48a3558f5c4f4125d7ce5ef8c71239c674123ac0147b6c202a92977493b0c5b5 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 02:30

Sharing

Report Analysis Logs

General

Target

file.exe
Size

7.4MB
MD5

1fb9195294d3f2c24f8a938c6c8d1628
SHA1

1516b7eb5d4130a2edf157f6f9b90ebdb6405363
SHA256

48a3558f5c4f4125d7ce5ef8c71239c674123ac0147b6c202a92977493b0c5b5
SHA512

e778a67237f2cb36d5a9dbcba468ba7b933012201707f8e32e588ab269e40b81ac551877aba70d199294e22c3679cef6f140afc8bb237e963e3acb8bb9479ccb
SSDEEP

196608:g9jGV2q1BKA1HeT39IigwRTet4Q4G/NsIlyzWXkRMY3o9W+:aGV2Kj1+TtIiFRS1NsIszWXGro8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2772	file.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2772	2188	file.exe	30
PID 2188 wrote to memory of 2772	2188	file.exe	30
PID 2188 wrote to memory of 2772	2188	file.exe	30

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\file.exe
  "C:\Users\Admin\AppData\Local\Temp\file.exe"
  2⤵
  - Loads dropped DLL
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21882\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit