f8ac03934af382332129d2ab06cba16014212de5ddaa06c6449f2054bd324e31

Analysis

max time kernel
59s
max time network
18s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SimpleAntiCheat.exe
Size

8.1MB
MD5

0abc1d1372ee4cd5a1521e9d8797c385
SHA1

80f7f006990a9c3688da4bcbe2d144c58460cc9f
SHA256

f8ac03934af382332129d2ab06cba16014212de5ddaa06c6449f2054bd324e31
SHA512

80084c1918e316115fc4a9c472ec718602c15fd1a8b0fc4af4d19852de816f8497d8fb0abe7091be3370867747082681b19a59fc2b4ce6f9fb89685f5b7b4bf3
SSDEEP

196608:x/65A1HeT39IigdvKub75bcjWgb3SEezfPAkjKW860:T1+TtIiivB5IjWqilzd8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 12 IoCs

Processes:

SimpleAntiCheat.exe

pid	process
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description ioc process

File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe
File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SimpleAntiCheat.exe

pid	process
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe
4916	SimpleAntiCheat.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

SimpleAntiCheat.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4916	SimpleAntiCheat.exe
Token: SeDebugPrivilege	1224	taskmgr.exe
Token: SeSystemProfilePrivilege	1224	taskmgr.exe
Token: SeCreateGlobalPrivilege	1224	taskmgr.exe
Token: 33	1224	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1224	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe
1224	taskmgr.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

SimpleAntiCheat.exe

description pid process target process

PID 204 wrote to memory of 4916 204 SimpleAntiCheat.exe SimpleAntiCheat.exe
PID 204 wrote to memory of 4916 204 SimpleAntiCheat.exe SimpleAntiCheat.exe

description	pid	process	target process
PID 204 wrote to memory of 4916	204	SimpleAntiCheat.exe	SimpleAntiCheat.exe
PID 204 wrote to memory of 4916	204	SimpleAntiCheat.exe	SimpleAntiCheat.exe

C:\Users\Admin\AppData\Local\Temp\SimpleAntiCheat.exe
"C:\Users\Admin\AppData\Local\Temp\SimpleAntiCheat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:204

C:\Users\Admin\AppData\Local\Temp\SimpleAntiCheat.exe
"C:\Users\Admin\AppData\Local\Temp\SimpleAntiCheat.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4916

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1224

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI2042\VCRUNTIME140.dll
Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_ctypes.pyd
Filesize
122KB

MD5
2a834c3738742d45c0a06d40221cc588

SHA1
606705a593631d6767467fb38f9300d7cd04ab3e

SHA256
f20dfa748b878751ea1c4fe77a230d65212720652b99c4e5577bce461bbd9089

SHA512
924235a506ce4d635fa7c2b34e5d8e77eff73f963e58e29c6ef89db157bf7bab587678bb2120d09da70594926d82d87dbaa5d247e861e331cf591d45ea19a117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_decimal.pyd
Filesize
246KB

MD5
f930b7550574446a015bc602d59b0948

SHA1
4ee6ff8019c6c540525bdd2790fc76385cdd6186

SHA256
3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544

SHA512
10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_hashlib.pyd
Filesize
64KB

MD5
b0262bd89a59a3699bfa75c4dcc3ee06

SHA1
eb658849c646a26572dea7f6bfc042cb62fb49dc

SHA256
4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67

SHA512
2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_lzma.pyd
Filesize
155KB

MD5
b71dbe0f137ffbda6c3a89d5bcbf1017

SHA1
a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f

SHA256
6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a

SHA512
9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_socket.pyd
Filesize
81KB

MD5
9c6283cc17f9d86106b706ec4ea77356

SHA1
af4f2f52ce6122f340e5ea1f021f98b1ffd6d5b6

SHA256
5cc62aac52edf87916deb4ebbad9abb58a6a3565b32e7544f672aca305c38027

SHA512
11fd6f570dd78f8ff00be645e47472a96daffa3253e8bd29183bccde3f0746f7e436a106e9a68c57cc05b80a112365441d06cc719d51c906703b428a32c93124

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\_wmi.pyd
Filesize
35KB

MD5
c1654ebebfeeda425eade8b77ca96de5

SHA1
a4a150f1c810077b6e762f689c657227cc4fd257

SHA256
aa1443a715fbf84a84f39bd89707271fc11a77b597d7324ce86fc5cfa56a63a9

SHA512
21705b991e75efd5e59b8431a3b19ae5fcc38a3e7f137a9d52acd24e7f67d61758e48abc1c9c0d4314fa02010a1886c15ead5bca8dca1b1d4ccbfc3c589d342e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-console-l1-1-0.dll
Filesize
21KB

MD5
a148dc22ea14cd5578de22b2dfb0917f

SHA1
eaccb66f62e5b6d7154798e596eabd3cef00b982

SHA256
7603e172853a9711fbdc53b080432ad12984b463768dbc3aa842a26f5b26ae23

SHA512
4e3c927692fc41889b596273aea8bbd776cf7644dae26c411c12bda23cd3299a5c9adc06a930294310f002de74592a244767378fc9e37ec76e86bfa23f4c0478

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-datetime-l1-1-0.dll
Filesize
21KB

MD5
3095c9577395249e105410bdcc585f77

SHA1
7dfc0c81f8f28cbf36c5acdb83523569b430b944

SHA256
c08be448195f46c4b423d0ce0c2cdc343e842ff1f91b16a8d3c09d5152150917

SHA512
555568fc23ade238bcc13a447520d395546def4409a002d795dd3abea03b15321491bc63c97f4ed8eb78aa411a0b1267dce5c528e51dcac8ca9e93b8f5265786

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-debug-l1-1-0.dll
Filesize
21KB

MD5
a00ebd3cf88d668be6d62a25fa4fb525

SHA1
edb07eafd08991611389293e2be80f8ee98f1e62

SHA256
b44646453584305d4edf8ab5f5d1adea6b9650bd2b75f8486fc275be52b86433

SHA512
d63f0e9f2e079ee06aa3ab96a0bd2d169564896027b731ee2597327bdc55456c5fd0c2d8c7e68165fc80bbc3fe0c24a3388d4c3615f33fc9f9fc0b205ae9ba7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
21KB

MD5
98340ffd2b1d8affef27d4b1260aeac5

SHA1
b428b39aa814a7038a1ddff9b64b935f51833a26

SHA256
7388a019922e9a0a3d05a8605a5307e3141b39f7d57b7faca5d34e72adfd5fa5

SHA512
6165c5be0360d55403e9dfd4e9df4ff9a12e5fb6057ed9278da09e688751487e46d9dd64949375c00764cbb4355cc13a1ea714055050f2ab7d432977b8443f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-file-l1-1-0.dll
Filesize
25KB

MD5
abf9850eb219be4976a94144a9eba057

SHA1
3d8c37588b36296240934b2f63a1b135a52fcee2

SHA256
41c5c577fea3ce13d5beb64ce0920f1061f65bcf39eafa8cd3dfc09ff48bcf76

SHA512
dfaafb43ce7f05b2db35eac10b314fb506c6aada80f6c4327b09ec33c170478ebd0eea19f1c6ca2e4832bfa41f769046deca8f15d54b7966134d166ee6036bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-file-l1-2-0.dll
Filesize
21KB

MD5
2b36752a5157359da1c0e646ee9bec45

SHA1
708aeb7e945c9c709109cea359cb31bd7ac64889

SHA256
3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc

SHA512
fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-handle-l1-1-0.dll
Filesize
21KB

MD5
567ff20a8d330cbb3278d3360c8d56f5

SHA1
cdf0cfc650da3a1b57dc3ef982a317d37ffb974d

SHA256
47dfbe1ecc8abc002bd52dcd5281ed7378d457789be4cb1e9bee369150d7f5c8

SHA512
1643e900f13509f0ef9c7b7f8f2401fb3b6f2c0c39b512c623615df92b1e69df042ef1a0c6aace82173ce5d4d3c672c1636d6ee05545ce5c3b7374ab745e0e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-heap-l1-1-0.dll
Filesize
21KB

MD5
a8b967b65232ecce7261eaecf39e7d6d

SHA1
df0792b29c19d46a93291c88a497151a0ba4366d

SHA256
8fcc9a97a8ad3be9a8d0ce6bb502284dd145ebbe587b42cdeaa4262279517c1d

SHA512
b8116208eb646ec1c103f78c768c848eb9d8d7202ebdab4acb58686e6f0706f0d6aaa884e11065d7ece63ebbd452f35b1422bd79e6eb2405fb1892758195ccbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-interlocked-l1-1-0.dll
Filesize
21KB

MD5
5872cb5ca3980697283aab9007196ae6

SHA1
26e8de47d9bee371f6c7a47f206a131965b6b481

SHA256
0dff50774693fcb71782b5e214419032a8c00b3031151d93be5c971b6f62cd45

SHA512
9b3e2fa9f66d29bfc7a4ca5d673b395bcda223a85fd06c94a11217047c1a312148c9c6270d7f69dfef06b25f8b5ad46717a829bde55f540c804a4ba4c4af070c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
21KB

MD5
d042aa497ce2a9f03296f8de68ed0680

SHA1
f483a343a18b960630ccf0e6de2f82883550f3bf

SHA256
de3d2c5519f74a982f06f3f3fda085571c0cdcf5ad8d2d331c79d9c92062bdc3

SHA512
4e157c8701860982ce0dec956fe4bfb684d2db3eaa9e784f179d385be905fd0551ba90cc27c54179fc39a693d9c742364f2bf1a5444424ba5eae38103b5f0e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-localization-l1-2-0.dll
Filesize
21KB

MD5
3589557535bba7641da3d76eefb0c73d

SHA1
6f63107c2212300c7cd1573059c08b43e5bd9b95

SHA256
642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6

SHA512
7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-memory-l1-1-0.dll
Filesize
21KB

MD5
064fb2e1b5e90796a68d1edf91269ad3

SHA1
6e3a8c568f038879b7b102975a4471b2489f5493

SHA256
3500935e638f7d0ae2bf564bf77f9329811329261185fcdb9cd702b999889ffd

SHA512
821f091529d45531811a73664473cebb372a310d855e1a4c1a028ad4dc7d36146d3030dcf10de8a4a4bf16fb535fe3d0d2e1fcd22959690842388abb177b0036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize
21KB

MD5
d1bc9b3a7aa94d10c41fa16210aa9dba

SHA1
a358b824b1f26ead420d2100e5f1a3fb74af2b7a

SHA256
75652caf05e86adc88ed214fd208b4a289489cac2b28fd358e302e2e7c3c338f

SHA512
149478dfca0165d5a68e89070017cda3400926284eaa2143a810138ff710079cde413c031721de5b58cb834f03d4c5df5b4bd6c2bdb65687755ad77cae778b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
21KB

MD5
4f1303827a67760d02feb54e9258edb1

SHA1
340d7029c39708d14da79b12a0e2ed0a8bc7c020

SHA256
77fc9adf1a734d9717700b038b98b4337a494fc4f7e1e706c82e97dbca896fd8

SHA512
20f067d1c2749c709e4fc45da8d9eb5b813f54d0e09fa482d00bc4a7e5744c587d0afc00cdd5263b4223fe94baa3f8ca110d010339f9e3f1c6b2700888dbe3d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
21KB

MD5
73586decad3b3d90653750504b356a5c

SHA1
39a7ee1660ca1291314ef78150e397b1d8683e03

SHA256
34f560c3e56f40db5df695c967b6e302e961085bc037bb9a1c2d2c866a9df48f

SHA512
9ec299e930d2b89ad379613f8fa63669ec7c858da8a24608b92175f42b0be75f8aa2e1727dabf7638ae9d2942d03840f288eab53f2c9f38dbea1325f1ea8b22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
21KB

MD5
774aa9f9318880cb4ad3bf6f464da556

SHA1
3a5c07cf35009c98eb033e1cbde1900135d1abf8

SHA256
ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346

SHA512
f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-profile-l1-1-0.dll
Filesize
21KB

MD5
1be729c6d9bf1b58f435b23e7f87ba49

SHA1
4b2df3fab46a362ee46057c344995fa622e0672a

SHA256
4c425fbb8d2319d838733ab9cec63a576639192d993909e70cf84f49c107f785

SHA512
ceccc5ff2bd90a91cfbb948f979576795ff0a9503ddaafd268c14306f93d887975bd376b62ed688be51bb88b3a0c54ef332be93b4b0d8737b5ab70a661b11416

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize
21KB

MD5
0b30c6862b5224cc429fe2eb2b7bf14b

SHA1
5c3affa14e3bfdafe09e9841a2920b57c7fcbc56

SHA256
d9c6f93c4972db08c7888d55e8e59e8aba022d416817d65bc96e5a258c859b5f

SHA512
b378f2a2812245ea948d81a925d041dbd7e7a8fb2770cf7dd47643da20f5c685c6121479f95b293177a9480290b17c49e7b4fc10d33734cf883d2c614daae1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-string-l1-1-0.dll
Filesize
21KB

MD5
b65933f7bcadc7072d5a2d70ecba9f81

SHA1
c53561755b9f33d0ae7874b3a7d67bedcb0129d8

SHA256
eadf535795df58d4f52fc6237fe46feb0f8166daca5eaaa59cec3cee50a9181d

SHA512
4cbb8bda8609404fe84ca36a8cbfe1d69c55dee2b969231b2fa00ca9139d956196a2babbb80a1a2bb430a34e6bd335294f452bcbe9e44411561ebdf21e4aba91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-synch-l1-1-0.dll
Filesize
21KB

MD5
bccc676f2fb18c1a1864363e5a649a88

SHA1
a095a83a32a4a65fe16aa0be9a517239fac5db0d

SHA256
9d3f803dc791d2ff2e05059f9bb9207cc8f4134e1ac05f20edd20cfadd6e72c0

SHA512
55aab9fa6f7c4904e4beea4ce250f45fb71c2dd6a6f099f4017101ebc45c0a6e303b6a222f49c971992cafe8988a042b7ef8e94671be858c926105021514737a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-synch-l1-2-0.dll
Filesize
21KB

MD5
b962237df7ea045c325e7f97938097cb

SHA1
1115e0e13ecc177d057e3d1c9644ac4d108f780a

SHA256
a24dd6afdb4c4aa450ae4bc6a2861a49032170661b9c1f30cd0460c5dc57e0f7

SHA512
19ac4cccaaa59fbae042d03ba52d89f309bd2591b035f3ec3df430ff399d650fcf9c4d897834a520dea60dc0562a8a6f7d25a1fffcd32f765a4eaffe4c7d5ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize
21KB

MD5
e4893842d031b98cac1c6f754a2a3f8d

SHA1
2b0187134e40d27553a85dd4ec89dd6c40e58a24

SHA256
abe4c1464b325365d38e0bc4ae729a17a7f6f7ba482935c66e6840e1b0d126c5

SHA512
fc61a66fdc7213857f204bd0b20671db7092e0010e07b5e0e8e8408ace8ac5b6e696a7d9fc969233b2b3ad5dae4d3b291b007ff27a316e7fb750bfc93257c532

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-timezone-l1-1-0.dll
Filesize
21KB

MD5
b9a20c9223d3e3d3a0c359f001ce1046

SHA1
9710b9a8c393ba00c254cf693c7c37990c447cc8

SHA256
00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068

SHA512
a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-core-util-l1-1-0.dll
Filesize
21KB

MD5
f7fdc91ac711a9bb3391901957a25cea

SHA1
1cebc5497e15051249c951677b5b550a1770c24f

SHA256
de47c1f924dc12e41d3a123b7dcce0260e7758b90fb95ec95c270fc116fc7599

SHA512
0e03c998622d6bf113e8d3b4dab728974391efecf59df89f938bd22240488e71885c05fb0fa805948b3d9645758409a0966299b26625aa36e3fd6e519ee22769

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-conio-l1-1-0.dll
Filesize
21KB

MD5
9eb2c06decaae1a109a94886a26eec25

SHA1
307ce096bee44f54a6d37aab1ef123fb423ed028

SHA256
da8fd2fe08a531d2331c1fbee9f4ae9015b64f24a2654a7f82418c86b4ab6909

SHA512
7e701cb00a4cab8d5b3ecf55a16fef0103f9be1aa3fd7b53c7bab968708c21e8d1c763ad80a7a8d6c76dd45ddd244c9c9e8944455c2025b4195660b61ac1e8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-convert-l1-1-0.dll
Filesize
25KB

MD5
87e2934e49d7d111f383673f97d5029e

SHA1
267603d5510b775de3667f7d92bfaa3bd60e6533

SHA256
fb9dd774b25ab8e661c922caffb976c37a4d10a631ab65665da60016ef0c4d7c

SHA512
e6025ad419359ad3e06cc7a3b3b7436464dbbc71b91653833575264a5f8b0d781844a411bcd915d404b9a8c0a056eaf6d4d412723936845b53bfb5368bf5f7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-environment-l1-1-0.dll
Filesize
21KB

MD5
e41612752a7dfbbe756322cf48e106b9

SHA1
0ec106e926c9837a43e1d7ec8d1a5f03edd5ec3d

SHA256
4bb9d36e0e034652f2331ddb43ee061608f436cbc9e5771b4d27b28fa10f5248

SHA512
9bed9399e896d1cc58cc06e8d7ec6cc3345be6d15ca307c670e0f282c9ebe48a6cc1b145c2ecf94d84214cddff8f0d0d720ea984478c74c98e2499c2184638c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
21KB

MD5
102a8c01049ef18cc6e8798a9e5d57f4

SHA1
9adef547e03032d8c5525cc9c7d4512fbeb53948

SHA256
e13edab280e7b3410d7f4ce30a8e8cae64f38652d770fc3bf223206f0c57aaa5

SHA512
a9fbc726f33399f55f70967f3f1bf374589eaad9581d9e94228d39afa06cdce31ed25bdc04805aad361c7cafbeb56ca39f6693259d67457199d4423a61b32263

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-heap-l1-1-0.dll
Filesize
21KB

MD5
4b038cdc70357d2dec440717ac344a52

SHA1
f67ba87f6830858845a5763381a47893af061bf8

SHA256
6a24e9cfb0efd9e1b90053d4ebd87fc35144e61ae3f6555c7d400542d648e2b5

SHA512
9557f15fa3c06de89ea8be0c959b94575a1c4587151687730f9e66fed095feb882d43ea32262000f871e6d860ce0c6c341cf5509a6ce81866f6d0efacb8526fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-locale-l1-1-0.dll
Filesize
21KB

MD5
75f1a5f65790560d9544f3fb70efba51

SHA1
f30a5751901cfffc250be76e13a8b711ebc06bcc

SHA256
e0e02ea6c17da186e25e352b78c80b1b3511b5c1590e5ba647b14a7b384af0f8

SHA512
b7e285ca35f6a8ae2ccbe21594d72152175301a02ad6b92fe130e1e226a0faad1bfad1bd49857401549c09b50feee2c42c23ca4c19b2845cad090f5b9e8e8f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-math-l1-1-0.dll
Filesize
29KB

MD5
a592d1b2ecc42d1a083f0d34feae2444

SHA1
29718af390f832626fcdcc57c107333cdb5743e1

SHA256
18a827b01de7b1a3d5c8d17b79ad2462a90308124448a9b8c47eccda39c3a095

SHA512
44bed6d24f1fa35b10d2b2b1574e7baf10182e60fdcb6cba5dd9de5cd7a5183198925e4fa5a7e2896564a30f7b70de69691713118d59bf5162ce35aff5bcf7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-process-l1-1-0.dll
Filesize
21KB

MD5
e3914d51afd864a6c6587aa9192c491b

SHA1
bae85701809bc259a8744aafa45cd7159e6c13f8

SHA256
28257cc063431f78284335ce3002ffb71b75c1e7ccabf5417bb42392c35564b4

SHA512
43b1445a80d309ec73d52d6cf68f4533a132fb55ab672e5e2a878bb42c1cb36d6e4c504d43fa4923e692c8be600f3f9d5a5edde80602636cb726eedfca23dfb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
25KB

MD5
364bc49cc7034f8a9981ade1ce565229

SHA1
fbd76c1842d1ccf563ece2db32fff4c71e7ca689

SHA256
6254fd07ace88685112e3a7b73676aabf13a1b1bc30c55dd976b34fea12b7f1d

SHA512
65e59e3358eb1bf26823c9538c74d343e7383591c021d2b340ef68aa9a274d65b15b30bbbe55f4b32e3a08fc79d4e179a6ce92eadb8c4be09a2c35c348ce10af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
25KB

MD5
8341f0371e25b8077fe61c89a9ef8144

SHA1
fc185203e33abed12e1398440cb2ee283ca9541a

SHA256
bd9a5d4554ef1a374257e8dd9436d89f686006ed1fd1cc44364b237bf5b795ff

SHA512
9c7e4e8d8e9e620f441ab5106820ec021d2b2323f44ed8cc8ec9673745dbc531347356f1ff195d63b62b09cc5c27e8f8641ce25be12ee9b700b5fc766337228b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-string-l1-1-0.dll
Filesize
25KB

MD5
f9297b9ff06295bc07b7e5281b1face0

SHA1
d0eb0fddbb3eb187df0f0e5f9ddffcfc2e05f9b7

SHA256
c56a2ee0cc6dc1e7283b9bda8b7b2dba957329cb4bc9aca4cd99f88e108f9c04

SHA512
bec6222776015996eba744698d3254945dfe4bb4dc0d85528ee59a0f3b5fc5bb054bbf496d562cfc7b4cc81b4d3df5c53761931162a0091a49386233afba4f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-time-l1-1-0.dll
Filesize
21KB

MD5
816a8932759bdb478d4263cacbf972e3

SHA1
ac9f2bed41e340313501aa7d33dcd369748f0496

SHA256
ce9a8e18923d12e2f62ce2a20693113000fc361cc816773037c155c273b99e7c

SHA512
5144f01bee04455d5b9a7b07e62f4afb928605331213eb483265016640198c175dc08673903ed5bc16b385ee76657aa4303776233d04347d9d1daadce39525c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\api-ms-win-crt-utility-l1-1-0.dll
Filesize
21KB

MD5
57d3ee548db3a503ac391af798e0e2a2

SHA1
d686a96c5046d6d7a022c4266a5d0014745360a4

SHA256
2c80280e51c242466e10a36a0bf2a341607983b6f6648f93b0718b34ab5285c5

SHA512
f3ea9c8f2f230d23bc878e37044599b2c77f0bf6dd84b07c2f87a84263fb9ac7f44732f05e14781b6046afb2a39f27135c96d2da2ab9605bd00e55d9b0fffb0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\base_library.zip
Filesize
1.3MB

MD5
630153ac2b37b16b8c5b0dbb69a3b9d6

SHA1
f901cd701fe081489b45d18157b4a15c83943d9d

SHA256
ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2

SHA512
7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\libcrypto-3.dll
Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\python3.DLL
Filesize
66KB

MD5
6271a2fe61978ca93e60588b6b63deb2

SHA1
be26455750789083865fe91e2b7a1ba1b457efb8

SHA256
a59487ea2c8723277f4579067248836b216a801c2152efb19afee4ac9785d6fb

SHA512
8c32bcb500a94ff47f5ef476ae65d3b677938ebee26e80350f28604aaee20b044a5d55442e94a11ccd9962f34d22610b932ac9d328197cf4d2ffbc7df640efba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\python312.dll
Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2042\unicodedata.pyd
Filesize
1.1MB

MD5
04f35d7eec1f6b72bab9daf330fd0d6b

SHA1
ecf0c25ba7adf7624109e2720f2b5930cd2dba65

SHA256
be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab

SHA512
3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI2042\_bz2.pyd
Filesize
82KB

MD5
59d60a559c23202beb622021af29e8a9

SHA1
a405f23916833f1b882f37bdbba2dd799f93ea32

SHA256
706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e

SHA512
2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI2042\libffi-8.dll
Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI2042\select.pyd
Filesize
29KB

MD5
8a273f518973801f3c63d92ad726ec03

SHA1
069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f

SHA256
af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca

SHA512
7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads