Analysis

  • max time kernel
    12s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 22:21

General

  • Target

    IndrasLock.exe

  • Size

    120.6MB

  • MD5

    fb2cab1db6333ccca939de6c56b90dbe

  • SHA1

    7a805d3639f3c9fd06167a976b30675ffdecfedd

  • SHA256

    20114329e2e82ffee6e51a8e39df132a4c4cbdf3a8b74b16b85b7b5626f6d76a

  • SHA512

    3779d0b5646747dc18538eb26404b1df9d3c84847a5d3b217c3f9d7e87da8b45fac51954079b047177df9849d8981c593f2e83133826b4e1390956d86ee81fa4

  • SSDEEP

    3145728:YzoRRxEo53x2rm9BIbqrWd62z/ei3Mlqt8h3FkX:Y2R/53xhydd62zWiclazX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe
    "C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe
      "C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe"
      2⤵
      • Loads dropped DLL
      PID:1236

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI24002\python313.dll

          Filesize

          5.8MB

          MD5

          b9de917b925dd246b709bb4233777efd

          SHA1

          775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

          SHA256

          0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

          SHA512

          f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33