ddb02a8236ec58cf366d1c44dd3d52f9c05afbea021e405871fd06dd5269db61

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Artemis.exe
Size

6.9MB
MD5

36e86f68be64f78a1c75e74eb70a33c5
SHA1

46417b4d9694e5a02e93504b0f30ebdfd5eef51d
SHA256

ddb02a8236ec58cf366d1c44dd3d52f9c05afbea021e405871fd06dd5269db61
SHA512

563dc383d1c0836ee1bb271db8482e6d68d5bd67995366eafa11087580f3ec66ab80b53d126e4ffe89beb223ab78bcd53286214f7ef185d8adf5286e0517c961
SSDEEP

196608:KrLO4FrTaeN/FJMIDJf0gsAGK/SERRouAKh1Ad:Q/Fqyf0gst2DAKC

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2820	Artemis.exe
2820	Artemis.exe
2820	Artemis.exe
2820	Artemis.exe
2820	Artemis.exe
2820	Artemis.exe
2820	Artemis.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a448-72.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 2820	1484	Artemis.exe	31
PID 1484 wrote to memory of 2820	1484	Artemis.exe	31
PID 1484 wrote to memory of 2820	1484	Artemis.exe	31

C:\Users\Admin\AppData\Local\Temp\Artemis.exe
"C:\Users\Admin\AppData\Local\Temp\Artemis.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Users\Admin\AppData\Local\Temp\Artemis.exe
  "C:\Users\Admin\AppData\Local\Temp\Artemis.exe"
  2⤵
  - Loads dropped DLL
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14842\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
247ee82b6f9ab67feb2ac829c7e0534e

SHA1
8662074bc30819a42981960382d30d3dcd43bc78

SHA256
066a17e9a9fad448441ef8accd5d6a9d226dd433f9b55c35054777f680af0eea

SHA512
d4caee2ada6acd68d90e710604ea49bd20ae755e45dc5c0d2037656df86daa74919a4cd9f5869051d719e7d1c8ee186b0b369f54af929fefb3a459b2161dc5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
67956edcc260ce954901db15bed0ac74

SHA1
3c7fc4c623d5e08df7d551a7741a2bc860a3a0c7

SHA256
6ee5661eabf1a76e09763a1cd08de96bf63de5ccffde2909df3ed3c046bd02bf

SHA512
540b0ad62f72d8f24dee755ba05623940ef06a0550d46eb927b88f70a8cdfb6fd17355dcb71453c1f54f376aa077b1911a645401df8cf57fb273dff858cba6ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
c13e60a1d00f72a47a902a2f28b379db

SHA1
77cc4a283f37eff77298bf36eefcd2c38b936fe7

SHA256
f5eb944c34481f25d9fba56801f26b75c529969593c29a11094c3cd770b12cae

SHA512
95450b3bec4435135e350ded86ccf64b7f7b0e20e19234e0cc9cbf3483c836251bcaa7d0cc3ef1749c021ef8e5420e35809b7de64df4fa4293cca14dfcfd89e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
28a3d552a0e07c03bdc46a0096b7ce55

SHA1
37be150c9e8a94360c8b4c8f905f322c9b56394c

SHA256
4561f63773881756e20562e65ff49bad7239a638d5153773e106117d3a78d049

SHA512
84191ad57a2926311b029984538060004323372ffb91a385a8c72f34f44045731c42f2f9581d1041555ca35a100313ec938fbca18487a44b3b58e7b39bd993dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
020ee3aab95a1683088ae4df324fe169

SHA1
9fcf3e08a8df8249adf3bb6215d521f1c427ad54

SHA256
4299bbd7bb8cf433093d76ee8be5f7042a376221d1ba4ca7c6b97d477738bed5

SHA512
309ff39b8d3f3de6fc8fe72549abffe7b168e75b0a9d78a0e885afde5e5b87a25589df58b4a72570a40e3bbd2f3d4cab90eb550da315f9a5b19256857b8cbd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14842\ucrtbase.dll

Filesize
987KB

MD5
672a181cbce053a57c86250874ee9ae2

SHA1
d594a6e42dcdd6818121670ef2dd7abc9b0fdd4b

SHA256
b3a65c97fc2f830910230c8349df835a838384766332ba7cbec32933a8d46e64

SHA512
10b1fca8217a2437af9710f42fd8cfa4a861f73260856a267a2eda6a51675eca8e7fc5b0c276eadcf239e89d783049b75c556e3b93ceff0de80042054461b25a

Download Submit
memory/2820-74-0x000007FEF6230000-0x000007FEF669E000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads