Overview
overview
7Static
static
3main.exe
windows10-2004-x64
7main.exe
windows10-1703-x64
7main.exe
windows7-x64
7main.exe
windows10-2004-x64
7main.exe
windows11-21h2-x64
7main.pyc
windows10-2004-x64
3main.pyc
windows10-1703-x64
3main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3main.pyc
windows11-21h2-x64
3Analysis
-
max time kernel
451s -
max time network
455s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-07-2024 12:23
Behavioral task
behavioral1
Sample
main.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
main.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
main.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
main.exe
Resource
win11-20240611-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
main.pyc
Resource
win10-20240611-en
Behavioral task
behavioral8
Sample
main.pyc
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
main.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
main.pyc
Resource
win11-20240508-en
General
-
Target
main.exe
-
Size
7.5MB
-
MD5
44ca3734f698f89a77ec214293186385
-
SHA1
2bcdd5095d5c532fbab531812a4a0e0b7db1fa39
-
SHA256
f58677cc97b08626147265dfbe91b1a2087d8dba352c63e01c4dec6728b7a751
-
SHA512
e25686aa1e144457fb374caf8b363f90e3861b87a5682d55d8c71488024e7a2ac3b34df507d1f64afeaa3a4f9dd51f8392d5e1dd560cb693b99f51a3e52d56fc
-
SSDEEP
196608:0XivJ0VzHkhDE1VUCqR95dLU6TWHyd0dWx4Ebs7BZs:wivJ0xEh2U6ZW1x4us7BZs
Malware Config
Signatures
-
Loads dropped DLL 16 IoCs
Processes:
main.exepid process 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe 5036 main.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
main.exedescription pid process target process PID 1980 wrote to memory of 5036 1980 main.exe main.exe PID 1980 wrote to memory of 5036 1980 main.exe main.exe PID 1980 wrote to memory of 5036 1980 main.exe main.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\VCRUNTIME140.dllFilesize
84KB
MD5ae96651cfbd18991d186a029cbecb30c
SHA118df8af1022b5cb188e3ee98ac5b4da24ac9c526
SHA2561b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1
SHA51242a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_bz2.pydFilesize
72KB
MD5852cac1ac7232c5788cba284c3122347
SHA1377720ee26532775b302f28f27e5d7a26e8429fe
SHA25694d02cbcfac3141ca0107253050d7b9d809fea04b42964142bed3f090783a26a
SHA512352cee5b66556d2ea87873cbce7b04b22d65288f3df24e9c162dff465ec7d31f3d5e283edcce7bead4f3892ade009c629860d21e59bb2b6c7896371684bc9b05
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_hashlib.pydFilesize
36KB
MD59aa769efac1446db1d2e4e1c39500a20
SHA18b99c60f749fa83bb2ab79fde561a119c0da8d3e
SHA256de7c71c90c7f58dcdc3da159d08dda7dc297e39c5f309849290238baed7e230f
SHA512cef3c7f56675c85669d05b72a9dc5abc3f5dc3b82c5c648c6965a25fa6e013ddccbff5adb57423b2bbee17b09ffcc79d29911d3dec73011786fcd65d13a9a237
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_lzma.pydFilesize
181KB
MD552e990da9f33d0ef2b83a0b52d42dcd6
SHA1bc498f0cc9056cb0061d96559c2e3b4f7af95e61
SHA25617fd3a2750e61fb164f3a9e8e021a0a3b5de107a3cc4c798e127618034e09d6f
SHA512ecf1462e6ca6422a0d405227aff615ca8876390cbced54c3b46d5c94b0e55f63bf0f99b9bc2c684d90e064fbf52a62f27f96b2502d2c2ba1511c03a280d3f34f
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_queue.pydFilesize
24KB
MD5bcf5440a884ef33df02ce124557d0c2c
SHA1dc2e7e3c1d6f730b1b5e3f9487ceef755a033282
SHA2562f2f30a6b697b7ba7c09db16ec04517c85cdfab13f142b9c810fdf9983522129
SHA512fc2d9b6c6b3c619cc13b24021dff37f94c057ded40630938c2b3777d9e48d212541c58b6f070af65bb1d0185077b360143fb4a86e225c6ab052a1841f8d0f204
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_socket.pydFilesize
67KB
MD5f7d2fe8cddeded1210b06af09b0fad3c
SHA11c54bb73326dc04a34e81c10efab52e5a9a485de
SHA256c56088832a09820abfd45135ac3874117d0cfe669e982314fdc3fe73ca195dee
SHA512a8e1391add36b29968be7dc8500bf1c7cefa301e2a45c88cda2158e9104635fbb00320b25b142c1177abd3ba7a6d2f27d7d257d07236067b5c0b0be4a3f62c6e
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\_ssl.pydFilesize
108KB
MD5300ae7faf9fc68d863ead0ee8c58ea86
SHA187a041c918e7a3b85fda55ada5a75104d54b7c77
SHA256080e6a6a26d2054624ae2ab23006c9f2451f614b1948d64232003c3d03fb23e6
SHA512c400716c23d3a4f303d506156335e1a49749402bb1b269137577d1112d996492ca652cebbe3e6b1de195ad797db176d1f71b9d19b3ffdd6ad520622b8d650ead
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\base_library.zipFilesize
1003KB
MD5a9b95eb062d517904cbddcac94f8ba1d
SHA18f4b52e4c036a91267a5cadeb293d9f7672596ee
SHA2565e4edc2b2c4be889d13952de265f901ee4cad98b1317d182e6229aa182ca4ef0
SHA512843881813d7861ca31cdabba77cf91283cb761669ba9f49e7958c60e3d7d2a39160394873cecf8e30df32f39b028f0502f5e99b65750b006860fd16d5829f096
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\charset_normalizer\md.cp38-win32.pydFilesize
8KB
MD50b4a4ae8bdeab2a96dd165b714c738f3
SHA10dbabc998f059a88c68190a34c70c4fdca5ed8ab
SHA2561631e0c6e629657fb5add23b398bedefa79416502a333dfea435ed03b6525135
SHA5122655bd7b15783613208d02fb173401e39beebeed18b2167096885ac83d63e94315c6f593ed895b3172238951156f83139a72bdbba528239856901ec5c80d6a78
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\charset_normalizer\md__mypyc.cp38-win32.pydFilesize
95KB
MD5b92d98917bd4c112029a9283643f7a88
SHA12c330f7c5c1592614623c24589244ce292f7aaef
SHA2565cd2f9d39c773b1ebf7aab6d81a377ae172ef17d0e47b22177333a7c02888ee7
SHA51267a21f59a21f40141a6d6dacfdaae5dbf232535628e724d01b4692b6d668609e77126dba1372f9b2635a4cdb2d0a9c6c1e714ee7d152ecae187352f9d2241205
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\libcrypto-1_1.dllFilesize
2.1MB
MD567c1ea1b655dbb8989a55e146761c202
SHA1aecc6573b0e28f59ea8fdd01191621dda6f228ed
SHA256541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a
SHA5121c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\libssl-1_1.dllFilesize
524KB
MD59417e0d677e0f8b08398fcd57dccbafd
SHA1569e82788ff8206e3a43c8653d6421d456ff2a68
SHA256db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f
SHA512b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\pyarmor_runtime_000000\pyarmor_runtime.pydFilesize
619KB
MD5611ffd18ca5d217d05832c5e353bb51f
SHA16f7557c22d8b039140ab7f4a9169e66a0fd21deb
SHA256058dce96e2112ef00c3a5ca5c7defb96301496f939f12b0e4a8c09837a5795a7
SHA5126106496b0dd3bdde5d5a6c7e7649b72e7191017febb1d3f19378a32649454bebcdf2897f810947afb3102b66edf91aabd2539f4e8c70fd81e7fe1648fcbdda2c
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\python38.dllFilesize
3.7MB
MD55eb4227ca3526a3c287a3fecc9a91b92
SHA135e1cb934a88d1fea2a595b1b48033804d9beeb0
SHA256c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31
SHA512515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\select.pydFilesize
23KB
MD592e930e2c79c7eb898a9843c118cd20f
SHA1027faf19a7fff169d4e1dd4ff6cb8ef33713b9d4
SHA256a32041001a74d80482a6f7fa252bb9ba916435b09cd60d3700f6af049b819500
SHA512a1edb95bdcd847940c9640e346b4fa757acc90b96e6d7676a0a68d408dce612be61ca2e16a7bff6aceb3571ca831f609100e8531f94a7a2ea085fb8d7b62f23d
-
C:\Users\Admin\AppData\Local\Temp\_MEI19802\unicodedata.pydFilesize
1.0MB
MD595985535fb076ace3b57f55d0131b741
SHA13e6e2e898436d75c05a4b8aa2e952271a64ff877
SHA2561766a0a24b3ddd0bfa45f2c631325b05d2b3102a61c3ed73a8f6485d18f6fe94
SHA512c10e196a654db57de8194baf181e23644945074cb7e86fba4d0675545b0f139b46e4af0ab0e96064fd5ed0c649e574eb5e8b2c16fe592a4ea41b68570abd07e6