2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
05/03/2025, 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe
Size

10.1MB
MD5

eb3ddeaf46d8dd1c61565006ee0d70a6
SHA1

259b2ff84832eccc4e69e8cc72ac527e4594f34a
SHA256

2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e
SHA512

fc2d9f0fb2e7e06989b86dc430c62e9030cdc5234128d98675a74af1e50564d674cc4cbf1ac6a0a19786cded972c1fb9b15142d07744d788dfa77af5ee0c0118
SSDEEP

196608:MgpaqNwQDmOBBQ04+IrMYd4JIMCSTT0a7u5m9CPyMS/pSYARTsRG6z:taHd04+6MYd73mk6xxnYiG6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	main.exe

Loads dropped DLL 2 IoCs

pid	Process
1552	2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe
2928	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 2928	1552	2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe	31
PID 1552 wrote to memory of 2928	1552	2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe	31
PID 1552 wrote to memory of 2928	1552	2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe	31

C:\Users\Admin\AppData\Local\Temp\2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe
"C:\Users\Admin\AppData\Local\Temp\2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Users\Admin\AppData\Local\Temp\onefile_1552_133856573726970000\main.exe
  C:\Users\Admin\AppData\Local\Temp\2e54b909f0877f84d90b27901fec21ebf4b55a07e18050e5ef0993b46ade226e.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1552_133856573726970000\python313.dll

Filesize
5.8MB

MD5
501080884bed38cb8801a307c9d7b7b4

SHA1
881b250cc8f4fa4f75111ac557a4fde8e1e217af

SHA256
bf68cf819a1e865170430c10e91c18b427aef88db1da1742020443864aa2b749

SHA512
63d74a4871d1c72c2a79ae8a5d380070f9d2128c16949c3ad36c9862fcc4dab738137ed3d51caf0bc46b36655f8bd8a2d425d68200123415ee8d4de0e1cbebc9

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1552_133856573726970000\main.exe

Filesize
13.6MB

MD5
18a31aeb49fd2d80d943ffffb15d79ed

SHA1
7e8783e9ca097a6f58eb89e496b7b7ff4fb01bf6

SHA256
48f8dde7585f4bdbe901791386f55b9e68f8cd0af555f9099825f14347458bb2

SHA512
15cdc1ce5a908fe113462b11e5ef44fe0c52f7b4980e1877cd0e7138e9a426676be3d149d35298f2d66a8b039b4cf25371b0642833c309de5051542b3171d3f6

Download Submit