653bf
SHA1f3316169ae8909cb2dbf9769d7e253a09b4590d0
SHA256eb299c380b9149f65ce7be6945a2a2eb0e63bfa87a27759e456b7050eb744cdb
SHA512f6444115e5de000e13ed0cd13a4adf686974c78b48bd2cf8c1fea8e05f5f5494dae2e74b7706c7651ad4c0cfbeee108fb786878629650d1ed2b8f31d3881e4ae
-
\Users\Admin\AppData\Local\Temp\_MEI22922\api-ms-win-core-timezone-l1-1-0.dllFilesize
22KB
MD57cf41ccd6d1f252d16475a116d9a8f1d
SHA13167fca636a5d3306a22924f4edb0aaff6eecbb4
SHA256049c9a49353416701a0672985800734e515be2b5f5445fb5fb3813845460008e
SHA5126f7ea04d7d25396e0bf776140cacc42a31e355453d158ca4d88b3b03d0662fe4c9d20b006bb17087375d3d8b87d9f9c70c9c7508e370883033f6cf6a552ad15e