f65b48d6ace46506e4422debf0bebca85bcc159d572b80fc7d5d5cfb73173264

Analysis

max time kernel
0s
max time network
2s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 16:55

Target

CrealImageLogger.exe
Size

15.9MB
MD5

f0c6f929d0966e1ae9df77ace92405eb
SHA1

b5bd51e038d1eade2da2e33827829c2fad5ca3db
SHA256

f65b48d6ace46506e4422debf0bebca85bcc159d572b80fc7d5d5cfb73173264
SHA512

2afb25a72c694f39a9c8584e5163d08234cc1ef43982584a20c4a9f8e0f1bb4d2fbcd78b9060adabf37e28e2ce79d760cdf18eed7a9c39902ee749cf3a73659b
SSDEEP

393216:uiIE7YoSD2ntpUTLfhJsW+eGQRCMTozGxu8C0ibfz6e5wE1bmXdWCU5:v7rSDaHUTLJSW+e5RLoztZ026e5DkVU5

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2444	CrealImageLogger.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2444	3000	CrealImageLogger.exe	28
PID 3000 wrote to memory of 2444	3000	CrealImageLogger.exe	28
PID 3000 wrote to memory of 2444	3000	CrealImageLogger.exe	28

C:\Users\Admin\AppData\Local\Temp\CrealImageLogger.exe
"C:\Users\Admin\AppData\Local\Temp\CrealImageLogger.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\CrealImageLogger.exe
  "C:\Users\Admin\AppData\Local\Temp\CrealImageLogger.exe"
  2⤵
  - Loads dropped DLL
  PID:2444

C:\Users\Admin\AppData\Local\Temp\_MEI30002\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit