Analysis
-
max time kernel
120s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06-11-2024 17:05
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
spoofer.exe
Resource
win10v2004-20241007-en
General
-
Target
spoofer.exe
-
Size
80.6MB
-
MD5
00612a7f7320413d89cf6bf0761dbfec
-
SHA1
707047c2a0e1cfc9e95a4eebc1cf30f327ebe282
-
SHA256
7367d53089575b0708c34d275f067825926d16ab7ecc8e43899e1b08447367bd
-
SHA512
0ea7f31a2819015e7ea58e116c7f44158f7523067057ec0f5dbe3cda2bc0da6654464282ce282a971c8f44ea9e501bd0b32c613771570f111228b5e2dc8c9d87
-
SSDEEP
1572864:CPJlLWLHd0RSk8IpG7V+VPhq9AE7DliriYgj+h58sMwoerlFGp0cJ5j:iJNmiSkB05aw9Zwl5Eeru7j
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2512 spoofer.exe -
resource yara_rule behavioral1/files/0x0003000000020a51-1263.dat upx behavioral1/memory/2512-1265-0x000007FEF5F00000-0x000007FEF64E9000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1860 wrote to memory of 2512 1860 spoofer.exe 30 PID 1860 wrote to memory of 2512 1860 spoofer.exe 30 PID 1860 wrote to memory of 2512 1860 spoofer.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5a70d5250a7878d930c92c08abd2acf5c
SHA10c9526cb8aaf011655decf5f8037b4ea562db71f
SHA2561777007bcbec5c5daa8c4068b181216def54ac53eb2f6994b2fcb01edd74d03a
SHA51208bf354cc9a16c7103173edd71abb1d91b7865adffc8c1ceb085c9f807f73b5b0ab37e70071f17166fdcce8ab0d5647060638a525090cc2544498537834e7afd