f58677cc97b08626147265dfbe91b1a2087d8dba352c63e01c4dec6728b7a751

Analysis

max time kernel
451s
max time network
452s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

7.5MB
MD5

44ca3734f698f89a77ec214293186385
SHA1

2bcdd5095d5c532fbab531812a4a0e0b7db1fa39
SHA256

f58677cc97b08626147265dfbe91b1a2087d8dba352c63e01c4dec6728b7a751
SHA512

e25686aa1e144457fb374caf8b363f90e3861b87a5682d55d8c71488024e7a2ac3b34df507d1f64afeaa3a4f9dd51f8392d5e1dd560cb693b99f51a3e52d56fc
SSDEEP

196608:0XivJ0VzHkhDE1VUCqR95dLU6TWHyd0dWx4Ebs7BZs:wivJ0xEh2U6ZW1x4us7BZs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

Processes:

main.exe

pid	process
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe
1312	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description pid process target process

PID 2104 wrote to memory of 1312 2104 main.exe main.exe
PID 2104 wrote to memory of 1312 2104 main.exe main.exe
PID 2104 wrote to memory of 1312 2104 main.exe main.exe

description	pid	process	target process
PID 2104 wrote to memory of 1312	2104	main.exe	main.exe
PID 2104 wrote to memory of 1312	2104	main.exe	main.exe
PID 2104 wrote to memory of 1312	2104	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
2⤵
- Loads dropped DLL
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21042\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_bz2.pyd
Filesize
72KB

MD5
852cac1ac7232c5788cba284c3122347

SHA1
377720ee26532775b302f28f27e5d7a26e8429fe

SHA256
94d02cbcfac3141ca0107253050d7b9d809fea04b42964142bed3f090783a26a

SHA512
352cee5b66556d2ea87873cbce7b04b22d65288f3df24e9c162dff465ec7d31f3d5e283edcce7bead4f3892ade009c629860d21e59bb2b6c7896371684bc9b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_hashlib.pyd
Filesize
36KB

MD5
9aa769efac1446db1d2e4e1c39500a20

SHA1
8b99c60f749fa83bb2ab79fde561a119c0da8d3e

SHA256
de7c71c90c7f58dcdc3da159d08dda7dc297e39c5f309849290238baed7e230f

SHA512
cef3c7f56675c85669d05b72a9dc5abc3f5dc3b82c5c648c6965a25fa6e013ddccbff5adb57423b2bbee17b09ffcc79d29911d3dec73011786fcd65d13a9a237

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_lzma.pyd
Filesize
181KB

MD5
52e990da9f33d0ef2b83a0b52d42dcd6

SHA1
bc498f0cc9056cb0061d96559c2e3b4f7af95e61

SHA256
17fd3a2750e61fb164f3a9e8e021a0a3b5de107a3cc4c798e127618034e09d6f

SHA512
ecf1462e6ca6422a0d405227aff615ca8876390cbced54c3b46d5c94b0e55f63bf0f99b9bc2c684d90e064fbf52a62f27f96b2502d2c2ba1511c03a280d3f34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_queue.pyd
Filesize
24KB

MD5
bcf5440a884ef33df02ce124557d0c2c

SHA1
dc2e7e3c1d6f730b1b5e3f9487ceef755a033282

SHA256
2f2f30a6b697b7ba7c09db16ec04517c85cdfab13f142b9c810fdf9983522129

SHA512
fc2d9b6c6b3c619cc13b24021dff37f94c057ded40630938c2b3777d9e48d212541c58b6f070af65bb1d0185077b360143fb4a86e225c6ab052a1841f8d0f204

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_socket.pyd
Filesize
67KB

MD5
f7d2fe8cddeded1210b06af09b0fad3c

SHA1
1c54bb73326dc04a34e81c10efab52e5a9a485de

SHA256
c56088832a09820abfd45135ac3874117d0cfe669e982314fdc3fe73ca195dee

SHA512
a8e1391add36b29968be7dc8500bf1c7cefa301e2a45c88cda2158e9104635fbb00320b25b142c1177abd3ba7a6d2f27d7d257d07236067b5c0b0be4a3f62c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\_ssl.pyd
Filesize
108KB

MD5
300ae7faf9fc68d863ead0ee8c58ea86

SHA1
87a041c918e7a3b85fda55ada5a75104d54b7c77

SHA256
080e6a6a26d2054624ae2ab23006c9f2451f614b1948d64232003c3d03fb23e6

SHA512
c400716c23d3a4f303d506156335e1a49749402bb1b269137577d1112d996492ca652cebbe3e6b1de195ad797db176d1f71b9d19b3ffdd6ad520622b8d650ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\base_library.zip
Filesize
1003KB

MD5
a9b95eb062d517904cbddcac94f8ba1d

SHA1
8f4b52e4c036a91267a5cadeb293d9f7672596ee

SHA256
5e4edc2b2c4be889d13952de265f901ee4cad98b1317d182e6229aa182ca4ef0

SHA512
843881813d7861ca31cdabba77cf91283cb761669ba9f49e7958c60e3d7d2a39160394873cecf8e30df32f39b028f0502f5e99b65750b006860fd16d5829f096

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\charset_normalizer\md.cp38-win32.pyd
Filesize
8KB

MD5
0b4a4ae8bdeab2a96dd165b714c738f3

SHA1
0dbabc998f059a88c68190a34c70c4fdca5ed8ab

SHA256
1631e0c6e629657fb5add23b398bedefa79416502a333dfea435ed03b6525135

SHA512
2655bd7b15783613208d02fb173401e39beebeed18b2167096885ac83d63e94315c6f593ed895b3172238951156f83139a72bdbba528239856901ec5c80d6a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\charset_normalizer\md__mypyc.cp38-win32.pyd
Filesize
95KB

MD5
b92d98917bd4c112029a9283643f7a88

SHA1
2c330f7c5c1592614623c24589244ce292f7aaef

SHA256
5cd2f9d39c773b1ebf7aab6d81a377ae172ef17d0e47b22177333a7c02888ee7

SHA512
67a21f59a21f40141a6d6dacfdaae5dbf232535628e724d01b4692b6d668609e77126dba1372f9b2635a4cdb2d0a9c6c1e714ee7d152ecae187352f9d2241205

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\libcrypto-1_1.dll
Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\libssl-1_1.dll
Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\pyarmor_runtime_000000\pyarmor_runtime.pyd
Filesize
619KB

MD5
611ffd18ca5d217d05832c5e353bb51f

SHA1
6f7557c22d8b039140ab7f4a9169e66a0fd21deb

SHA256
058dce96e2112ef00c3a5ca5c7defb96301496f939f12b0e4a8c09837a5795a7

SHA512
6106496b0dd3bdde5d5a6c7e7649b72e7191017febb1d3f19378a32649454bebcdf2897f810947afb3102b66edf91aabd2539f4e8c70fd81e7fe1648fcbdda2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\python38.dll
Filesize
3.7MB

MD5
5eb4227ca3526a3c287a3fecc9a91b92

SHA1
35e1cb934a88d1fea2a595b1b48033804d9beeb0

SHA256
c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31

SHA512
515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\select.pyd
Filesize
23KB

MD5
92e930e2c79c7eb898a9843c118cd20f

SHA1
027faf19a7fff169d4e1dd4ff6cb8ef33713b9d4

SHA256
a32041001a74d80482a6f7fa252bb9ba916435b09cd60d3700f6af049b819500

SHA512
a1edb95bdcd847940c9640e346b4fa757acc90b96e6d7676a0a68d408dce612be61ca2e16a7bff6aceb3571ca831f609100e8531f94a7a2ea085fb8d7b62f23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21042\unicodedata.pyd
Filesize
1.0MB

MD5
95985535fb076ace3b57f55d0131b741

SHA1
3e6e2e898436d75c05a4b8aa2e952271a64ff877

SHA256
1766a0a24b3ddd0bfa45f2c631325b05d2b3102a61c3ed73a8f6485d18f6fe94

SHA512
c10e196a654db57de8194baf181e23644945074cb7e86fba4d0675545b0f139b46e4af0ab0e96064fd5ed0c649e574eb5e8b2c16fe592a4ea41b68570abd07e6

Download Submit