7669d3b509150c0040490c325e0a971b3762e1296406996ff4c404e0a9ca2b8b | Triage

Resubmissions

13-11-2024 16:44

241113-t8xb9avhnd 10

13-11-2024 16:40

241113-t6xv1ayner 10

Analysis

max time kernel
610s
max time network
616s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
13-11-2024 16:44

Sharing

Report Analysis Logs

General

Target

source_prepared.exe
Size

101.0MB
MD5

ccfe18db286115bf03843f64a1a0a9b0
SHA1

2391d35c3a13c7c2a8f783db16357208fd78254c
SHA256

7669d3b509150c0040490c325e0a971b3762e1296406996ff4c404e0a9ca2b8b
SHA512

d94df5f48dc4a2120c8154a89460f91e4a34822214cdb2eb4a6047d906d023dc49c485ae8a617ca79c5eafd7eba9ff3bf83abb4615bf31e87575b03a7e2a73a9
SSDEEP

3145728:Dv455r7fS6xjKcBa32qHO5ie6apnGr/hjLtsA0qyNUH7Ql1IMW/:05pDSWNaVHCixXP0qy3Pw

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2432	source_prepared.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2432	2920	source_prepared.exe	30
PID 2920 wrote to memory of 2432	2920	source_prepared.exe	30
PID 2920 wrote to memory of 2432	2920	source_prepared.exe	30

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29202\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit