d768f64dc0e79d8fc5bfe24f1354919d691afdb3d69adf3451b3ebc10775c567 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:13

Sharing

Report Analysis Logs

General

Target

GCGEN.exe
Size

7.6MB
MD5

10c250481bf9685b9613f1b2a90f5b33
SHA1

164d0b9f876f8d14ce24c77fa2c9ab1fc9cd9b38
SHA256

d768f64dc0e79d8fc5bfe24f1354919d691afdb3d69adf3451b3ebc10775c567
SHA512

a700a388e2db61a577cb98c4f6cf936a6765420b1d6ac3a7d812bddf47f5382820d14637504ce196112985e8953297f7a2d5f3f8ed434070499afb84974792de
SSDEEP

196608:+A7Y3a91SULDfyGR21X5Sp6GemDMPwuWKA91Ykla1YV0:pY3a1LDfDspfaMPg3a6V0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

GCGEN.exe

pid process

2692 GCGEN.exe
Suspicious use of WriteProcessMemory 3 IoCs

Processes:

GCGEN.exe

description pid process target process

PID 2084 wrote to memory of 2692 2084 GCGEN.exe GCGEN.exe
PID 2084 wrote to memory of 2692 2084 GCGEN.exe GCGEN.exe
PID 2084 wrote to memory of 2692 2084 GCGEN.exe GCGEN.exe

C:\Users\Admin\AppData\Local\Temp\GCGEN.exe
"C:\Users\Admin\AppData\Local\Temp\GCGEN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\GCGEN.exe
"C:\Users\Admin\AppData\Local\Temp\GCGEN.exe"
2⤵
- Loads dropped DLL
PID:2692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20842\python311.dll
Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit