3758a12f5571cefe41a15dc64b496df2900df304edc50a2b44c995e868a30dc8 | Triage

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 18:56

Sharing

Report Analysis Logs

General

Target

womsz_main.exe
Size

14.4MB
MD5

4b79c976e5ec7be6346c46e84202f74a
SHA1

06af2a8d68d98d81319a4c6aabd8c1fcdf576e46
SHA256

866b38e2a8bf10bac9afb26b3e7e02dcd631882155c5b6e04ec7a95f40f8f94e
SHA512

b8d1afdea4245db35c060e84f1e45f85e4dcf40e0860f3f0f1893e9100f5358ec64d9ab40205b549ff9853aa4cda9a6b1c1a9b2ca161eba6c75aed084f1c4f28
SSDEEP

393216:rPDdi8AT61+TtIigeJ3YPDdyETpvB5IjWqkzCi:rPJjAO1QtIbS3YPJyEN3ILj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2648	womsz_main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2648	2592	womsz_main.exe	29
PID 2592 wrote to memory of 2648	2592	womsz_main.exe	29
PID 2592 wrote to memory of 2648	2592	womsz_main.exe	29

C:\Users\Admin\AppData\Local\Temp\womsz_main.exe
"C:\Users\Admin\AppData\Local\Temp\womsz_main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\womsz_main.exe
  "C:\Users\Admin\AppData\Local\Temp\womsz_main.exe"
  2⤵
  - Loads dropped DLL
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25922\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit