939c4bd2c4468053da289d965da7e91609a4c18f3548cd8457128deb34a907a8 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 15:37

Sharing

Report Analysis Logs

General

Target

test.exe
Size

7.6MB
MD5

7a43dc90a23fc14eced70881471821b6
SHA1

ce9d907962d87dff5842923930bac30f6cecb318
SHA256

939c4bd2c4468053da289d965da7e91609a4c18f3548cd8457128deb34a907a8
SHA512

fefef51a0103d5209781b90262a9e43fd083d952b7f779d6cc0dc7bda713afe2eb021f2080835259fb72e1dcea5e8ae0a60d414a2d0c8e17a20954abe080308e
SSDEEP

196608:4SjsokiY8XMCHGLLc54i1wN+lPIcu9KYK39sI3PPJNMRRccx:LYXoXMCHWUjqcuI3/PJNe

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2144	test.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2144	840	test.exe	29
PID 840 wrote to memory of 2144	840	test.exe	29
PID 840 wrote to memory of 2144	840	test.exe	29

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Users\Admin\AppData\Local\Temp\test.exe
  "C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  - Loads dropped DLL
  PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI8402\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit