Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
02-08-2024 17:02
Behavioral task
behavioral1
Sample
TeddyPcFiles.rar
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
TeddyPcFiles/Teddy PC (main).exe
Resource
win7-20240704-en
Behavioral task
behavioral3
Sample
TeddyPcApiRequests.pyc
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win7-20240729-en
Behavioral task
behavioral5
Sample
TeddyPcFiles/config.json
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
TeddyPcFiles/saved_account_db.json
Resource
win7-20240704-en
General
-
Target
TeddyPcFiles/Teddy PC (main).exe
-
Size
15.4MB
-
MD5
9476e32ffbaab14a58b721a28f6610ac
-
SHA1
47c39dcb14418da9d0b8c2e7cb5fbdae4f451f06
-
SHA256
da47548e770e8f1f2f3ea4805abc0c014a6050a0e9c97112ea0f20a25c4a2b05
-
SHA512
063bc342e6d99f15bec0621c6551db43c67d0af79fcab32eb99fd77f5f378813037c2bd0284fc578a50053e9634cffd584d8f944016f21f37ede7e89c7a59037
-
SSDEEP
196608:gD9XaO93xXh04A1HeT39IigwIc0/ajaA0W8/LV2ck3FR0XSOq33NUqfEx:NeXh0h1+TtIiFU/MaHW8p2D0fg62Ex
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2212 Teddy PC (main).exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2212 2320 Teddy PC (main).exe 30 PID 2320 wrote to memory of 2212 2320 Teddy PC (main).exe 30 PID 2320 wrote to memory of 2212 2320 Teddy PC (main).exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"2⤵
- Loads dropped DLL
PID:2212
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD5d06da79bfd21bb355dc3e20e17d3776c
SHA1610712e77f80d2507ffe85129bfeb1ff72fa38bf
SHA2562835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1
SHA512e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a