ea75fa062366834048fa4a8d570afa4f34f8570e2c0fbbd5c0a0a715c00cab77 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-01-2025 11:06

Sharing

Report Analysis Logs

General

Target

main.exe
Size

12.5MB
MD5

35333a77d1ca8c3824a3538c439970be
SHA1

6900e616cd4f52ec78b74b7e8660a31c86f2804f
SHA256

ea75fa062366834048fa4a8d570afa4f34f8570e2c0fbbd5c0a0a715c00cab77
SHA512

2a30b81493c809abde0c51eaaeb0b0086707456a3adaddd0a3e8ca6d6cf86c70d0c04f412d5c2df3e1069c6950c5b408db6d31628772af331a811633e8da1925
SSDEEP

393216:6Wdqouwq3Obs2ClzbjdQJlSwF3MnG3xl580br2W673KH:68Luwq3ObRqzXdQn3MGxhW36

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2740	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2740	2660	main.exe	31
PID 2660 wrote to memory of 2740	2660	main.exe	31
PID 2660 wrote to memory of 2740	2660	main.exe	31

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26602\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit