23769ba5b758a920e3ed0b4c153e4aa71eb4bef8a6160cae8f17b73d4d7a91f1 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:38

Sharing

Report Analysis Logs

General

Target

Ethical.exe
Size

13.8MB
MD5

d8f8696f4109dd7f76b48e0f65742680
SHA1

6f139ce1a6cbd4e3a08678ae1ff708849ba0f4c3
SHA256

23769ba5b758a920e3ed0b4c153e4aa71eb4bef8a6160cae8f17b73d4d7a91f1
SHA512

aa6a5aaef6ac954f2f72ee7686872f5164c0df365d895f05aaf7fcdc9cc31ccdaa24939e93cc75a990f84b579131d0344f860c68377b45ba7e1b62f4395265a0
SSDEEP

393216:uEkb+/JWQsUcR4NzEInEroXq14S23n8hLBNnIa:uC/YQFnErUl3IMa

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2932	Ethical.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2932	2924	Ethical.exe	28
PID 2924 wrote to memory of 2932	2924	Ethical.exe	28
PID 2924 wrote to memory of 2932	2924	Ethical.exe	28

C:\Users\Admin\AppData\Local\Temp\Ethical.exe
"C:\Users\Admin\AppData\Local\Temp\Ethical.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\Ethical.exe
  "C:\Users\Admin\AppData\Local\Temp\Ethical.exe"
  2⤵
  - Loads dropped DLL
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29242\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit