311ce15734609d5f53c8ad1901be1373f233abbb23d7f11c330cb921d39ae54d | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
24/02/2025, 10:09

Sharing

Report Analysis Logs

General

Target

Injector.exe
Size

68.8MB
MD5

c43cf791c9a67e57d78f47177b73db5e
SHA1

d211284c160cc7544d8c1ddcd22aef52e066165c
SHA256

311ce15734609d5f53c8ad1901be1373f233abbb23d7f11c330cb921d39ae54d
SHA512

3408552e9e56f6d0cc5d2a21d91702bb93d3b86f3c243979184df56bdb7ba326df341b69cd39b40f2cebe0851edc1b2975ef2d02e687167971b5be32dfea3ac2
SSDEEP

1572864:RfcQtIe3iirAH8+1osuTCSxOB6xMLiIpz2qHWB75il+WBZo0Wo4Dxo:tciiS6xjKcBa6R2qHO5izBW0zCO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2116	Injector.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2116	2124	Injector.exe	30
PID 2124 wrote to memory of 2116	2124	Injector.exe	30
PID 2124 wrote to memory of 2116	2124	Injector.exe	30

C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\Injector.exe
  "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
  2⤵
  - Loads dropped DLL
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21242\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit