Overview

overview

10

Static

static

10

rlmarlbot.V1.7.1.exe

windows7-x64

7

rlmarlbot.V1.7.1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2025, 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rlmarlbot.V1.7.1.exe

  • Size

    29.5MB

  • MD5

    2b6a51aa8c836eb83cc1712861902078

  • SHA1

    44600fdea94f608d62d36c9ccef9d9b42bcee985

  • SHA256

    acf2ce4ddaee4fdb3ffae2a9de5b3c89f067ef95e7216c5c7ee75190a40d3d4e

  • SHA512

    f6f5c214a6bf3d9e64692b4a42f6b23c1e11eda5447bd09825701b9780cee39328ad2899f0085fa4b1fb2dc09264952ec47d48dda9df850935a25a6cde73910e

  • SSDEEP

    786432:83Vl8Z2hOtAj5zcY87hLWJImi0LeFPc+KhXA:f2O0FE7EioLe+zhX

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rlmarlbot.V1.7.1.exe
    "C:\Users\Admin\AppData\Local\Temp\rlmarlbot.V1.7.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\rlmarlbot.V1.7.1.exe
      "C:\Users\Admin\AppData\Local\Temp\rlmarlbot.V1.7.1.exe"
      2⤵
      • Loads dropped DLL
      PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20202\pip-24.3.1.dist-info\top_level.txt
    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dll
    Filesize

    1.4MB

    MD5

    1661de9dc158325038ea32685a182107

    SHA1

    31a5b206059bfbdd333a43e800cb466f5e5a4d1a

    SHA256

    21396ce6f622f16d6cba3d8ac1f469654fa49d9edd57d407919012fe26b03a0c

    SHA512

    d8c50191f5adbca5b5d2693b13453765d0130ebcef6f4525865b2f7b93863134592aa3c0c91f92c7d5edb3d8ddf5a190ec76417717250035bcd66aeb11510656

    Download Submit

  • memory/2412-1119-0x000007FEF5B10000-0x000007FEF5F91000-memory.dmp

    Filesize

    4.5MB

    Download