8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b | Triage

Resubmissions

25-11-2024 19:07

241125-xsxvma1nfz 10

25-11-2024 19:04

241125-xqyddaxphn 10

25-11-2024 16:22

241125-tvbtdsvqc1 10

25-11-2024 16:17

241125-trtj2a1qfk 10

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 19:07

Sharing

Report Analysis Logs

General

Target

Samppimafia.exe
Size

102.9MB
MD5

e5d776d0a738f622496507a407bd31a8
SHA1

379fc39a0b331b9892a886bef75b7d2f5f656816
SHA256

8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b
SHA512

46d427f5e8bc35d7ac1677add6e84461a12bd2fdb6b2398518341cba6c6f11c703d77c7490a5e2e23af258b2391ce831d130eda2170fc527081fcba549626877
SSDEEP

3145728:AnG2r7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBVPZ2:vgnSWNaBHCin1XcBa

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2260	Samppimafia.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2260	2760	Samppimafia.exe	31
PID 2760 wrote to memory of 2260	2760	Samppimafia.exe	31
PID 2760 wrote to memory of 2260	2760	Samppimafia.exe	31

C:\Users\Admin\AppData\Local\Temp\Samppimafia.exe
"C:\Users\Admin\AppData\Local\Temp\Samppimafia.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\Samppimafia.exe
  "C:\Users\Admin\AppData\Local\Temp\Samppimafia.exe"
  2⤵
  - Loads dropped DLL
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27602\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit