Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-06-2024 03:12
Behavioral task
behavioral1
Sample
b7125b693faf3d149ab860f35acfe143.exe
Resource
win7-20240221-en
General
-
Target
b7125b693faf3d149ab860f35acfe143.exe
-
Size
16.2MB
-
MD5
b7125b693faf3d149ab860f35acfe143
-
SHA1
fff42312791361b96461a5966c88dbdb1af95384
-
SHA256
6e5e09d126acb34a42d2b2d93c4eb17d5e345f728e3ac50f49c22dcdd0c422bb
-
SHA512
7734db46ad1cd4114f4e9cea5fb6ed223cc359880f39d78b3ceeafcaa1f3beae8f73ca5c8a2cc0542d89aad670206e22875cc3741996dfe905cc9ac1d272d91c
-
SSDEEP
393216:1u7L/sQQ+qPJWQsUcR4NzEInEroXq14S2Mn8hPWih:1CL0QJqPYQFnErUlqcWi
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
b7125b693faf3d149ab860f35acfe143.exepid process 1992 b7125b693faf3d149ab860f35acfe143.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
b7125b693faf3d149ab860f35acfe143.exedescription pid process target process PID 1288 wrote to memory of 1992 1288 b7125b693faf3d149ab860f35acfe143.exe b7125b693faf3d149ab860f35acfe143.exe PID 1288 wrote to memory of 1992 1288 b7125b693faf3d149ab860f35acfe143.exe b7125b693faf3d149ab860f35acfe143.exe PID 1288 wrote to memory of 1992 1288 b7125b693faf3d149ab860f35acfe143.exe b7125b693faf3d149ab860f35acfe143.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7125b693faf3d149ab860f35acfe143.exe"C:\Users\Admin\AppData\Local\Temp\b7125b693faf3d149ab860f35acfe143.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b7125b693faf3d149ab860f35acfe143.exe"C:\Users\Admin\AppData\Local\Temp\b7125b693faf3d149ab860f35acfe143.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI12882\python310.dllFilesize
4.2MB
MD5384349987b60775d6fc3a6d202c3e1bd
SHA1701cb80c55f859ad4a31c53aa744a00d61e467e5
SHA256f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8
SHA5126bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5