60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
Size

7.9MB
MD5

48ecd8658fb2e447e3ad6bd434638894
SHA1

6af0910e19191d1d7dc54ee0433ace688679c47d
SHA256

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb
SHA512

551f5a41bc5ac35b235b9bd7c30bdda98037d8b6a631c5e2fc4f09fd0024a6075f7e38329fe9acf0bdee82a7bcdd94f7d92914f4fbcfdbfdbab99a3f7a2e82ee
SSDEEP

196608:3giCEmN0NVEyXMCHGLLc54i1wN+yjXx5nDasqWQ2dTNUGk6ulx+iITxavM:5C0NVEyXMCHWUjKjx5WsqWxThuaT8U

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe

pid	process
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
2768	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe

description	pid	process	target process
PID 2112 wrote to memory of 2768	2112	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
PID 2112 wrote to memory of 2768	2112	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
PID 2112 wrote to memory of 2768	2112	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe	60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe

C:\Users\Admin\AppData\Local\Temp\60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
"C:\Users\Admin\AppData\Local\Temp\60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe
"C:\Users\Admin\AppData\Local\Temp\60a7817faaf9adb71d33fb1c95394ba2cce84e41c5a4dad443b49a0e9e0272fb.exe"
2⤵
- Loads dropped DLL
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21122\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
5c3cb67215c96d716266f7fc3e6ba874

SHA1
cb55971b992e0499263a3e40d9739ea5d3fa5003

SHA256
5889d4087643cabf4353bffad537faab3d9cee7adcc256341c39864255ef784f

SHA512
e091551c3e4e55686e16c054143f95b36625919ec4feb6f6b77a5762f48a230cbf28d876ce5ce7d804eb74efba38c290b2a8efdf6b2b9fc8e3974cec09d6b5b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21122\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21122\ucrtbase.dll

Filesize
1.1MB

MD5
3cf4863a6f8924a11800a7e3cf357496

SHA1
2a98263f9d6b2813e894cfcc031105b945f84ed5

SHA256
1bd1668ad61a6c3a906c64e9866d81e4598a4ccbae8b91415cd48049ad43a65d

SHA512
ecb481b241704ce3358449d5a85da0b328dea97c5e6f2f42c89531777b53c19fbfad3d3ae76f7bb0189fcc3c84b97b27bbf7a41203ed9750c330a8fd0504fc39

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21122\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
96a6b34ccc5fc70028b5aae70c4b8c05

SHA1
f820b7d9a8e2202463b5d5b2144e9b24a39c730d

SHA256
26f91075d7d1b13c4dffab35a51441f3741d90cea88c41a1775508610b740719

SHA512
f098db40625bffd82479e47a0191aff7f79fd661b46b2228eaf4ec31c877ed25b333b8a21bcfc2a72bb76ec7b84443dc42c126974524aecc69bd4ea9ccb5aa3c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21122\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
2673f46e4954459b5a01154404fe8970

SHA1
1187f50c410bd3e3800242a17b915373eed7f89a

SHA256
b1b99194f2e95d7e6807db83967301da1338da9b0ac593214e845e137f84cd25

SHA512
67523210407601245764c8ea56d6304f9e55efda95aa97198fe9981312e3bd1310853985f97041dd491aa993254634c4f6921fc1145c8c2cc663522bf162f7fb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21122\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
548844894ca5a199e0a45b1ef346c4ad

SHA1
7867dd4f0786cb197c8b4f94767508c1210fdf17

SHA256
f5290377db93922ed117d0feffa03b81557e839d98e1d73b1d9344fbcf8563e1

SHA512
35905d2a7fd27ee5bf7cb6bcc63c9938ccc3d53b7c82b9734fdaa90e2612ac956f674f8cac2548d5fa8b9b686d53c96e31e02acca23f076c6c7135fd6f4c71b1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21122\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
28d76848e970c69b849fb3dedac27983

SHA1
8b6d3648b80c9fa91e662d7555003bac3faacacd

SHA256
8ee1797c34382212cf4094743e01d6b3d1d69dcd14ce7c13b1d663f07e57dc5b

SHA512
2209da5cdb705f4ca3815ecc3d034178acfb44c8a03edc625592a41c70f03f9ee7b8921f0019a363aae4eb07d9b14dc844abdbc5bec8d2690359a59492f625ed

Download Submit