f50137e69eab731be6ac6e16fe5f5ce536d64b8e5d3786f7a68c6b4a7afc3940

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/03/2025, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
Size

11.5MB
MD5

9da08b49cdcc4a84b4a722d1006c2af8
SHA1

7b5af0630b89bd2a19ae32aea30343330ca3a9eb
SHA256

215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd
SHA512

579dcb0c2f0af9a97a9c75caf023f375bd93f1698678393e7315360a33f432f2d727bf14b22c8b1584c628582115462bdd0c3edaacdcaec8fd691595e6b5bfdb
SSDEEP

196608:NRH/Vl0DXI3mvb/c1J26DfXKGvsFhsktW5Ql503UenCYzCIBetGgiPwKOhcb:NN0DXimj/GFktFl50EEza+Pnx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2784	chromium.exe

Loads dropped DLL 2 IoCs

pid	Process
2428	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
2784	chromium.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2784	2428	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe	29
PID 2428 wrote to memory of 2784	2428	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe	29
PID 2428 wrote to memory of 2784	2428	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe	29

C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
"C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\onefile_2428_133856959024288000\chromium.exe
  C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2428_133856959024288000\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2428_133856959024288000\chromium.exe

Filesize
22.0MB

MD5
0eb68c59eac29b84f81ad6522d396f59

SHA1
aacfdf3cb1bdd995f63584f31526b11874fc76a5

SHA256
dfa74d5d729e90be6e72b3c811a1299abbc52a1f6d347f011101fb5f719d059f

SHA512
81ee88577d9b665d90bc846aa249c9533aaeed2b7259d15981fcc1686723fe11343b682be25cfa3542117c8a805e40343a7315a69e7204829cbf70f22cca25e7

Download Submit
memory/2428-67-0x000000013F810000-0x00000001403B1000-memory.dmp

Filesize
11.6MB

Download
memory/2428-128-0x000000013F810000-0x00000001403B1000-memory.dmp

Filesize
11.6MB

Download
memory/2784-66-0x000000013F480000-0x0000000140ACB000-memory.dmp

Filesize
22.3MB

Download