f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-11-2024 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
Size

7.7MB
MD5

2ad6238fb312c024dab72c65e8234dde
SHA1

a6bfe260d02b830ae8706149311a0aa01280ce36
SHA256

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b
SHA512

ea3be49f79441201515a4379a20c9c7c553fbd76fea584e2c154e40e65cdb7563577a71ef17c5f14f993853b69747d23faf6634a3ee3086587346f02de53e69b
SSDEEP

196608:xmV/SY8XMCHGLLc54i1wN+lPIcu9KYK39s7kX3PPJNMRRccx:SYXMCHWUjqcuIWq/PJNe

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

pid	process
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
2324	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

description	pid	process	target process
PID 2940 wrote to memory of 2324	2940	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
PID 2940 wrote to memory of 2324	2940	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
PID 2940 wrote to memory of 2324	2940	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe	f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe

C:\Users\Admin\AppData\Local\Temp\f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
"C:\Users\Admin\AppData\Local\Temp\f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940

C:\Users\Admin\AppData\Local\Temp\f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe
"C:\Users\Admin\AppData\Local\Temp\f1f3cb41b5f6be0d560561b060cb57320c3b619c54a9c83cedf421d0e0b67f5b.exe"
2⤵
- Loads dropped DLL
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29402\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
0d6d4654c98caa8ff93eebbc744bfb8b

SHA1
e4662e675a2ae93e66bddb0743fb81c0cf1e31d4

SHA256
1686b1b0a72655c89348bd5a2e5c88e6e5ca228f407c02f9700b43a045e60aab

SHA512
db3d59af607e9428b646b8993547b1129e92bb1aad12684cd69c0050517f6d8a1832393323c7f99d0b1dfa6ae801c8921234a3e470063b6715435e99e0b03ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29402\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
7daa81e752613950b67903f4ea69a0da

SHA1
00f86240d69e15a9e319e4c79026b54edc3ea671

SHA256
e255d1b403a48dd600b58d2124e7ceaf2edc6ca0448096f4160d85dd3e38c6a3

SHA512
c1ae0b6537191cd175a6c072a17215c1efb1ed719a73a56cbf139da4928730cf2a3cfc6c0a1ac5ce00957777f5f32323fc171bed7849863ec3cb7184a08dec4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29402\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
1bde33f0454eb6a02549107c97fab7d1

SHA1
7276a41d76780da4aecce0a9f0386274d5ae47cd

SHA256
25ea41b07fb34008ac9f4d28aadc0ff0c6f03b10c12b56c1a7e6b5e730f5d48b

SHA512
df836a5ea3008e5df9fc0194a2381ee9cd80f892f6b77af6f57f3aff72c99924b872fd9bd8a45c72b3787c381bc1c324346758d631fe780c0a8dc23381d43590

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
2b3375caffd7eff2bffcd5336006a6ee

SHA1
8494cd20af1d86330558cc86cc2566adee00b594

SHA256
89970b77351d562b264f4e534feb80bcfbab98330fb4eb814ea4773953676b26

SHA512
f0525a19105eb8e0fdcbe8d16553fa9dfbc85742f923bd635637650068b437bc91790209000c1352d732397f0e68b5d96f1928fe98b1c59e001b733feb0fd61f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29402\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29402\ucrtbase.dll

Filesize
1.1MB

MD5
337b243eda185e326d5f972fcbeba07b

SHA1
5c8ec0fe64cb88911509703570775a626444cb99

SHA256
41225f978be3cbb7ce05c0666de8f88909e9973bed0df45fcb4e94b76761b208

SHA512
4111a269483217aa856daeef9fb3d561ca736e7789a46d758e20a3a56773bbcdacacbbbfef9dc7d2a2ea3a5b36d7cc29ee731b22c2bda2c0f2f6a9fd3d2282b2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
898964872c15b531ff4bce16ccb32f21

SHA1
6fe38ecd6e6e9f666418d42008f9baf7c5a9af64

SHA256
52f2c643e4e7e6a64441dfa6b00b7a53ba573e80357c752745c670d9382ec018

SHA512
d97268284e65cd15365d8ac21dbfdc9794391b0113d6f12b9f40ce9e1e31472437131911dae84e09c55bbe6c99593065f4d18e319b4a3abb6b89bb6e3e785cbd

Download Submit