Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 08:45

General

  • Target

    main.exe

  • Size

    25.8MB

  • MD5

    4e956ac86ed8e55dbbe09f0a2c8006e5

  • SHA1

    a9bb6e918e0405dcf92dc3d4e121c2c5eae7f00a

  • SHA256

    f371c01e7e68b7bd05fb7f3f9c4dc76dc4107fad1f68c9a95157c52033a99533

  • SHA512

    3368eadecc29c5f5835bb8059203469df43e6b3b59e5770f88e43bc905746a6e365b8c57afcdef4097bf2f03b44e381876f89e5e0e34923c5997f939a01381db

  • SSDEEP

    786432:gZWBdpO3uVeBOGOO5EtcwySXy7KDNvyWK:gZWFOGztc+XyGpv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\onefile_2084_133707771899432000\main.exe
      C:\Users\Admin\AppData\Local\Temp\main.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2084_133707771899432000\python312.dll

    Filesize

    6.6MB

    MD5

    3c388ce47c0d9117d2a50b3fa5ac981d

    SHA1

    038484ff7460d03d1d36c23f0de4874cbaea2c48

    SHA256

    c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

    SHA512

    e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35