1ba7bedaaa3a81350a78cf579e625e879d6d68cef0f7ac8c55cc419798f380e1 | Triage

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 16:24

Sharing

Report Analysis Logs

General

Target

Creal.exe
Size

16.1MB
MD5

017603b860f67f7f65f724e519465926
SHA1

51b1924ec73969fc16e00c0e80597c07711cf866
SHA256

1ba7bedaaa3a81350a78cf579e625e879d6d68cef0f7ac8c55cc419798f380e1
SHA512

a695347bef5bdfdcd4adee43909b375828d89d48f78f88d443e4e19728ff82f2bfb5487ea80fbbbd9953394985bb0fdc935da734eb32220fb386d701f9bc3945
SSDEEP

393216:29YiZM63hucsXMCHWUj/cuIbvR/PrK8Xms96YqZVo:29YiZt3hrsXMb8Ut/TKXlVo

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2656	Creal.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2656	2252	Creal.exe	30
PID 2252 wrote to memory of 2656	2252	Creal.exe	30
PID 2252 wrote to memory of 2656	2252	Creal.exe	30

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22522\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit