e5cf853398bcdd00fa6925a007cb7683e61d35c11ec641da44c419fd66d66dab | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 08:31

Sharing

Report Analysis Logs

General

Target

ef12eb5be4046a8d70e864d3b623bb2d.exe
Size

6.6MB
MD5

ef12eb5be4046a8d70e864d3b623bb2d
SHA1

cf28f12a882cd8dfa1b280c2254013a7908d1984
SHA256

e5cf853398bcdd00fa6925a007cb7683e61d35c11ec641da44c419fd66d66dab
SHA512

89c7b5eb7170c58d80b893cbe4e65556f6b8a640321fe390c8c3acd13e2ae786ea9462a6b1db8342fbc107e1575a7dd84051f2aefd6baf94be360bf818d68d4d
SSDEEP

196608:fGiGxbAQ5owejuJDUX47dwdW0LBTYPERR:+xCaUX47d4xZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2820	ef12eb5be4046a8d70e864d3b623bb2d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2820	2780	ef12eb5be4046a8d70e864d3b623bb2d.exe	31
PID 2780 wrote to memory of 2820	2780	ef12eb5be4046a8d70e864d3b623bb2d.exe	31
PID 2780 wrote to memory of 2820	2780	ef12eb5be4046a8d70e864d3b623bb2d.exe	31

C:\Users\Admin\AppData\Local\Temp\ef12eb5be4046a8d70e864d3b623bb2d.exe
"C:\Users\Admin\AppData\Local\Temp\ef12eb5be4046a8d70e864d3b623bb2d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\ef12eb5be4046a8d70e864d3b623bb2d.exe
  "C:\Users\Admin\AppData\Local\Temp\ef12eb5be4046a8d70e864d3b623bb2d.exe"
  2⤵
  - Loads dropped DLL
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27802\python311.dll

Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit