6ba0f267bcb23a558c5bcdcdbe76255a78e2259df933220849cbe6cef9f856dd | Triage

Resubmissions

13/01/2025, 20:53 UTC

250113-zn91hazlfj 10

13/01/2025, 12:53 UTC

250113-p4sq2ssnfx 10

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/01/2025, 12:53 UTC

Sharing

Report Analysis Logs

General

Target

DoxerV7.exe
Size

19.6MB
MD5

9cd3c54cd577301cc4bfa6793e23563f
SHA1

064231143d1bb4a793a348d79a3ca2d300bfb417
SHA256

28bd3dc04da389e62f5dc987c5f11d70446d20eb270affc42f212972233a60ab
SHA512

bdc4a5a13d9e17d1d637a9af1bb5a15ccd03e2f31b9915017cadce7e151bc54f388c320e45e46fd5b6b69517ac7abf3262ff455fa2aa4b3d609c348b0b93a93b
SSDEEP

393216:Su7L/1a/vUI/5DfDg8Qzc65FMMBgCqEJ6Zj+dCDMOAql:SCLdad5b08QwwMMBS5NAkb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2108	DoxerV7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2108	2828	DoxerV7.exe	30
PID 2828 wrote to memory of 2108	2828	DoxerV7.exe	30
PID 2828 wrote to memory of 2108	2828	DoxerV7.exe	30

C:\Users\Admin\AppData\Local\Temp\DoxerV7.exe
"C:\Users\Admin\AppData\Local\Temp\DoxerV7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Users\Admin\AppData\Local\Temp\DoxerV7.exe
  "C:\Users\Admin\AppData\Local\Temp\DoxerV7.exe"
  2⤵
  - Loads dropped DLL
  PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28282\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit