Overview

overview

10

Static

static

1

Boostrapper.exe

windows7-x64

7

Boostrapper.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    8s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Boostrapper.exe

  • Size

    42.5MB

  • MD5

    86cfc8d06cbfbffa225df3d6f23adaaf

  • SHA1

    b60657dc88fadba6332a5185440c6f1b5ee18c4b

  • SHA256

    c18455e3abbd0f73c4bc2a8375cbc555c754b64a0c1490be800d56234850ad72

  • SHA512

    51016341645f2663a8a69b15d2b3f14f118ae8d88d096635e7b045340cdaf8ca48f7081445134079b9cc042d6427ebe0fbebc10fb609c5209ba9bc2f2d282468

  • SSDEEP

    786432:9Z9AOQw0A8yHKyKne72lvosS/CY3MoEJbTiumfSfz+EvbD+0/pW/Zd4jb7:RAOQwzHueQQXKYOxTivfSffvb6SaZGjn

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\Boostrapper.exe"
      2⤵
      • Loads dropped DLL
      PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22122\python311.dll
    Filesize

    1.6MB

    MD5

    4fcf14c7837f8b127156b8a558db0bb2

    SHA1

    8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

    SHA256

    a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

    SHA512

    7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

    Download Submit

  • memory/1688-130-0x000007FEF66E0000-0x000007FEF6CC8000-memory.dmp

    Filesize

    5.9MB

    Download