d28ae1da2749134ecd5f3e43e97c9eac9594123a9cd774164522269bfb1f5635

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fallout London Downgrader-1-1-5-1-1721922024.exe
Size

51.6MB
MD5

2e9b0f5427846a659ed1421ac3bd8469
SHA1

9a875b1f41bbe57febc2e3e429618397d8609318
SHA256

d28ae1da2749134ecd5f3e43e97c9eac9594123a9cd774164522269bfb1f5635
SHA512

0d9657a857b3731fb1620ce05fd2ba73d9b740de89bd0c6bfe006e9a4fd8ef49fc227cf38b1616071fb39f171261248233ab3cb633d1c3f255ba7d6e6851c6e2
SSDEEP

1572864:oXGMK4XR3bLSCU/+6yPl3s8PqaRe6CqiICRWGh:ogYRPSC++6y9TPDRe/gabh

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe
3020	Fallout London Downgrader-1-1-5-1-1721922024.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3020	2372	Fallout London Downgrader-1-1-5-1-1721922024.exe	31
PID 2372 wrote to memory of 3020	2372	Fallout London Downgrader-1-1-5-1-1721922024.exe	31
PID 2372 wrote to memory of 3020	2372	Fallout London Downgrader-1-1-5-1-1721922024.exe	31

C:\Users\Admin\AppData\Local\Temp\Fallout London Downgrader-1-1-5-1-1721922024.exe
"C:\Users\Admin\AppData\Local\Temp\Fallout London Downgrader-1-1-5-1-1721922024.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\Fallout London Downgrader-1-1-5-1-1721922024.exe
  "C:\Users\Admin\AppData\Local\Temp\Fallout London Downgrader-1-1-5-1-1721922024.exe"
  2⤵
  - Loads dropped DLL
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
de365479d82c17cd3b3d7500e28261cd

SHA1
de90e3493f339859b2f5812a719eef9bb9c32027

SHA256
3a7742c1d426538f923ca9503f0ac2bccd102ede5ac29d7d2a46dc4744717908

SHA512
e82379e512d1c7c0fb38c5a14a5fcdc716f5d3224256850b259abf193fe7a4260f5e677a2f0ccb2bc26d9c419fc72d6f35dab8d8626975d705a869542f3cde59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
a33dbfc4243f2599fd2c9630b9354ee9

SHA1
b5197d0459165c7d2d2d4ada1d4421dcc153360a

SHA256
df3a3ed291be9a8fb1e7d4ee2c2390bd4d6869391cdca38ec123fb3f49086f13

SHA512
cf21a82cb346b0824a309d9f3b75a1806eb5ec1bf8f7eb184f054a61fdbb2d580af9558e6704ee8dfab254b9402e6e04de94b3d7bb498277a1cd9fd51fd9c37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
3e40ea95fbc64b2b291371fe4bac2d00

SHA1
6cb0b9b217e2c4b0b67a4501a54b5600484794f6

SHA256
0dd5f83106a08e0f750233c095b149c7a5fe085096518c66494700bc49273452

SHA512
3120f8726e8ecd056ce63b479f9e3885fcebae005c86b9a1f4796f86df0873a367fbb7ce9dc16fde3d8f4340bee0c5a16cada148047f113446cabd3c7ca1f132

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
3b15cc8aab69fc0931e0d79be7878eb2

SHA1
ddb14a5ad8d8937c3d7dcede3fbc0b930a765290

SHA256
6333cba577889ac1b0f715c7b4cf66d7b566ce18555a81662e879192907e76e1

SHA512
1b6880b527d82de3fa770a51117e662efb3b6e2c84b5edc28ed0c60b1ae24f51622217c292e91121de4b9523d2a6ac51b824648fa2af688618188b904e04ce67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\ucrtbase.dll

Filesize
1.1MB

MD5
c28cafb11b2dcb4c2845a39556538f8e

SHA1
021fa38f027e3ddea6b9563d1eb7f9e686b4b11d

SHA256
adc785bdce4f5693b6a511a3a5a20a5de8f90d9ffc357b1b38173da170224e1a

SHA512
02089da9bf7fbc4e36c3099f2430510647a4467d6915c05cb56e26418b0a4e7c55c0669c737ff3361556ac1610daf159465923f82de60cf080b3caa714a4a4b7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
753abec37cdc77e980db87629abacae2

SHA1
d049db76e6e2d142e177c2b107df10d3753797bb

SHA256
9eeae9e4ec99e3df81b182e22394bbc5582d38cbb756ffb8a8f36d2e915cf876

SHA512
1ae91b61e59cef89a3b3ad34666a388d4eeea276ae08a3ffd92d303d765f2fa5315a95bc886858214e5fbbc11040873698be01259dc3197e956f58588427431a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads