3ddb7f3c904a5c9de05ecf7dc0ca23cd1017447a334d0b664cbcbdd58eebf5e2 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
05/12/2024, 21:32

Sharing

Report Analysis Logs

General

Target

ChaseHorror.exe
Size

30.3MB
MD5

e6e90381bd206d82593c280c4d2396f2
SHA1

dd998fef4fa89c9784427b0ce87aa3f5527a7ee5
SHA256

3ddb7f3c904a5c9de05ecf7dc0ca23cd1017447a334d0b664cbcbdd58eebf5e2
SHA512

2decf72ae9a74d9aac49bcabe8aecccb0173017588fed4dcf83c40253aac1cbc1c9071b81678509efe7d35f314b15cfe772f049ca7695a1aa07bffea4150c943
SSDEEP

786432:xmMlhONW8N8m1NxOpl8dPXfrRQ7668BLvqW+CxeD6mp3a:xdlhsW08mxElmPvw8B7l46W

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1392	ChaseHorror.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 1392	2884	ChaseHorror.exe	28
PID 2884 wrote to memory of 1392	2884	ChaseHorror.exe	28
PID 2884 wrote to memory of 1392	2884	ChaseHorror.exe	28

C:\Users\Admin\AppData\Local\Temp\ChaseHorror.exe
"C:\Users\Admin\AppData\Local\Temp\ChaseHorror.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Local\Temp\ChaseHorror.exe
  "C:\Users\Admin\AppData\Local\Temp\ChaseHorror.exe"
  2⤵
  - Loads dropped DLL
  PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28842\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit