Analysis
-
max time kernel
361s -
max time network
369s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
03-08-2024 04:29
Behavioral task
behavioral1
Sample
DONT OPEN RAT.zip
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
DONT OPEN RAT.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
DONT OPEN RAT/DONT OPEN VIRUS.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
DONT OPEN RAT/DONT OPEN VIRUS.exe
Resource
win10v2004-20240802-en
General
-
Target
DONT OPEN RAT/DONT OPEN VIRUS.exe
-
Size
74.8MB
-
MD5
4da052f9770422d1f3b3d2028671586a
-
SHA1
3c8114f723a2664157eae5ece6500ceb101f6aae
-
SHA256
a876d153b9aef77a78ae053343753959041317ae92d4a92a8df93e941a1101d7
-
SHA512
01e7c0d1a6a5435fb7c81abf0fc12c56fd4edde5a4c5936d2e265fd9249d10d5b4f6b7e77fa246ba5d652c159e37f8de9babc3bcfc205d49f67065232d0a247b
-
SSDEEP
1572864:/0nQ6l77v4Sk8IpG7V+VPhqvzE7WfglPIiY4MHHLeqPNLtD7WpyfZxzr:/0n1FcSkB05awvJfg5LMHVLtvsyfv
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
DONT OPEN VIRUS.exepid process 1412 DONT OPEN VIRUS.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI22842\python310.dll upx behavioral3/memory/1412-1262-0x000007FEF5EA0000-0x000007FEF6305000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
DONT OPEN VIRUS.exedescription pid process target process PID 2284 wrote to memory of 1412 2284 DONT OPEN VIRUS.exe DONT OPEN VIRUS.exe PID 2284 wrote to memory of 1412 2284 DONT OPEN VIRUS.exe DONT OPEN VIRUS.exe PID 2284 wrote to memory of 1412 2284 DONT OPEN VIRUS.exe DONT OPEN VIRUS.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"C:\Users\Admin\AppData\Local\Temp\DONT OPEN RAT\DONT OPEN VIRUS.exe"2⤵
- Loads dropped DLL
PID:1412
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5b93eda8cc111a5bde906505224b717c3
SHA15f1ae1ab1a3c4c023ea8138d4b09cbc1cd8e8f9e
SHA256efa27cd726dbf3bf2448476a993dc0d5ffb0264032bf83a72295ab3fc5bcd983
SHA512b20195930967b4dc9f60c15d9ceae4d577b00095f07bd93aa4f292b94a2e5601d605659e95d5168c1c2d85dc87a54d27775f8f20ebcacf56904e4aa30f1affba