1d9a6ee7b20ba3a798720d1fcba46ae816e2a64c80f14eac9ad0b8821a1510ad | Triage

Resubmissions

05-02-2025 19:00

250205-xnm5ma1khj 10

05-02-2025 18:56

250205-xld4ya1kdp 8

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
05-02-2025 19:00

Sharing

Report Analysis Logs

General

Target

Syntax Grabber.exe
Size

7.9MB
MD5

4c281767e69dd74a8be2ec9f307b3403
SHA1

8976b9c3d954e988c305c3dcc637ef124a552462
SHA256

1d9a6ee7b20ba3a798720d1fcba46ae816e2a64c80f14eac9ad0b8821a1510ad
SHA512

fb0c2740980529a070ffb122bbbbc56941bce5debcee143ccafc36772fd8084570731d14be06513da2223cf77a6c99b1bd0a2864784119bdb3966e4c1f455b84
SSDEEP

196608:Nn1kbTz21W903eV4QRM993iObMGuLmUVe1Pck8qf:R2nzcW+eGQRe93iObyL9w982

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2964	Syntax Grabber.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2964	2124	Syntax Grabber.exe	30
PID 2124 wrote to memory of 2964	2124	Syntax Grabber.exe	30
PID 2124 wrote to memory of 2964	2124	Syntax Grabber.exe	30

C:\Users\Admin\AppData\Local\Temp\Syntax Grabber.exe
"C:\Users\Admin\AppData\Local\Temp\Syntax Grabber.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\Syntax Grabber.exe
  "C:\Users\Admin\AppData\Local\Temp\Syntax Grabber.exe"
  2⤵
  - Loads dropped DLL
  PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21242\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit