ffb62ad17104205ab7b705d334021ec43e76ce77e81fa0c3ef39d4c14b067de2 | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 13:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WOLFx.exe
Size

7.0MB
MD5

46982984712e93972bc8782b87c58f7b
SHA1

ea287262f7a4d26b80662184e689a34ca10e541e
SHA256

ffb62ad17104205ab7b705d334021ec43e76ce77e81fa0c3ef39d4c14b067de2
SHA512

af538044d9106e8631a29ecce64b4ce62f4f5f2b8299f95306c699d018f8a915cf8a8150ed52356d5a4734a4ea3796d9e6d33d25bbf2db5563bf7f024555670a
SSDEEP

196608:GK/Cx1dQmRJ8dA6lSuqaycBIGpEogahymgklcj:L/AdQuslSq9NF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2244	WOLFx.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2244	2684	WOLFx.exe	31
PID 2684 wrote to memory of 2244	2684	WOLFx.exe	31
PID 2684 wrote to memory of 2244	2684	WOLFx.exe	31

C:\Users\Admin\AppData\Local\Temp\WOLFx.exe
"C:\Users\Admin\AppData\Local\Temp\WOLFx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\WOLFx.exe
  "C:\Users\Admin\AppData\Local\Temp\WOLFx.exe"
  2⤵
  - Loads dropped DLL
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26842\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit