Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
31-07-2024 16:43
Behavioral task
behavioral1
Sample
V3NOMFINALREDO.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
V3NOMFINALREDO.exe
Resource
win10v2004-20240730-en
General
-
Target
V3NOMFINALREDO.exe
-
Size
42.1MB
-
MD5
a13a991baa860c7f565f49c52df9cee9
-
SHA1
57a283899380711e3f680b579f0ebe08977f594f
-
SHA256
dbe6751c0bcb80da8c48b8099ae41d726a3f6c378e1db723393b91e8f2b4d347
-
SHA512
e8f1b96711a688177df6a8d150c0e623fd17fb396e69eb4483dade15bf56cb12a948544a8dd4b856e405a472a2821809cd8e70dd089f0bd46976c355cfcc0312
-
SSDEEP
786432:ucPdbuzcY876JmeIi6/9x9ta9eyq8OThzvcdpJ0q8TPZUd3GfS49trYB7Q/sAYd0:ucPdiE7MdIiYweyJulZUdgjt/Z9U
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
V3NOMFINALREDO.exepid process 2944 V3NOMFINALREDO.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI16602\python312.dll upx behavioral1/memory/2944-148-0x000007FEF63F0000-0x000007FEF6AB4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
V3NOMFINALREDO.exedescription pid process target process PID 1660 wrote to memory of 2944 1660 V3NOMFINALREDO.exe V3NOMFINALREDO.exe PID 1660 wrote to memory of 2944 1660 V3NOMFINALREDO.exe V3NOMFINALREDO.exe PID 1660 wrote to memory of 2944 1660 V3NOMFINALREDO.exe V3NOMFINALREDO.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\V3NOMFINALREDO.exe"C:\Users\Admin\AppData\Local\Temp\V3NOMFINALREDO.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\V3NOMFINALREDO.exe"C:\Users\Admin\AppData\Local\Temp\V3NOMFINALREDO.exe"2⤵
- Loads dropped DLL
PID:2944
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD58f165bfadf970edafd59067ad45a3952
SHA116c1876f2233087156b49db35d4d935c6e17be6a
SHA25622470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d
SHA512b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae