91bf6edcf467bfbfc2f6b2bf0800cbaeaafb5f67413175c1db270893aaa22693 | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 19:14

Sharing

Report Analysis Logs

General

Target

main.exe
Size

10.8MB
MD5

f86f95b0461005e3569c398654477583
SHA1

20f123de426c7a03617eba2f825bde4f4c64e4e6
SHA256

d3099b3935e4c03f83fccba2aaa7a5e1799db64dfb8d8cae53fa0d418dda20a9
SHA512

b1119a69898ecfb44de25b4df0c4c74ae711a65839edc28919156dd6896df74cdeae77bac4c3c0cf4d9a561139f71cc5e02cae9957a554f49e779c3ae4999d63
SSDEEP

196608:0Nxf99UPpGAjMGhuPD5U4B4FMIZETSejPePdrQJ/BKnPNokCw:S0P8AxYD/QETSevJcVzC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2484	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2484	2552	main.exe	31
PID 2552 wrote to memory of 2484	2552	main.exe	31
PID 2552 wrote to memory of 2484	2552	main.exe	31

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25522\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit