Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24/03/2025, 18:00
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20250314-en
General
-
Target
source_prepared.exe
-
Size
30.6MB
-
MD5
e6f6cbf15f71da4575f0da330e1e65a2
-
SHA1
4b8bb744243059b70d7f7f8edd8f2858b6648ab6
-
SHA256
750b3344eda522e0edf7189b72b297f1aae6ab5b8cad613a67401515b93943e5
-
SHA512
b3eb2f50994a43b93310784fa1da9d29d154a6049aa05ab255f7679a3dc2c7df33819acb61910fd99817e6eaa95f77ab13b013818b04bcbd6e2c8e37aff13d8b
-
SSDEEP
786432:ltIuqEuqJow/lOW8vfX8O8l8dPXAbjlsnwCX11O74n:ltIupuelOWWP83lmPwjlswCrOo
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 2808 source_prepared.exe 2808 source_prepared.exe 2808 source_prepared.exe 2808 source_prepared.exe 2808 source_prepared.exe 2808 source_prepared.exe 2808 source_prepared.exe -
resource yara_rule behavioral1/files/0x0003000000020a43-1206.dat upx behavioral1/memory/2808-1208-0x000007FEF5690000-0x000007FEF5CF4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2532 wrote to memory of 2808 2532 source_prepared.exe 30 PID 2532 wrote to memory of 2808 2532 source_prepared.exe 30 PID 2532 wrote to memory of 2808 2532 source_prepared.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"2⤵
- Loads dropped DLL
PID:2808
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD58e7853c75a8298e4682cb412653571c5
SHA1ec07640649b48be6d6f751519158bb95bc816c55
SHA256a61d930977a025d70091d5a8d921c5f824b04f44137f6ec4229afa52da85677b
SHA512bcde69ac6b97e23df113a7900ae5e8021a397ab95f20c2074fdb7dbddaa7ee7e456c4a43a0f455bd1c7c81d994d5e25dba17a39bacc7a227436731a8bdbc7f0d
-
Filesize
14KB
MD5fba1fd156c0db5bee150667711582996
SHA1bb1f434926674878bd0ca8206d1ec4040b1315e4
SHA256697a38d1fa4fd6689038bf639346adcfc998b41c287d0730e726277ae594338d
SHA5124884fe2a22820db05d755e03b0d72025af0061014c69ea9b85f12fb90e86d7a793f231ffddc134740ea3f632caeb4e029d68abccc41b92bfaf0651a85986c6f1
-
Filesize
17KB
MD5a0e416caac284eed95d6ed704ea3a1f9
SHA11d0c4a6be4f2a4d0de680412eba425a94efe81ae
SHA2561a2c1eaf50b1ce8c770c2f46ff9879ee1f6778ba1c328ca092daafd15d0d72fe
SHA51205e4c080c1fedf03e70ace2ce96d5a9a2e7a5cb0e6802557bf74b8849d1a14053d35fe46a9f1db93e8972047a34ae763dcfbcb995c5bc8e290eb9a3d765079cd
-
Filesize
15KB
MD5f11c5051e6dae221bc12035a58292d69
SHA1c700ae53e1767c6c35cbd4513fb7af8b157b85b6
SHA2567dc848b2d97d7c295f5862a7e8c354f10859f4d89666894882afe007ab9cd5f0
SHA5128fa37c076d6c918c4f6e9f39d74aca2d4dd7a39b9822dda4ec49d25f980db52eb8ce1a143765ecb71bf620c86708c8c9f88f41b63abb9f7e07c6662d9c0a816a
-
Filesize
14KB
MD5a69e58c2b6ec24546333de8405c61904
SHA115b4afd6c5a0defdbe15124423de983651284221
SHA2560db5074fd5962d93580ff42d87dee4becf1802ec639cc05743a0c86300d5616c
SHA5124a9d1650f60d0ec592ac0b6cc73a4ccfc21dd2cb746f34b0880e41b2e4dc74d9f39557685da5f8261227023ad064d489097484f727e020e9f3dcebf1f307b3f1
-
Filesize
1.8MB
MD56b3a16dc31065257b7845d9ff611e3c6
SHA18cf971ee772193a93e49f4701f817bc6245cf81c
SHA2563cdc6a436aa16671deb975af8290654a134bb916299677a08438fc7e91e6f7e6
SHA5121d219471032c882b2e624ec1df951f6a59ee8ba39459d8eb917aaeec6899d0af6782580a5dc43ed1bbe852587c52bea32ba93ea195940335e2a19cc120c53aec
-
Filesize
964KB
MD5075060ecd921972732386540ce974be2
SHA1efd9c34220a552ce5fa3d684e8588414ce3ceaf2
SHA25608187184d43025176d9dbce929609e91218875c6a1176fd3600afea0a22be536
SHA512dd10a3e8b317dcf8571a39017eaac7de7018d45590ce22af170ca638215a5cde2ec6bd85c495ea9167535ecf1914267fba52f1b49f5861a71231bab445ea1403