Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
30-07-2024 21:13
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240729-en
General
-
Target
source_prepared.exe
-
Size
57.0MB
-
MD5
9cae439b56996a369ba211c4bd3d7dab
-
SHA1
166c685f9ec5e35027dc247b6fe0c0d2fba927b5
-
SHA256
fa7bff5b29ffd67c5303693b6ad6a8c1902806bc0d83309f7ae6d9a4e8aee000
-
SHA512
43cb184b9621ef6c08c186610681fcf9aac46d5408281865842646458089d0e75419af93ebfac8ee13b6146eef41651e933ec90bc7b60900596034b792f26287
-
SSDEEP
1572864:JvxZQglq7vaSk8IpG7V+VPhqYdfCE70lgvWDLDxo:JvxZx0eSkB05awcfAevYfO
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
source_prepared.exepid process 2852 source_prepared.exe 2852 source_prepared.exe 2852 source_prepared.exe 2852 source_prepared.exe 2852 source_prepared.exe 2852 source_prepared.exe 2852 source_prepared.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI27642\python311.dll upx behavioral1/memory/2852-1214-0x000007FEF5B70000-0x000007FEF6162000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
source_prepared.exedescription pid process target process PID 2764 wrote to memory of 2852 2764 source_prepared.exe source_prepared.exe PID 2764 wrote to memory of 2852 2764 source_prepared.exe source_prepared.exe PID 2764 wrote to memory of 2852 2764 source_prepared.exe source_prepared.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"2⤵
- Loads dropped DLL
PID:2852
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:984
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5b6e10e946a9ffe298894b24155548a1e
SHA1d897a5f8f94dfbafb8ec0710c0dedb17da10c06b
SHA256d94f51335c1f7aaaf454dbfcce422684ea48802fa3945aa9c50950a1fd55c4e7
SHA512f51358456a6e4ea45edb4b4df431c6c5dd8d75016820b11728fbce9061fc416dc259832b1791af3d730001c8deb7e6927385f871d564307219b245907a4c8919
-
Filesize
22KB
MD594b256ae14a2a6ddbdb4dfb63fe4d30f
SHA17b28d8f1f5aa4af9c441182240c9816352468f3e
SHA256c3e98b8663ab64fdcb2111a5174967f46b49e399c9e98083a18b4defd53f806c
SHA512bd271eac8df6dd79be135f8e04bc08b00474cddc8cb06ad59a9715842f6c05e5dcf4b0c05e241309a940b882369bc19bc9eb38580221f62bba7e06cc39b1cfa6
-
Filesize
22KB
MD590e7f757acd89e70b45e7481bab6afbe
SHA1493069d3f582aa9d90a7fd90c5c86a8a6a78cd86
SHA256ccc6a3980b5c29005d74f7d5d96eb64f072e182f7bd626013a09cb99f69f7b13
SHA5126c80a27badc8b26859a70665ce5db024d5dd5a67acf18af93efaf667fa6ac7a497a5805972b024447988f6b64f04bad1ac824e3fb2ebfe62f8e8c07051110461
-
Filesize
22KB
MD5177f2560d03ed5d87edd2d6af76bc4fd
SHA1448ca149f314709aab2e7f950dde6a467e746c10
SHA256ff3ba56841b02443f428e2715de19f9d655b22ecbbae940b140ac765a69b62f1
SHA512f68becc6a4ceadfa91515f1b00c0538f8c2697f9d28684d7b5df8b47f5529dd10c33ec0955b50e3830a12cd70f3602e0df1ddfec79fb3f531c11df1425848573
-
Filesize
1.6MB
MD5548809b87186356c7ac6421562015915
SHA18fa683eed7f916302c2eb1a548c12118bea414fa
SHA2566c65da37cf6464507ad9d187a34f5b5d61544b83d831547642d17c01852599a1
SHA512c0b63bf9908e23457cf6c2551219c7951bc1a164f3a585cde750b244fa628753ee43fde35f2aa76223fd9f90cf5ea582241ab510f7373a247eae0b26817198fc
-
Filesize
1.1MB
MD5a48348dec40d63a4dd77de952344f1c7
SHA1a92bf2cddfdba52b663c39f16b94f08324403d1d
SHA2561c502e581d72edbd2fbdbdb2fe21077c3c3a46a7549585960a85fdb93c612295
SHA512763b0e4013a37d4dbbd472a1c5a6b4a6f56c2cc35abd68db2a0ed71eba240ed28addd41380f85b0762355fb11420d6963c1a042e1f231364532b33083a7ae736
-
Filesize
22KB
MD5cbc9d46f3e0ce512b5ff3a8b2f6f4689
SHA1adb2c17b73200f6d1a35dea6faa68691ed43f6bb
SHA2568ef41ef713f3ce6159b667dfe875743633922ab282b4a8fbb6626429f61ed6c5
SHA512b32429041fffb1e9242f3dc4c755a97dbc1d5a354cded3e9b09cea1a94fabc9b45c8f31e15300e1b9f3bf7acbc369063c555d0f6f5ac8860ee06323b06132737