94d65efdd3579cd8ec3430c6608ba4ea876c3c63b5314b4095628218eaac2426 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:12

Sharing

Report Analysis Logs

General

Target

Triggerbot.exe
Size

10.2MB
MD5

e9c2ac78313b4d58822113ece3259b0b
SHA1

ae6196446df9c8f52b6da44f6f02c1fa233d13f6
SHA256

94d65efdd3579cd8ec3430c6608ba4ea876c3c63b5314b4095628218eaac2426
SHA512

a5aef56bb8b2997c0275cdfa8dddb81d10f43fee2d9ab830ed2503c00b3b4136c8c9e8a5db7a116c19a844b4b13471bb2de74578c8937713eec6cd6e6353ef39
SSDEEP

196608:mkLEkYcowuLIoBA1HeT39Iigwh1ncKOVVtc97XEtQ1NjOp4U:dEkYcXIq1+TtIiFv0VQx060l

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

Triggerbot.exe

pid process

2524 Triggerbot.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Triggerbot.exe

description	pid	process	target process
PID 1576 wrote to memory of 2524	1576	Triggerbot.exe	Triggerbot.exe
PID 1576 wrote to memory of 2524	1576	Triggerbot.exe	Triggerbot.exe
PID 1576 wrote to memory of 2524	1576	Triggerbot.exe	Triggerbot.exe

C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe
"C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe
"C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe"
2⤵
- Loads dropped DLL
PID:2524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15762\python312.dll
Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit