13c739544e392920c0e108aed613c98f097f985631c6cc118d796fcee59bab17

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spoofer/Remover Logs/log3.exe
Size

9.4MB
MD5

79fd04395a1df6c2dc3f46dac43e2682
SHA1

4a69dfe95ef2901ec1afc63bbc2b9817bee26455
SHA256

d9ca44315aaffd331091ae3c106601e3daaaa778868105257f3d8b21074cbff1
SHA512

28140df85b1d65b83f0f340cadbf14eb10b35ea5b4ea72ac5f0c08d704febbbfbe6d32ffbd90a4df4a3df04a2d755285f163de38e7f77ff78ab2638da6f89564
SSDEEP

196608:Fjv3QkY8XMCHGLLc54i1wN+rPIcu9KYK39sevBare+3PP+VMwxCEc/j:tvtXMCHWUjMcuIhv4e+/P+VA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

log3.exe

pid process

2584 log3.exe
2584 log3.exe
2584 log3.exe
2584 log3.exe
2584 log3.exe
2584 log3.exe
2584 log3.exe

pid	process
2584	log3.exe
2584	log3.exe
2584	log3.exe
2584	log3.exe
2584	log3.exe
2584	log3.exe
2584	log3.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

log3.exe

description	pid	process	target process
PID 2360 wrote to memory of 2584	2360	log3.exe	log3.exe
PID 2360 wrote to memory of 2584	2360	log3.exe	log3.exe
PID 2360 wrote to memory of 2584	2360	log3.exe	log3.exe

C:\Users\Admin\AppData\Local\Temp\Spoofer\Remover Logs\log3.exe
"C:\Users\Admin\AppData\Local\Temp\Spoofer\Remover Logs\log3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\Spoofer\Remover Logs\log3.exe
  "C:\Users\Admin\AppData\Local\Temp\Spoofer\Remover Logs\log3.exe"
  2⤵
  - Loads dropped DLL
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
a8b0327931fd2c863693634b3081e6a0

SHA1
d66cd78c124e931667b6079d5bc5adf55a644293

SHA256
1fa836b3704b29e7ad1ea1b0b457f62aae4435c6a1d745707631552a2f83d5f6

SHA512
1b8331ac9b17d3553a5c7b4572f826bb232b339c28f6c9a31a870097c7612587cd1dbe59fe294501ce11cf5bba973d83784108309617b6f7104f2aae8f723961

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
eb4c279c8386d4f30aab6d76feec3e5a

SHA1
0c611e8f56591f64841b846df7d5c07fd75b55a4

SHA256
56bc7d3dd48d9cb209195f71be67d0a90ca929a8d4e6ae5a481f3ab0345da294

SHA512
1869b0c843df05ba849e79aa15b25855aa5c2c2e5a932c0de650b83c8abe2371585731b0213061b8f4d781a87b352ad3a09bf8555fcf0f9422a0bcc1a9062781

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
a94626cbc9c0e1b62619a8cf49504ff8

SHA1
047e2b1f21f1258242238043143f1d892538bbc3

SHA256
a36792281c0aaab929635bb1f40ee3627225e7e35e6a199c188f3f782c7e6c27

SHA512
b208602f33f02c92df718e4c009e6e8055e538c9451ef6f9682ce21db5258d799c09f689aae2879470a934b60b4f3d44ea82704933fa40f2ff408cf42bd1c534

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
f0f891d08e0e358327b323b38f3ffca2

SHA1
eb20f147c53f86c59603f5edbf60f936f768fb1b

SHA256
9c8461929b61e0fd269ce735d699e7e3b6c0159d3e2659f60d681290abf9eac5

SHA512
94e13c4d09ff35c2ded7fd2649b3542aade1414f05772e2034af7723f2622e662e8c0bb67e1eb288e230f8ae183d8f1296c2a134b7ae061a452fa3f7423d7694

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23602\ucrtbase.dll

Filesize
1011KB

MD5
7e39d82adf5da0b51a968c764e0e15c1

SHA1
79e75ccde95798f21a34e5650b29dbebe79c1b43

SHA256
d67926328a72816d2944d7c88df6ff4bfccd41a9ce39af0309a0639829d0e7fb

SHA512
1c58d53c40535f80f482a5f406ef5bf9c2f963b9db5969c37ef47b0c59522a1a9bde3f3589538a7ae7d99d567a43170b384761e572c740010feb86894ce7322a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
b16e6798ad40000698a09276961fc2c3

SHA1
b5184d9bdb1f5e7cfe17b2ec305c8554362067de

SHA256
f8b7122ca5e1d473818940fea4d1155af429463038ba61953908fbbbb7a8d613

SHA512
a4737a2236eb35e1b4935a5e333c7f1c51588852a8daf654fd2e7ca6e945e40df9d001394c2f3e3a9d023b8d4e34e9753f6472ed58df245b104623d7dbde7423

Download Submit