877bbfa93204729a4a260fede9c76318d4f7e58a38f6ba5073424f94829ed536

Resubmissions

13-01-2025 01:19

250113-bpjmya1nbj 3

12-01-2025 11:10

250112-m91bzasmbp 10

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maple.exe
Size

40.8MB
MD5

db7b4b030f0a44a2f51c957d949f8e1e
SHA1

7814eaffb9c68fb78f3f69380439aaf94d556828
SHA256

8f5f582788ce95ba51ca37dac8e45fff1674e0d36e4129731edded7e71a94c30
SHA512

be6f371423a0bee1b3d3f61640e1b6ca64290a4a864d4a1b3ad8ca6250650ca01d42b635f650138733b3817c491f64a8bc82622e7f1b565dc4cc8da37e43a63c
SSDEEP

786432:GmtGTz74LgKKoB7fgM3QZ2ciA4DS+mC8yZ9BSmPpnbP3EwlIFFnHpu1Ckf9+uKcY:GmKoLW233u2cipDM+Z9LFPI/nkUg9M6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1132	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2916	maple.exe
1132	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1132	2916	maple.exe	31
PID 2916 wrote to memory of 1132	2916	maple.exe	31
PID 2916 wrote to memory of 1132	2916	maple.exe	31

C:\Users\Admin\AppData\Local\Temp\maple.exe
"C:\Users\Admin\AppData\Local\Temp\maple.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\onefile_2916_133811538669680000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\maple.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2916_133811538669680000\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit