64409f66017e67a936b421e426cc7aa8c3215b35cbdfd4a3aeddbf33523ac8fd

Analysis

max time kernel
1s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Copy.exe
Size

10.9MB
MD5

b36a157b8b5247cba2ce20b27546199e
SHA1

e192e5f84273033523eb838236c568f41e34ca23
SHA256

64409f66017e67a936b421e426cc7aa8c3215b35cbdfd4a3aeddbf33523ac8fd
SHA512

117b29e033b8186b137e1b5a33b009b3377269d5f7c42485e1144801be5d277c3d5b4486e4f5ed64bc25d991c649c47754a569db89a5f563f035317a336e014b
SSDEEP

196608:RvZxPYwRHd2H5NDil9LgQY6CsXDjDyf6H2WliXYrHW1Lo7o8JB0QvNGvcWA:BPJ9QDD8CEDxH2ciIrHWRokANGE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

Processes:

Copy.exe

pid	process
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe
3444	Copy.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Copy.exe

description pid process target process

PID 652 wrote to memory of 3444 652 Copy.exe Copy.exe
PID 652 wrote to memory of 3444 652 Copy.exe Copy.exe

description	pid	process	target process
PID 652 wrote to memory of 3444	652	Copy.exe	Copy.exe
PID 652 wrote to memory of 3444	652	Copy.exe	Copy.exe

C:\Users\Admin\AppData\Local\Temp\Copy.exe
"C:\Users\Admin\AppData\Local\Temp\Copy.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:652

C:\Users\Admin\AppData\Local\Temp\Copy.exe
"C:\Users\Admin\AppData\Local\Temp\Copy.exe"
2⤵
- Loads dropped DLL
PID:3444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Copy Server Tool - By HzzH
3⤵
PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI6522\MSVCP140.dll
Filesize
552KB

MD5
379b69ad05b433d18557586513cc0de2

SHA1
83295f6a7c4b3fd463e51ee3bc8839f101177d28

SHA256
43a9666c2f405258f165b53082860ac7838039a75fd2e85286085ede0da0273b

SHA512
5e0fd4b524e20561c61d307033ddff36d7a2f4575394b3153725ff4d809fdd910af61978257944aaee60e4751e46c9138c219c857e4ffc807be4df49b255cb2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\VCRUNTIME140.dll
Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\VCRUNTIME140_1.dll
Filesize
36KB

MD5
6e337d443990274b1e0ed308a1b28622

SHA1
0da718746f6981aae57d7043d87de8eb4c11859c

SHA256
6c1e531c25ab2934a4ea9970598bc751d924d7cc5650df3e1282b61d6cd24f42

SHA512
dcdadb2b763c9d82f26dfe745a6a6477f15bfa512dd34972ded1fb8572df85eae359fc012b2415258470780a5ccdee1eb75ff4153d7784ca9be228b0ed4da292

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_asyncio.pyd
Filesize
63KB

MD5
c89b5ec34a76d00543d55748a7275cb1

SHA1
341a61e181fc7957d326080354135e20d3d16fab

SHA256
3e521e119cfad53c8fcf67bbf26de2ecffe24cb13079f36a22339f0f8ad297a6

SHA512
b21514674bdb7ca392e35bfe1ecb3dbbe16bd8daf38fbeafb6182253551f3cdd37833df523ab6181555a6547f764224626fcb6403429decca1ed58dade2b01ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_brotli.cp39-win_amd64.pyd
Filesize
861KB

MD5
2c7528407abfd7c6ef08f7bcf2e88e21

SHA1
ee855c0cde407f9a26a9720419bf91d7f1f283a7

SHA256
093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

SHA512
93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_bz2.pyd
Filesize
84KB

MD5
a991152fd5b8f2a0eb6c34582adf7111

SHA1
3589342abea22438e28aa0a0a86e2e96e08421a1

SHA256
7301fc2447e7e6d599472d2c52116fbe318a9ff9259b8a85981c419bfd20e3ef

SHA512
f039ac9473201d27882c0c11e5628a10bdbe5b4c9b78ead246fd53f09d25e74c984e9891fccbc27c63edc8846d5e70f765ca7b77847a45416675d2e7c04964fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_ctypes.pyd
Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_hashlib.pyd
Filesize
64KB

MD5
88e2bf0a590791891fb5125ffcf5a318

SHA1
39f96abbabf3fdd46844ba5190d2043fb8388696

SHA256
e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

SHA512
7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_lzma.pyd
Filesize
159KB

MD5
cdd13b537dad6a910cb9cbb932770dc9

SHA1
b37706590d5b6f18c042119d616df6ff8ce3ad46

SHA256
638cd8c336f90629a6260e67827833143939497d542838846f4fc94b2475bb3e

SHA512
c375fb6914cda3ae7829d016d3084f3b5b9f78f200a62f076ec1646576f87694eec7fa6f1c99cbe30824f2fe6e2d61ecdeb50061383b12143cd2678004703199

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_overlapped.pyd
Filesize
45KB

MD5
071461aa318f97345f1f59a28cd4c110

SHA1
f4630cf01f27cd20d27a41a48708d27f03a61e37

SHA256
cd475a094ddbdc315c2a2072002b442d2e9fbd7aa0db3a037653acba74899ecd

SHA512
7cfbc92cb726c7f4b34e315303d9d983360d470ba1793529792122bdf2cc133c75e1c960a1b8602407743b3dfd7639153c226bc80f08afb5bd467f98194e722a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_socket.pyd
Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_ssl.pyd
Filesize
151KB

MD5
cf7886b3ac590d2ea1a6efe4ee47dc20

SHA1
8157a0c614360162588f698a2b0a4efe321ea427

SHA256
3d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c

SHA512
b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\_uuid.pyd
Filesize
23KB

MD5
054e24e81058045be333f2437e38f75a

SHA1
e4d958f57cb5269158975c0c94c4d70107748d0e

SHA256
36e15e9c7953c5fef0e83dafa86bf0d9fac2032d07c66e4a339deae8b1dca049

SHA512
09b55b016b291dbcb4bf6a36f3438e538b29f57306eb2048e994c3ec7bad8a44e06ff653d4cd6b9a637bb3e4d4eb5fdff8aabe1d45b74ef8bf089d643ea32278

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\aiohttp\_frozenlist.cp39-win_amd64.pyd
Filesize
63KB

MD5
f2454e08f168a9af3b6aabf41c5488e3

SHA1
3ba72153103db0292c555eba4f43f37bddd43a51

SHA256
6a563a4ddc233ed5f01f8635d590366b5a078ac73a28a82d837f24bec23dd14f

SHA512
3b2008e5ff3009664d7eeafffc3c8bfe420e337177a3f6926314773d65b6622a09b192e893ec50f0b366f356c9b4768358e352cba96127f85f529ce255eb8c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\aiohttp\_helpers.cp39-win_amd64.pyd
Filesize
47KB

MD5
6815a1c38a30d6ae70027184c09adccf

SHA1
ce5afe856c4445d173c0d524f139d1aed3cc4e65

SHA256
399dfeee9a2f8c6a132c2d4d28931f4c6c0f1d1394de54b182a6457d9143a418

SHA512
efd4fa17a9611ca4337cc667b164e83745bbc4043c226e684957146c9bc2ba37c892940845ec2ff0142d3fe604654a12bf05022782d0c0c3194e4d109b5ebf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\aiohttp\_http_parser.cp39-win_amd64.pyd
Filesize
230KB

MD5
67946fe0102b3555988a8edd321946c0

SHA1
a93b16df8e9ccbfe2892e4676f58a695cde9604a

SHA256
636a925eb31c3a7de39cb9495613b13570606a0672d3e699cb6983287e0c01e3

SHA512
786a4e6c49f77bf6cffce5c98cbc66d518075309dacc4c3df286d3c3bc21f7c0cf7986bf85e374827ec7951c13acdd031e76c336bd1fb4fd265aa03a8a28dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\aiohttp\_http_writer.cp39-win_amd64.pyd
Filesize
41KB

MD5
1a518361de37d98224ff98bf47618ecf

SHA1
f81def8f71d203aaf68774f6e1158ccceb5806bc

SHA256
84e8b37d6fd0162610deb3c1d4887f70e6447850321eea846f860efc2862704b

SHA512
7ffef935ba56e2bbad0c569e63f5d33d83dfc72e10252ee259c6fff9859c4e302405a8c017012a9efa6da40ecc1de1ad3248a89404d8532b78b177a6d2ce305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\aiohttp\_websocket.cp39-win_amd64.pyd
Filesize
27KB

MD5
5fdb53cff23dc82384c70db00ada94c0

SHA1
c52391eadeafe9933682c7dbee182200b0640688

SHA256
d1c463b5c7a878ef5358a63bb0ea9e87311fe1f416f762bd18b4888c170c647f

SHA512
2d81e2eed6b4f37c4178141a24cf4475d27378a5bad3b6f8af022b185050ee9832de5db31271e5ca6e5e397f2e8a2a36edf9ca7eb6e0a9b918e3e8618c22e60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\base_library.zip
Filesize
1012KB

MD5
0638a4e483ab51544c01fb9162a1c31b

SHA1
027f78428c34b8a3cca86044ff400fc014c2d812

SHA256
3553ccfaa4c194fae5f95d78b9bfb9b473cdbf1dff89401632266a9a44526571

SHA512
4aa2cd9db5ae176e4f7d3fc3f85d28d037cd146bf3099560fd2b8bf224aeafa1387dd9b644e869a4d6455abb6729715782ed3043b7e0f3200b4dd779d8fd5b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\libcrypto-1_1.dll
Filesize
2.6MB

MD5
6c11d8a692062674a4d2fd9fa55be0af

SHA1
04464f7a8e1a2a84e81281c4617ca4e7eeadb7e1

SHA256
8739cffe8d688f4302c359f0b9b277f1e0008658801999fe8ee2a3b660cf543b

SHA512
ae7580f94522aea75e3136c9ba01993a7174252269225a99a084d3f63e93a3ed11f2fed1a1e095dfacb4b64e75e0d38a156b476f48b5167760bce656e5bf33d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\libcrypto-1_1.dll
Filesize
2.1MB

MD5
e83a4cb5581e0a15bf3b9fab711da552

SHA1
738f54a7fbf5072dfb3f5adc690d393bd1be17bc

SHA256
8843fe427dbae993c5da4748e80d11999bb4404713910f90f49a54ba0dc810f0

SHA512
47d48e99933962e848b36606249a0b11bad2ca739349a36d81aec02b8724a580296611f801de8cc0c24e76ca6948cb5c4f2d59021936ea7fdd8c712e066e0096

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\libcrypto-1_1.dll
Filesize
2.2MB

MD5
78a35f61acb4e68946d5154086fe9055

SHA1
73221a327bad627acf66cb8f5c3671d463c17d5e

SHA256
4dd9d75596c9a12237a79e4c41533710823f61bb45e25fa058f9532f5e143557

SHA512
b59298e153f4f0cb0876a697a1948daecd6231a947d76d8e69626cbbadf1817ce7ff07fe54235579afe5f2b039317accc5c054417c8b952e5f446fba60e809e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\libssl-1_1.dll
Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\multidict\_multidict.cp39-win_amd64.pyd
Filesize
45KB

MD5
f10a1cc544634e3da0fd5f6e6c6335fa

SHA1
7ddf7edd135100ba4e9d3c0307439aa7f41cdefe

SHA256
250110e9243b42674728539bb42dcada72294a32db559a06e721d7e0aa266ed0

SHA512
fa1f80bd55d60a33661c46d6218ece42106052ed3a02651709215df300f59d4720c68e9b99c230ab26eb897ffee6e41ceb4d3b26785b8b69dcdbd6c198d00626

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\python3.dll
Filesize
58KB

MD5
ea3cd6ac4992ce465ee33dd168a9aad1

SHA1
158d9f8935c2bd20c90175164e6ca861a1dfeedb

SHA256
201f32a2492b18956969dc0417e2ef0ff14fdbf57fb07d77864ed36286170710

SHA512
ebae7c4d134a2db79938c219fa0156b32ec2b9a57a92877e9283ce19d36b40bf7048ca4d9743e1a1d811f6cb1c7339a6dd53c48df81838e5c962be39bf6d5d3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\python39.dll
Filesize
2.1MB

MD5
f63ddae601d48a546c10745a29fb5dd6

SHA1
008d18791c634c4ffecace82250b152e29710bb7

SHA256
14cb968a92b668725062393dfa1c1601776fc03eae53e920b03f9ff049053239

SHA512
d87d97f46e726d24c2f8d3fe315c039986d4bdff1fa0257362dc4a5250f4766ceb363f1436767c3fb30a9e95051bd8db439e33696a51004794b13d8b752613e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\python39.dll
Filesize
2.2MB

MD5
a1c18aaebe9de4f94c3965b5b88a3980

SHA1
9afde3c0bf2b0df1b6993f2e0321f79143aedd8c

SHA256
7bded9a7a25ad4da16233334be5d6fc72d9427747d66e9830861259a14983fa0

SHA512
f5511e9c5c51baff8ab2d42fd2dff6532147bdfbb19ca792492e3e53a8c3afb0d20732ca825836657a3820cf908156e980dd36de221fb75c10070db97c10d1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\select.pyd
Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\unicodedata.pyd
Filesize
1.1MB

MD5
cd12c15c6eef60d9ea058cd4092e5d1b

SHA1
57a7c0b0468f0be8e824561b45f86e0aa0db28dd

SHA256
e3ab6e5749a64e04ee8547f71748303ba159dd68dfc402cb69356f35e645badd

SHA512
514e76174f977cc73300bc40ff170007a444e743a39947d5e2f76e60b2a149c16d57b42b6a82a7fea8dd4e9addb3e876d8ab50ea1898ee896c1907667277cf00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6522\yarl\_quoting_c.cp39-win_amd64.pyd
Filesize
67KB

MD5
abcd1c174d0fa9cba2cc2f69c9e77933

SHA1
dcc04873a19a004202bbd816827cc4523a5e4e13

SHA256
4de9062d59bad4bda9b68bb12c7bbc1ed9b71d395352f2ce711003d31ab2f4e9

SHA512
a613d8ef6033b017fe6406f69f78f54ee20093dc0b799367bf670aa52dd617e4701d417f86af973c00cccb53203b6e98ef0f2827e9beb1c6c419e56efbdf74f2

Download Submit