ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
Size

7.7MB
MD5

8280bab9314f2587905abc517210cce4
SHA1

6e034c15ff8f2f9d607c4a0c94d29ba62929304f
SHA256

ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718
SHA512

01d9220666d880e3e77e1ad7e969cff9fe22bffbb9e369c217b64277a0461a139fa2f75683f99cd9e8ff84f4f35e3826d913d42c1145a1818549dcb284980799
SSDEEP

196608:Ad67FQA1HeT39IigFeE9TFa0Z8DOjCdylSH0mQyyeoD:F7Fp1+TtIiRY9Z8D8CclSUtbD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe

pid	process
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
2964	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe

description	pid	process	target process
PID 1368 wrote to memory of 2964	1368	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
PID 1368 wrote to memory of 2964	1368	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
PID 1368 wrote to memory of 2964	1368	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe	ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe

C:\Users\Admin\AppData\Local\Temp\ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
"C:\Users\Admin\AppData\Local\Temp\ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Users\Admin\AppData\Local\Temp\ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe
"C:\Users\Admin\AppData\Local\Temp\ca06d925ec5474b801e34aec5f8a62ba149e875537163d73de4ae6eed9d45718.exe"
2⤵
- Loads dropped DLL
PID:2964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13682\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13682\ucrtbase.dll
Filesize
987KB

MD5
19df5f270ce38be3d8a4a1d57c247b7c

SHA1
f9defdee2fd28005190445afdcfc6d5d1a39c8a5

SHA256
ed33c08950483c2197a1d804621e5c4cef8ac3bd5b23be09c475364a21c89f28

SHA512
f91747efba38dd2d0455af29cc199934df7cf0d5e2c2aa6db52366487761babeaa690dee307dea64a263a67fc5e79c0c4886c1f785bcc7b03febeb0c5cd2dbec

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
a1f5311cf493cc975b994e6f82b6c486

SHA1
e02e6f418a3b4ad64825292636ffc3f501be85fb

SHA256
672d523368460a849565697e02aa66f92a8c276de6583f25d0c6fe865824b5b6

SHA512
b9595e3d8c7224572b6c302052ca8d6f31d8d225711b7196a01a0846f801b35bd9a9a52c0fd2eaa10d6e15f0e20747092592c574ab08e21b494997d1ff088bf4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
fae48422bba9451ab484e2f4d3905c4d

SHA1
18b49f5d15c0b1743ecfcab1b0ed99baf9342262

SHA256
384ca5855e1be4c5aaddf2dda9ee6a1da70c9736f354eda14adab2d6fe711c73

SHA512
423572827482fba6606487a845a7644c2a0a9553d4cb3bc637b86c9819d7ac0309d1bad4aecdeabf1927a3f8be837b47f02e3b1b8895477492387ad8011be014

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
c9bb48ea128f7074d261e6ad693976b7

SHA1
b6b0d5e19b0c79c5766dddeb47cb4f8e88078515

SHA256
d81fe66c5c75d956f23d25a108c5753a9563b9f7449c2b44e816e9c362d0e9c2

SHA512
29f4d30ae689217d3345d50727463dae0fa492c6ce30e6ac057942e95ddb080412645a7687f3ff1863a5b657aad4e59d0742874bdf67829a8f409cdd8abc5ea6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
1f273a6e43358f17599f7f333f64f7d3

SHA1
54183c7d9af1d9c21f78aab27dbbc5c1a2893b2c

SHA256
584d37e0ac9935821d8a23d47dc4b3cea7a9211018b085b0c3202b8f1d6588c4

SHA512
9b818b03165d98e47ca064f9f6d8ce1c8162b2c404fd06ee68d0cd7878cc2e0914e557e132a662aabcae6c8ee9bc6d2aa5fb5f9e39baf9512b1dcf1a026164bd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
373ee3d24e69fa32e971bc686005884d

SHA1
fe0fdf892f752af7b4bce2b8087c750405dca374

SHA256
053503a88915429a1c876a93e8f8842db03bc0e8a8074c951411a0562db04bcb

SHA512
3c85dc460b29b486569c1ba3aa52dffc5c8cef6c9a9360b25e06c03cadffccfde5f1672edd30f4ab315f7dfa6b1f9fad5fd1361bbc1a3a3b342762a971bd6393

Download Submit