6542308295ff6b80e525daafc799ee6e70f887b30c6b278da259f3fb9a846556 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
04/03/2025, 15:28

Sharing

Report Analysis Logs

General

Target

Creal.exe
Size

16.6MB
MD5

7e3bc6e6c058cfc70033ba62ac026350
SHA1

16c4c251dfeb6e3e914d167fc766194e90dbe304
SHA256

6542308295ff6b80e525daafc799ee6e70f887b30c6b278da259f3fb9a846556
SHA512

68f24871d4b8651070bb01398eff48d95d27c6b2307f33f0d74b25f31fbb9b5eb334930c082edc7087f125248dbedc1f7444cb6a5f7e4525e95f7527cdac5903
SSDEEP

393216:mu7L/1VdQ2lN/m3pS+9J8ecH4K8zw4Jt8hXeSkM:mCLdVdQGKB9J8ecYK/P

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2676	Creal.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2676	1924	Creal.exe	30
PID 1924 wrote to memory of 2676	1924	Creal.exe	30
PID 1924 wrote to memory of 2676	1924	Creal.exe	30

C:\Users\Admin\AppData\Local\Temp\Creal.exe
"C:\Users\Admin\AppData\Local\Temp\Creal.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Creal.exe
  "C:\Users\Admin\AppData\Local\Temp\Creal.exe"
  2⤵
  - Loads dropped DLL
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19242\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit