9dc579518e8d00546ce132209aee6f5c8eb78b22ed5828f316cdf0f81c720521 | Triage

Resubmissions

22-01-2025 15:54

250122-tca45stnat 8

22-01-2025 13:12

250122-qfg53sxpfv 10

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 13:12

Sharing

Report Analysis Logs

General

Target

main.exe
Size

7.3MB
MD5

17741d73622b968fb2994a7ecab90b21
SHA1

bf1676bd064c4b9a1151348bc4310c15f506d205
SHA256

9dc579518e8d00546ce132209aee6f5c8eb78b22ed5828f316cdf0f81c720521
SHA512

3a5833a9c687f79428707e1be15fcda5d7aacd21b05e765235efa13f6424d30d501f5bd85d6dc1b62bcab947dae7069334ed8fba39365b1fa217ad7daec62f06
SSDEEP

196608:/snm8b83kdaXMCHGLLc54i1wN+DrRRu7NtbFRKnZMvDrGmh1wlxN8:G5/cXMCHWUj7rRQ7XbFsn6vH5WN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2596	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2596	1228	main.exe	31
PID 1228 wrote to memory of 2596	1228	main.exe	31
PID 1228 wrote to memory of 2596	1228	main.exe	31

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12282\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit