0fbad2885a4929b5dcf00028824c22b7dd8e276d13a1c8c341445f47852004ae | Triage

Analysis

max time kernel
3s
max time network
1s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-11-2024 18:41

Sharing

Report Analysis Logs

General

Target

Waltuhium.exe
Size

11.1MB
MD5

1367126f6694188447c383594bd1341d
SHA1

118660944b0cc7a0352c9749f359b10e106e0724
SHA256

0fbad2885a4929b5dcf00028824c22b7dd8e276d13a1c8c341445f47852004ae
SHA512

486379c7993161213de3ccdc4694d21b4b69879babd1f92ad9a4274f1934fbec36ade3386360c86baade860183bd32bceffa0ffe76cff4175893494c57a3de7a
SSDEEP

196608:kR8JpjDDIK63UtauZijdDfyGg3wBdnpkYRM+82KiuW:163huc5DfDg3c692q

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2812	Waltuhium.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2812	2492	Waltuhium.exe	30
PID 2492 wrote to memory of 2812	2492	Waltuhium.exe	30
PID 2492 wrote to memory of 2812	2492	Waltuhium.exe	30

C:\Users\Admin\AppData\Local\Temp\Waltuhium.exe
"C:\Users\Admin\AppData\Local\Temp\Waltuhium.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Users\Admin\AppData\Local\Temp\Waltuhium.exe
  "C:\Users\Admin\AppData\Local\Temp\Waltuhium.exe"
  2⤵
  - Loads dropped DLL
  PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24922\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit