cf3c6b40e3a5c3ddf1eb2101dbf7c25ca41b52d27151520eff28055d69179a96 | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04-08-2024 22:18

Sharing

Report Analysis Logs

General

Target

xbox.exe
Size

16.4MB
MD5

1a8d61f8d57fad56745a285c1486c3b1
SHA1

67db11b8475ee7e5c28ff08b0fbe0a022c39950d
SHA256

0ac1a371a6595a8eaebb134182e47b69e8ea5ef0eca2548dca6391e462815f57
SHA512

3001ea40d6e441d5da869070bfa0751cee846bc1ec6fe3ad6aefe25997f9abc23a7d1e59052cc167762977125055c7e330a37c4b455f54a4e0b2f0e5f13b15bd
SSDEEP

393216:TO1+TtIiL0Y9Z8D8Ccl9NKzES8LpurEE0146U04I2uaqPyRhsVCEm:a1QtI7a8DZcMZkQrw1HHoHyAEm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2904	xbox.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2904	2240	xbox.exe	31
PID 2240 wrote to memory of 2904	2240	xbox.exe	31
PID 2240 wrote to memory of 2904	2240	xbox.exe	31

C:\Users\Admin\AppData\Local\Temp\xbox.exe
"C:\Users\Admin\AppData\Local\Temp\xbox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\xbox.exe
  "C:\Users\Admin\AppData\Local\Temp\xbox.exe"
  2⤵
  - Loads dropped DLL
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit