b8a1e46ef14be22cfa81ffe3ed1ed5bbcb7b976d0ddaae57e842123699ac7bfe

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 08:48

Target

pluto/files/doxing-framework.exe
Size

102.5MB
MD5

ebf9656f50508669b9482b35eaf357f1
SHA1

7c88d7df529724c89256d5b5b54d82b4abaa67c6
SHA256

eee6e9869bd6410f1cf2fc089771406e3c3df0e4afd62b172ace7a2ca3b0beca
SHA512

5ddaaf320def2e64b1dd5f96672c043d892cafb7e2c8b2157ce280fed27857e72267dca9197f30ff311459440909bd978663dd0dabd57afa6f35cb59cf16c649
SSDEEP

3145728:VUCV7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWTDX9U:SSVBSWNa6sHCiH1XcBWn

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2820	doxing-framework.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2820	2056	doxing-framework.exe	28
PID 2056 wrote to memory of 2820	2056	doxing-framework.exe	28
PID 2056 wrote to memory of 2820	2056	doxing-framework.exe	28

C:\Users\Admin\AppData\Local\Temp\pluto\files\doxing-framework.exe
"C:\Users\Admin\AppData\Local\Temp\pluto\files\doxing-framework.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\pluto\files\doxing-framework.exe
  "C:\Users\Admin\AppData\Local\Temp\pluto\files\doxing-framework.exe"
  2⤵
  - Loads dropped DLL
  PID:2820

C:\Users\Admin\AppData\Local\Temp\_MEI20562\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit