c6784468e56bee420171416b973d6ef962ca4f5e58c55cf2a6862a9705246854 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 06:00

Sharing

Report Analysis Logs

General

Target

Test.exe
Size

15.2MB
MD5

44203c2728e7a6374ef52cbaa991e0e6
SHA1

988dd121d9cf2a6bce0a0a530bba255ccb23e57d
SHA256

c6784468e56bee420171416b973d6ef962ca4f5e58c55cf2a6862a9705246854
SHA512

eca8f8018d8b4ec9ffe714732abfa24fd463a55004a035a39ec9ee80b67477ced00c9fd94b728adf4e16294b0e555e8d80f87e30aa59a5cd05b67ca4b29b1da2
SSDEEP

393216:yxGImM63huc7XMCHWUj/odaI8xSxKEcMghDszH5:yxvmt3hr7XMb8/DIJKE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

Test.exe

pid	Process
2628	Test.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Test.exe

description	pid	Process	procid_target
PID 824 wrote to memory of 2628	824	Test.exe	31
PID 824 wrote to memory of 2628	824	Test.exe	31
PID 824 wrote to memory of 2628	824	Test.exe	31

C:\Users\Admin\AppData\Local\Temp\Test.exe
"C:\Users\Admin\AppData\Local\Temp\Test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:824
- C:\Users\Admin\AppData\Local\Temp\Test.exe
  "C:\Users\Admin\AppData\Local\Temp\Test.exe"
  2⤵
  - Loads dropped DLL
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI8242\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit