Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 16:40

General

  • Target

    trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/png2bin.exe

  • Size

    8.5MB

  • MD5

    c6f98ceec41c080120ebd6121fab72a1

  • SHA1

    d4e06fafc5807055acccad44bf31031f765868f7

  • SHA256

    b6f3a0a6345932dca7df51b7cd7ec56d9c4fee9217772c4fd3efd8a37547a413

  • SHA512

    06d8a957d3f69cb89e4172e11b0c3f6377dfacfd119d7da364781cff18edcfe04b2f5a6c8741088241fe3b9c2cd5c5b5c6112e0ff90e94e160a46caecea56f24

  • SSDEEP

    196608:rgF+h90+7s8H9EmtqZiIP/Kr1zBB0PTAjQDCwkWt5JvVlkzKssOZK:rgF+h9fBGvrY1lOXHkW3O2ss

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\png2bin.exe
    "C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\png2bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\png2bin.exe
      "C:\Users\Admin\AppData\Local\Temp\trichloromethane.exe-Malware-main\trichloromethane\PayloadMBR\Programs\png2bin.exe"
      2⤵
      • Loads dropped DLL
      PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19842\MSVCR90.dll

    Filesize

    638KB

    MD5

    11d49148a302de4104ded6a92b78b0ed

    SHA1

    fd58a091b39ed52611ade20a782ef58ac33012af

    SHA256

    ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0

    SHA512

    fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4

  • C:\Users\Admin\AppData\Local\Temp\_MEI19842\png2bin.exe.manifest

    Filesize

    1KB

    MD5

    78f8e4ba00e4c472c6ac3614ca7fe27e

    SHA1

    a8958ea807a4b462dac4e197862ce0e34e00987c

    SHA256

    75444c4988055b893d93d04256c1804b1b39aa24c52ce22f499897379cabbe55

    SHA512

    2f39840fae612e051a2fb9cb11ac3326f4b8702a985aed5bff698da2b2a7d48c15da54fac05d72f2aeec9c2d8f4a2b4f33eb5d04793608ac9b1a5e8d095d0a7c

  • C:\Users\Admin\AppData\Local\Temp\_MEI19842\python27.dll

    Filesize

    2.5MB

    MD5

    c2700b97003348a93aeea51ef5f7d613

    SHA1

    4b5801f2cfe5fae772cc3375a8380dd32713ab36

    SHA256

    bc601536bebd747d650825bb128d7214bfad3991b02c7c02a52e1aefdb08d849

    SHA512

    b0fc281b152f27be834107ab3fb6cefbf09ca10ec155e9b2ca18197eaab4ad3fa718fa5c31aedf50d57c47c16e8592bbe9be0406e2e296911a3971a724a1081c

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\PIL._imaging.pyd

    Filesize

    1.9MB

    MD5

    83a3378bcb00798898f65a49d2f076f2

    SHA1

    f791204e70373f854f7227c845e062a065860ac9

    SHA256

    dd3be0623f0a4e3e323ec20a5e3ddf039a01383ccd304d5804369f0a75baffda

    SHA512

    2a0f69b47ba6336e0b1ca65c120c60a7ccbdc53e2f1e2f581831c86a84a9a23d6912ea764d0cb167edc86f44f552abd751d537f2b895c25a5be51d2bb0bb5d86

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_ctypes.pyd

    Filesize

    90KB

    MD5

    6ae4a18b7591824366b0b41f24d52d45

    SHA1

    e22e8abf69c8676b68fe42d9f26c2bd5f731af39

    SHA256

    f943df92c70b640b6462312a048d92df8d2e4447129a6d2b75f8f99d6b5d641a

    SHA512

    f882514fb21191c16dd0e778a26400e3614622df3da9e75da8360def79aeb23d96c820e10351a103ce910272192d39760f271d20cbb3763ef1d8b427b676559c

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_socket.pyd

    Filesize

    45KB

    MD5

    1a5c016edfe7fe97de9d31981f048044

    SHA1

    ef9ddea3006a8d89bf89099f8952290f05d6f75c

    SHA256

    85a8bf57179152370bc1598d4fc8d6d7fe31ea839c4c6b0f2c20e52a87b8d101

    SHA512

    bed7dd0c5f3082555710e01ffba164e33f3c45522429657b6768c8c39affeb9dec516fcbc5a2f833b5cab83dc1bd616c1774df7662e83fe55f5fcd4ff4083f78

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_ssl.pyd

    Filesize

    1.3MB

    MD5

    8fd7848b51ea13322302f7683ab622e3

    SHA1

    fe667643d8cf57c228c3eb35a65d5c5c0ad236f8

    SHA256

    bf7015462eca2a7b049085ef5879dbabc8ca1eba65e7b84379fb57e392f28f65

    SHA512

    ad848cbb867d02bc4afffe48b168c4b0707c100861d5b8410ce21ec2c2466db33998bf43ceb894bc80b6daa475275fecf9d47a1b1917538013490d29c030c16b