b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
Size

8.9MB
MD5

797223dc597a3e08ba303871f0c53116
SHA1

0303ce3eb0a7dfa2918253000739884ee0adaa8c
SHA256

b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378
SHA512

132085cbc0723c96932756fbb93f562ae0acef902734a79ac4138fc0bed4e508a119700ecaafe95cdb0de57878b9410a9b750612de54d01fc0e29497a255ffaf
SSDEEP

196608:xJTwmxAZp3qZxXMCHGLLc54i1wN+4okSaPA8zgKnumoGcXK0:jwmxO0XMCHWUjwodaI8zgKuXb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
1304	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 1304	2260	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe	29
PID 2260 wrote to memory of 1304	2260	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe	29
PID 2260 wrote to memory of 1304	2260	b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe	29

C:\Users\Admin\AppData\Local\Temp\b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
"C:\Users\Admin\AppData\Local\Temp\b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe
  "C:\Users\Admin\AppData\Local\Temp\b6cd7b38f6034ad44040ba397a8ecc7d3aed47cfa9a1a29a0f63e3e1961d6378.exe"
  2⤵
  - Loads dropped DLL
  PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22602\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
80ab22c6d0250257b61b217822aa5d7c

SHA1
e659198c8045d918384e276783507d77ce297cd6

SHA256
d56b63aefedc21372a5d75918032e98f3e4c564733d4838a5b442351e32a300b

SHA512
94e61803a318fde919ba18a20cbdfae1250a844c2266311bc99cfcbb22757bd43b5279567f24bae32192dc0b9fbb0b20d10db3b3f19014708af7e8f89a1c96a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22602\api-ms-win-core-localization-l1-2-0.dll

Filesize
12KB

MD5
7859eb82f99fa849ad33909cdae8d493

SHA1
b56512906e9642a99dcb7eb7373fa8ad5990019e

SHA256
7c7a3c0d04519d1656a50604b1052850e9d937b6c3e973d564a6b2f9495ae05f

SHA512
a6548d6d70e8c22638d0619b4eaafead5289953c013d2e95477fb34316b788cd756217426dd36582b49ba5fd93702c4ec4590cabbe47d79156516fff5fcdb149

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22602\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
10KB

MD5
54d6888e154d8fd2b35c7a7b8dcaa84b

SHA1
883cca38ff0d43ab86b344ec7a490515f594a060

SHA256
9e2744bc1f7fa7015881c5edc7f14b031472ca1a08c57c38325cbf7736890be0

SHA512
0b2f048b2b5f1083d8e65ddb3278a4340eab05e41d9a08b4337f4cdf6b5afe540cda6c3b87462a2de3bb9ff2fc2ab6d95631913c6e1e02335a42812d7ef681dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22602\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22602\ucrtbase.dll

Filesize
984KB

MD5
6914ef1fad4393589072e06a4630d255

SHA1
028669a97db7c007441ae3330767968544eba3c6

SHA256
81c9b5d54e1b1da192f4a167f7e06439e36c670a99af2f1ef056e0959e85de57

SHA512
b682c749d6f2ed56d69ff4f8520899638fa6f436b2af8241db686ccbc606d23d4e77721222ab7ad863336d5e5aafa1033b94f550198a1a083af5811ce8dec004

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22602\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
4e7b40f3c457212792ed796d5ceb7c0f

SHA1
dedb78bbcc0ae5e5ab1cb15eec15e4f3300bc32e

SHA256
11f046a0bd6ea6bbae9355e7b3f6ca42adae2a5c7f41f30fcb497baec80d69ad

SHA512
3f8fd4171d48cf8f9a37fad1b42d79bb9b8cf8c08d0e594aebc6425c1b5d981db542a4a57bf71d5fd936641755c1c8548bc77ead99aff142da0da10e03b1c135

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22602\api-ms-win-core-timezone-l1-1-0.dll

Filesize
10KB

MD5
9ec9658795a82a6f689dbbf9b14d56a8

SHA1
90498e0259ec68959e0ca9b7dfb6e94f24a192e5

SHA256
e25a1056beef787a1857541714d3ced677bc29257ddb70643a3f332d7081e24b

SHA512
ddab3d638f6b685ecf438870b3b6f1d7dd56319ed4748cbca20d54863970ce1e4e5edac4b7df5b63712fa63b1214f9477360f6f1dc7ec28feb807d3a3eb6457a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads