b710fd65e4f563895f1c410f56e2798d90e1e980d35bdd60b7111f2bf83ff1db | Triage

Analysis

max time kernel
21s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 17:50

Sharing

Report Analysis Logs

General

Target

stub.exe
Size

11.2MB
MD5

2b3210a38d98467c055207914d537f7d
SHA1

bd1af66048de915f2772b80e51bd3a59ae1c250c
SHA256

b710fd65e4f563895f1c410f56e2798d90e1e980d35bdd60b7111f2bf83ff1db
SHA512

7374f8803b0fea7b0caa4e05eab5cd60df76332affe540f554fa8e0f6549697e8b732c04edc112b1dc872084d277e5d171975ca55073ac40fa1d33f40ac8b375
SSDEEP

196608:Sl8JpjBIK63UtauZijdDfyGg3wBdnpkYRM+8bKqAW:h63huc5DfDg3c69b4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2856	stub.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2856	1456	stub.exe	29
PID 1456 wrote to memory of 2856	1456	stub.exe	29
PID 1456 wrote to memory of 2856	1456	stub.exe	29

C:\Users\Admin\AppData\Local\Temp\stub.exe
"C:\Users\Admin\AppData\Local\Temp\stub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Users\Admin\AppData\Local\Temp\stub.exe
  "C:\Users\Admin\AppData\Local\Temp\stub.exe"
  2⤵
  - Loads dropped DLL
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14562\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit