2645cabdbcf4eb95cb2285eda63ee93a74b3a5a7ae3341d266ae9842a5d37206 | Triage

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 13:12

Sharing

Report Analysis Logs

General

Target

gucci.exe
Size

10.3MB
MD5

81d81603d521ffc3f6499847f7620580
SHA1

9af417d3f88b3ff008639fc3dba3dd3e1fb9f0a2
SHA256

2645cabdbcf4eb95cb2285eda63ee93a74b3a5a7ae3341d266ae9842a5d37206
SHA512

07ca75cd368be8b99d43b831f3ab416ebdb2936410a66caf1d305b0006ceecfa99db35aa810a3f5e0f849488bdd8034091caddb52d6e3707877660b857b61361
SSDEEP

196608:2h9cOT3ID0pUzPLhQNQm8NkKeN4FMIZETSejPePdrQJ/BgetaJw/onCAEf:sPpUTLfhJKQETSevJrtamkLc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2116	gucci.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2116	3016	gucci.exe	31
PID 3016 wrote to memory of 2116	3016	gucci.exe	31
PID 3016 wrote to memory of 2116	3016	gucci.exe	31

C:\Users\Admin\AppData\Local\Temp\gucci.exe
"C:\Users\Admin\AppData\Local\Temp\gucci.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\gucci.exe
  "C:\Users\Admin\AppData\Local\Temp\gucci.exe"
  2⤵
  - Loads dropped DLL
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30162\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit