43a7d27a20b0e9cc8e36d9662d450d545cb77882427a6a235768034ea993b1d0

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-01-2025 19:51

Target

matcha.exe
Size

7.1MB
MD5

e82cfe1aa94d7e64413c14900bfbdacd
SHA1

89294a1adcb395716b0e03ebb7089b0ab2c91857
SHA256

43a7d27a20b0e9cc8e36d9662d450d545cb77882427a6a235768034ea993b1d0
SHA512

ca15d5373a54651365be5018b13b668483e754f1fd4d11b7a6d1411bd7ab1014e2f9fd6c20f1b4da8d9851a1688f8a73c09dfebb10af009a250bcf4100a005f8
SSDEEP

98304:EwCIfhvpj/qRsMD/x/0feyGgatbQ940BDlgwdnpka9R/k9t+2SzIrzUGt+7tMKzr:ENOpj/cDfyGgqwBdnpkYRMsc8uKpOZ6

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2068	matcha.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2068	matcha.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2068	2676	matcha.exe	30
PID 2676 wrote to memory of 2068	2676	matcha.exe	30
PID 2676 wrote to memory of 2068	2676	matcha.exe	30

C:\Users\Admin\AppData\Local\Temp\matcha.exe
"C:\Users\Admin\AppData\Local\Temp\matcha.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\matcha.exe
  "C:\Users\Admin\AppData\Local\Temp\matcha.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2068

C:\Users\Admin\AppData\Local\Temp\_MEI26762\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit