c20ca1fdbfa65887838ce07951d71f50009613bc0f1060346659c33909e132d4 | Triage

Resubmissions

01/10/2024, 16:19

241001-tsz37syelm 7

01/10/2024, 16:18

241001-tr7rnaydrn 7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 16:18

Sharing

Report Analysis Logs

General

Target

otp.exe
Size

5.3MB
MD5

c67810e7b3665bdb07065a6e9cfebc79
SHA1

9896d44a9f00b0938f605a2f868d1863ac1b56a7
SHA256

c20ca1fdbfa65887838ce07951d71f50009613bc0f1060346659c33909e132d4
SHA512

a3364f5c21e0a664c97161ba275890d748f08db362157549f70273d093e4cb9f18a30bbd1af000981bb55f8cde8ba3bafd8abb5c8940f4320e706758d97a5cbc
SSDEEP

98304:2S883epzb71QGQCPDbZfx8ayCb7BJ5mjwNwwMeZYobSr+zO5cFEJ:2StsdQmRJ8aycBIGpEou5cS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2736	otp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2736	3048	otp.exe	31
PID 3048 wrote to memory of 2736	3048	otp.exe	31
PID 3048 wrote to memory of 2736	3048	otp.exe	31

C:\Users\Admin\AppData\Local\Temp\otp.exe
"C:\Users\Admin\AppData\Local\Temp\otp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\otp.exe
  "C:\Users\Admin\AppData\Local\Temp\otp.exe"
  2⤵
  - Loads dropped DLL
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30482\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit