cff3230a72c9d4c61d837c64e0b86ea368808fad264105c1a452c76ac8661618 | Triage

Resubmissions

20/07/2024, 07:53

240720-jrartataln 7

Analysis

max time kernel
360s
max time network
360s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:53

Sharing

Report Analysis Logs

General

Target

test.exe
Size

8.5MB
MD5

18324b31aff2bf5398ee4c5e871c769e
SHA1

f6c73bf3cdac12e988f663d9e605823ebd8d5198
SHA256

cff3230a72c9d4c61d837c64e0b86ea368808fad264105c1a452c76ac8661618
SHA512

ad182de13ddcd135b3f49c50d315fa72935fad481b1caaf08f9cdae8d58dade5aaf2532533173417443dcfc16b593aaaa61cb36113f48486699f8d87d75ae232
SSDEEP

196608:kxPDfyGgKwBdnpkYRMQ/1k0W8/L13+dgScVab4:QDfDgKc6GDW8B3+d9Ia

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
484	test.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
484	test.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 484	3024	test.exe	30
PID 3024 wrote to memory of 484	3024	test.exe	30
PID 3024 wrote to memory of 484	3024	test.exe	30

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\test.exe
  "C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30242\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit