b9a40da2cac88cbf1d4b197fc40eed020a2334b86f61c7b9e007cc1191f45f2e

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Puller.exe
Size

39.9MB
MD5

b704b787e63bb954c3e2be7704d1c804
SHA1

ec0687caa82781428a976c5611495b7efb0c4943
SHA256

b9a40da2cac88cbf1d4b197fc40eed020a2334b86f61c7b9e007cc1191f45f2e
SHA512

54ddad82d1d7cba52433c46d6d446b8332f5a9aa4ac31debeda09e656c7e7979fef315057eea60d26df3e182e0f78efe1513ce0aa001f4b4f501150cdbb9b37b
SSDEEP

786432:iK0h9QiIAkxMF/AAh6ABxn5v7bN3mmJm9OojrggM5SO4Lb69bgD7:iKXikMAU6s5v7UD9O6rggMYbs

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe
2660	Puller.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019cbf-73.dat	upx
behavioral1/memory/2660-75-0x000007FEF5D10000-0x000007FEF6176000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2660	2820	Puller.exe	30
PID 2820 wrote to memory of 2660	2820	Puller.exe	30
PID 2820 wrote to memory of 2660	2820	Puller.exe	30

C:\Users\Admin\AppData\Local\Temp\Puller.exe
"C:\Users\Admin\AppData\Local\Temp\Puller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\Puller.exe
  "C:\Users\Admin\AppData\Local\Temp\Puller.exe"
  2⤵
  - Loads dropped DLL
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-fibers-l1-1-1.dll

Filesize
41KB

MD5
2ab462bc91d2c5142d5e214845c6172b

SHA1
6b76d8422545b25a975b65d8de9a5fdd4bc1f536

SHA256
b43855dc60845c9294365bfdf5502f319bd1c9841f8ab9e48582836cfd6bee2b

SHA512
56060b0de46ca0047abf4aa23b6bada494f800729b343c7ac88f909ebfaff8285360d825b09a558e2f228d6328c19bb370d3103a16b739b6ef45b7cfcb29d9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-file-l1-2-0.dll

Filesize
41KB

MD5
481bf224cff94014c10fd58ac34ae1b5

SHA1
278b29b2bffdd5046a91405d066aef58850112af

SHA256
1afad5ebebd5a8544015c4621ecee1abd37fd57e3fa12cc676db4e15e3ae9be1

SHA512
3d03180e9a59240bb535a4df7c39443b877daca49ddcd55a0b2d4d1ad602e064a4c0ff9b23563a21414b096058433eb93bbc4e97fd935509bc89b50861fb2dc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-file-l2-1-0.dll

Filesize
41KB

MD5
cb9a45cc64ea751d3f862bf6a2cfaa21

SHA1
99014b04743e712a10e5b268117eed8dbfc1235a

SHA256
8941184647aaa526ce27d528d29d4b9521867c19c57cbbb875e3047d60d6416c

SHA512
dba9863861c6cb31026c13892e46e0c62a1f7372edae116cd17eaed06b5c4ed60fdc6ed7025862e1305168d6c49d1d7f478ef254ec5217e0a99cb4286402e600

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
41KB

MD5
d93ed6e1ea0fa1d036184907048eaf23

SHA1
b4a511783622ede012f196efbb8fd8af561fb881

SHA256
6ea6a19cc89b2a31547df26018f2dd790f04a33e4da87720324f67dfb9670073

SHA512
7109d4b075872d3116da76f89c8622ece54f6057361bce495312d73570309c12c0679a7c4db017e97d0bb9a5bf203754c2566722ca6e7a3df8a0e6963daa019c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-localization-l1-2-0.dll

Filesize
41KB

MD5
833d834b4f1cb91a9b2b6919858a03c3

SHA1
b2285d10fd115523fc44126bdb546afaab1c24ba

SHA256
6040b507ad7d8c977eec28a3d3f3be8694a9fbc7837494287a36036412811f67

SHA512
b61fc70342a4e1d0960d1e38a1ff5f9a29f141df687fa2bf1b58ffa1d855ad4ae40f6af9dc3ade0a079f3eb141550d96f0873cb66d9a3a10e550265366865feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
41KB

MD5
1deeca8d0bb4253469ec5404d9e65d3c

SHA1
fa3b716901510777e81e2331e84eff2c2617ec46

SHA256
169c826962fef9631a32d0ad06292bbd19db5d2a37edf2aea18263065f109826

SHA512
592f9bd450fecb86f6d4e15b5c2e1ac73c94418392f6c0f87586d9e53434eed9c1bc74314b5c989ce2d00c9ccec887b18665064819bde56e38e6ab630521959b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
41KB

MD5
95008cf66c531d9e6c85bbb60a377ae2

SHA1
e15b40bb7d88137ae3324966fa6dab0a44db6f4d

SHA256
6e41aeea02ca743d5a50b8af9405b9abb569f2fde82c844541581cf9e0185823

SHA512
9e0b2eeee2fd2ce661b07440f78d76262712fd037d60836de8efcac6149b5761816dce6b2e7267ae9b3024088d37f26ebcbf894b555c1b6206fae8cb4e8cdb1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
41KB

MD5
6f3ed0d4b1e9ce3d81c8f81b3b18edb8

SHA1
6ae6f9e584b7d11b8a1f9851957175ae5c155ae9

SHA256
3e0e05d6df43d1f10a4cf52708101ad2d03d88c8791abe2bf06519098ce59523

SHA512
675e45014835d413ff391fecde8fd08eb51186ad7852d9deccccb721917c41f275c21ee68d5d0577a72d80a3b25340182cb53b88f8ab6bbc64df9882fa016dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\python310.dll

Filesize
1.4MB

MD5
72c65de0cc88d6a26d5a7040aaf1fb60

SHA1
68dae332ade43106c72e68a497b6b7df6b314425

SHA256
769f20bcec63eb6567cca095ea59ffcda2c87e2b8600503f0e4f976dfb8da2bb

SHA512
5f658e0bee185613a37f946069ac6723fff93e542a4eb6e3435766c58d09d82894b85502f1686ffc9318bdf4b3a858490866ca56b90238c8c903e794c3a4e3fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\ucrtbase.dll

Filesize
1.3MB

MD5
b03be769e6765278ba40fe3fd6896d96

SHA1
5dddad1bcc1195e4873228bb8991717d02bde47c

SHA256
84e058a8abf480fd3dba06ea9e40a40103566632eb3d0d24b91e4f213780b284

SHA512
4e8470f5744074a1e2722624b810141bdc710be7ff333b7a992dd3afac9dfd225edb80bc545b122327efebd9a9f4d85f94c911b8aeec2addab789d0f5850e0b1

Download Submit
memory/2660-75-0x000007FEF5D10000-0x000007FEF6176000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads