967d8df2b2b47c97fcb36286731254cc23e81fb92b1ebc1c917e292c3d2740c6 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 17:02

Sharing

Report Analysis Logs

General

Target

stub.exe
Size

8.3MB
MD5

812c191196807e717082916052bfaa4f
SHA1

1b1144a8e914281cb9754ca6f5f8133d35dd01bc
SHA256

967d8df2b2b47c97fcb36286731254cc23e81fb92b1ebc1c917e292c3d2740c6
SHA512

152b88c1282765ec6971cf81489453f340f91eba9d85ff6dbc7d3daea16088eb2529dfb470d5ade09ccc625bfa37a0a12dd02bb05ffd383fceaa1a5dd78610f0
SSDEEP

196608:7GGv8HZ4JFdQmRrdA6lS8Qnf2ODjMnGydS8jyi9IleHq7O2zH:COYsdQOlaF3MnG38jyi9IleKqkH

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

stub.exe

pid	Process
2924	stub.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

stub.exe

description	pid	Process	procid_target
PID 2096 wrote to memory of 2924	2096	stub.exe	30
PID 2096 wrote to memory of 2924	2096	stub.exe	30
PID 2096 wrote to memory of 2924	2096	stub.exe	30

C:\Users\Admin\AppData\Local\Temp\stub.exe
"C:\Users\Admin\AppData\Local\Temp\stub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\stub.exe
  "C:\Users\Admin\AppData\Local\Temp\stub.exe"
  2⤵
  - Loads dropped DLL
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20962\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit