Resubmissions

17-01-2025 19:44

250117-yf3e1s1phk 10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-01-2025 19:44

General

  • Target

    Rocket Loader.exe

  • Size

    7.6MB

  • MD5

    11ae68f6f08d5a07725319211a765bd1

  • SHA1

    e44ea4406c448555a0368718c31ab6a6018b730f

  • SHA256

    df58db6695193db131352cde29dca66969cc68a4dca1fe804f4ca173b038c712

  • SHA512

    9ed1ab582a1130e628b1660a2c2b445fb1ee0721907ab750aacc058a018ebbd7c7e87a573be79d33bb6e2d49bfc6feca47cee639ddffdf7eea365defc6e494ae

  • SSDEEP

    196608:6vD+kdq7zwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWz:m5YAIHL7HmBYXrYoaUNA

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rocket Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Rocket Loader.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\Rocket Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Rocket Loader.exe"
      2⤵
      • Loads dropped DLL
      PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22962\python313.dll

    Filesize

    1.8MB

    MD5

    9a3d3ae5745a79d276b05a85aea02549

    SHA1

    a5e60cac2ca606df4f7646d052a9c0ea813e7636

    SHA256

    09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

    SHA512

    46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

  • memory/1932-23-0x000007FEF61D0000-0x000007FEF6835000-memory.dmp

    Filesize

    6.4MB