Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 01:47

General

  • Target

    b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f.exe

  • Size

    7.2MB

  • MD5

    751d1cc5bec96d8310b7bdfd068b25b7

  • SHA1

    641aa777fafa57ed3a4fdce03eef2210faaaa089

  • SHA256

    b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f

  • SHA512

    ef7b2218786542e2185c650355d89f8fb5c359babeaa6c4c500cf070c7f5ff767f630ca969dc5eb362dbdb9b7bd63d632d86d4254f2a613c1a44499092f266f8

  • SSDEEP

    196608:a5g00++fUGU2O21VYtHieGdCdeHErMPEVTCctrbWOjgWy8:itqmie8Ey9ctrbvMWy8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f.exe
    "C:\Users\Admin\AppData\Local\Temp\b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Admin\AppData\Local\Temp\b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f.exe
      "C:\Users\Admin\AppData\Local\Temp\b98f2ad4e65071bc462127329011bed54c5d6439cbd1716d80d6faffb0d5e36f.exe"
      2⤵
      • Loads dropped DLL
      PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\python311.dll
    Filesize

    4.7MB

    MD5

    b8769a867abc02bfdd8637bea508cab2

    SHA1

    782f5fb799328c001bca77643e31fb7824f9d8cc

    SHA256

    9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8

    SHA512

    bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3