026d34969248578586de3e3f080110edd2f0b9a6818cacab23fce082af3e6ac3

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.22.exe
Size

25.8MB
MD5

41e55aa25ab9d6a3c423678142dcd0dc
SHA1

5d04337602d48484b6b90674949840f4f9915575
SHA256

026d34969248578586de3e3f080110edd2f0b9a6818cacab23fce082af3e6ac3
SHA512

e719cde59771159c50e08ff3bc2103d19e311cd870fc28bd150898bafcc4093a701d21cf9809bfa2c4e0310a79a4b9e129bd3c3adfdb7ee0af094d6159cf9045
SSDEEP

393216:ZqPnLFXlrpEvQ8DOEjgskoGi2FiW8G9cebgf1NblQ6xrq9jb9LHz0UJUFv:QPLFXNaQh6T24W8IS1Ar/Nz0

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

BootstrapperV1.22.exe

pid process

1768 BootstrapperV1.22.exe

pid	process
1768	BootstrapperV1.22.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI29362\python310.dll	upx
behavioral1/memory/1768-2792-0x000007FEF6860000-0x000007FEF6CCE000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

BootstrapperV1.22.exe

description	pid	process	target process
PID 2936 wrote to memory of 1768	2936	BootstrapperV1.22.exe	BootstrapperV1.22.exe
PID 2936 wrote to memory of 1768	2936	BootstrapperV1.22.exe	BootstrapperV1.22.exe
PID 2936 wrote to memory of 1768	2936	BootstrapperV1.22.exe	BootstrapperV1.22.exe

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.22.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.22.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.22.exe"
  2⤵
  - Loads dropped DLL
  PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29362\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29362\parso\python\grammar39.txt

Filesize
7KB

MD5
fbbad176c79cc8670f9c2b4a0078b4fe

SHA1
b63c75589d719f28bb59b6ecab806d9b57701da9

SHA256
715ad56c5f4f8395092c58b6b6f2deb4f906f81380929a836bd86ab253634875

SHA512
15833d8c2df3fd51fc387a19c0880361cf9ff664da8ba33b6ee764bf6220634a151aae729db3f1e5b05aa3bc7c56782754d060fc7cc1af7a938dfe042a98a340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29362\pyinstaller-5.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29362\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/1768-2792-0x000007FEF6860000-0x000007FEF6CCE000-memory.dmp

Filesize
4.4MB

Download