d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 19:59

Sharing

Report Analysis Logs

General

Target

creal.exe
Size

16.2MB
MD5

c0f80c8493aa4ce23b2bf241d587d092
SHA1

69617caf815328fada32a0904d0f297a7c0f92ae
SHA256

d45790ad179d7b2e726897a65dfcdb20cef3e943cdbbf2e352301ac2b0e85fef
SHA512

4f9dbb04e87cb3f18998148b5ca68e5a535b323267051bc9e1c1fbea77388343655929c1ec18bdc810cbfee081cc1ac068a5e5059d6b0f6efec7db9e2af6f2c3
SSDEEP

393216:TEkcqPnSNPG7NmiZoW1+TtIiFvY9Z8D8Ccl6l6udLs11sJzWmNoj:Tk6oKEAl1QtI6a8DZcIlzdwE7NK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

creal.exe

pid process

2500 creal.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

creal.exe

description	pid	process	target process
PID 856 wrote to memory of 2500	856	creal.exe	creal.exe
PID 856 wrote to memory of 2500	856	creal.exe	creal.exe
PID 856 wrote to memory of 2500	856	creal.exe	creal.exe

C:\Users\Admin\AppData\Local\Temp\creal.exe
"C:\Users\Admin\AppData\Local\Temp\creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856

C:\Users\Admin\AppData\Local\Temp\creal.exe
"C:\Users\Admin\AppData\Local\Temp\creal.exe"
2⤵
- Loads dropped DLL
PID:2500

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI8562\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit