6023ea55d3ff78b3642367375c276bbde744636c1d485b5bf7cf3d4609936bef | Triage

Resubmissions

12/10/2024, 18:25

241012-w213zavare 7

12/10/2024, 18:24

241012-w17t5ayfkk 7

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 18:24

Sharing

Report Analysis Logs

General

Target

Bios Flash Helper.exe
Size

6.5MB
MD5

ca968d3a6dea5e46716281ceb6cd575c
SHA1

792ef05b2262577e39b0c91d57874c2326ef0dc5
SHA256

6023ea55d3ff78b3642367375c276bbde744636c1d485b5bf7cf3d4609936bef
SHA512

b4b62663e9f08b29569cae12b8184366dd38004c574c3c33fe7a5859700277dc66f5d52184dd1a0d4ecac583909be10fe1f5bce250a86685b588edcea792035b
SSDEEP

196608:GPH+gp1DM9onJ5hrZER9xQ3jo4UR7+AkC2:WpNM9c5hlER9xA2RSA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3012	Bios Flash Helper.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3012	2104	Bios Flash Helper.exe	31
PID 2104 wrote to memory of 3012	2104	Bios Flash Helper.exe	31
PID 2104 wrote to memory of 3012	2104	Bios Flash Helper.exe	31

C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe
"C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe
  "C:\Users\Admin\AppData\Local\Temp\Bios Flash Helper.exe"
  2⤵
  - Loads dropped DLL
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21042\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit