0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
Size

3.3MB
MD5

fdc75f4619b36653dbc55d7d55a354e8
SHA1

fb469d39582c5d8c8f494eba966bba944562d758
SHA256

0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470
SHA512

00e4aac71b81e9cff360db8ac0cfe4e46c89521f031a47b8994522de88f7402ca80b4e8b0d568bf5847fb63296a07cae62f60351f011f86d02a432a4d20ce279
SSDEEP

98304:XgXdQUXgM4mC8Z3VDBNmT7fpPW5DiQCxPcIV29dP8zVpqrCl43o:u54mC4NmTkeQCWm8dA4uP

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 9 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17362\python38.dll	UPX
behavioral1/memory/2080-14-0x0000000074F20000-0x000000007533E000-memory.dmp	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_socket.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_lzma.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_hashlib.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_bz2.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\unicodedata.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\select.pyd	UPX
C:\Users\Admin\AppData\Local\Temp\_MEI17362\libcrypto-1_1.dll	UPX

ACProtect 1.3x - 1.4x DLL software 8 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17362\python38.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_socket.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_lzma.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_hashlib.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_bz2.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\unicodedata.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\select.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI17362\libcrypto-1_1.dll	acprotect

Loads dropped DLL 2 IoCs

Processes:

0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe

pid process

2080 0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
2080 0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe

pid	process
2080	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
2080	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17362\python38.dll	upx
behavioral1/memory/2080-14-0x0000000074F20000-0x000000007533E000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_lzma.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_hashlib.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17362\libcrypto-1_1.dll	upx

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe

description	pid	process	target process
PID 1736 wrote to memory of 2080	1736	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
PID 1736 wrote to memory of 2080	1736	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
PID 1736 wrote to memory of 2080	1736	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
PID 1736 wrote to memory of 2080	1736	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe	0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe

C:\Users\Admin\AppData\Local\Temp\0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
"C:\Users\Admin\AppData\Local\Temp\0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736

C:\Users\Admin\AppData\Local\Temp\0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe
"C:\Users\Admin\AppData\Local\Temp\0b74795cd5d2ed0c27875bae71f43c6ff2cec4e4507a7bb5f64bf14e929ea470.exe"
2⤵
- Loads dropped DLL
PID:2080

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17362\VCRUNTIME140.dll
Filesize
81KB

MD5
55c8e69dab59e56951d31350d7a94011

SHA1
b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

SHA256
9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

SHA512
efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_bz2.pyd
Filesize
42KB

MD5
e685043a0404364d06d6923af8d01963

SHA1
51667700c29c61c2f12e152b2a02874e0638db9c

SHA256
41746d1bccf66a197aa602dd4ce4869e89ca6a5add3bdb76ce6aa4fd77325ca3

SHA512
648515558c578fafb6b948a4a3ef3e263c8ce3213049cceddc780d98cdb81f1b6c99228a1be5f0ffdb0c819038c47c4e508019646e8cc3e98fe0e0130c1d7032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_hashlib.pyd
Filesize
23KB

MD5
53a12823e0c746bf824b6830547925a6

SHA1
52bda2e6592b0f464193956ed2d3e90754dfa53d

SHA256
8ef09fbbc2f82cb60126265249c027d43bfee4d0f06075b3dddede76d6e4d017

SHA512
db415db7fb160811fc91eb03baf15de7d1b68c59724d338120387dcd30db36c77904e76be650ddff6198acedb66f77c57a9d695bc6e942fbf662da402a1c22ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_lzma.pyd
Filesize
79KB

MD5
a3112321077da23a4b739653e8f94fc0

SHA1
34e747de8ab4deadf082b1a62e3cafb0cf2907b4

SHA256
6bc115ea81ba1572e5abdbba5b6dd263832be55671ddde0ad367c01c617ec472

SHA512
966aeb7c1169b94125090dd177034c4f0e76495da14e75aed2fea6393f57f96a6ca6a0fe716d28ba8758635d5062c753e840a5b67ab12986bd4969d90a15fa78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\_socket.pyd
Filesize
34KB

MD5
247fe093da9863294a5ee3ea00ba5a87

SHA1
d4b6bf33a0c25f1a336a4c932b771a46253017d9

SHA256
be6a94339d8bbbb9f2b5e28c6b7e73e3d280d471dfced20961c13ac3f5236468

SHA512
d5481f65cc4ad1f61c28075bdcc614296313e9cf427ff03cba48602123be6d30accd21f61bf4377731b1b1ddb8e49c8a558d3ebb8deb8c0452772de911aff0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\base_library.zip
Filesize
823KB

MD5
96dc39f32bc69a0fe36c5638c25bc963

SHA1
b9939a283ee3ec04166aa33fb3bb17401ce59f0d

SHA256
32aafb6e17b4306ea41281ed6232393d333aad6a011e069f256027e08e4cc175

SHA512
5d5e688acf7986680811e02b0ee5bf0774cef1f706409b9f691d0e3848cbdda528c0e7e06e4e844b6db0cdf203d8aff26f096d3b1548fe7e3ac878498bbc48b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\libcrypto-1_1.dll
Filesize
735KB

MD5
a0f216b8554969d7d8aef914298a2dd1

SHA1
44f80772cd759d766a266794f1958ed267f79e1a

SHA256
dd70ead97582021c4b23ca83b957e4b625cefeb0dd61adcd34c43756485948e0

SHA512
a33d8198570a7b9fe19973d83c60efddac60badfce4aa3307bcaa2b227acedd9b15c7c748b71d5a0c256f02a8a1ed56fee2072bf122902aec6f2aeefd01ddce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\python38.dll
Filesize
1.2MB

MD5
bf54b2919122441204de97ba1e7d0f2e

SHA1
1421221ce9dfda61a1585581945dff5df13883db

SHA256
13b16a264afb5537e3fbacd8637beab61f9e7a110b3a2d042f8c3b9470357526

SHA512
f68237ced8c80b8834cc0b87ce64a80c716e68289a2f81e1fdf4c3d6471034bba2ec50c832f8c89ac6d6e8d67361b282f0c718dc060ba655392b357a71b0818e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\select.pyd
Filesize
19KB

MD5
64defbbe2f1d1ca6c557823be8a4b5c0

SHA1
cd43a471768d542e5e0a2427be05a2d4dd58cfe7

SHA256
3e3fb7516bd962a3bf7ff616e764a98a98e8b029805e6b845afac0a81b9f2890

SHA512
4d5d3fc8991daafb07e6559d7386375c1f2dcafde95baaab6c6ae0aacbff2377907d35ff9f26f0ae23382ba57989a320779cacaf88b509dbaeeb059cb28a2296

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17362\unicodedata.pyd
Filesize
277KB

MD5
489d5a743b0485fb53486367942b7a7c

SHA1
57d7d7dbee32a80b84b93f505f5956ef22063ae7

SHA256
2b6b8da2f23683917d08e166ba1ec1c68d43c2dee14d22c0f402a8a71a059b4b

SHA512
dc2d4c8cf99b89b4a012f24b77022cf9f2ff4f26efff8a89d9d66fb8bc25ec9539148f8c8950025226404d5efca80f6a1051cc09b69685d666a12ec96ea30db0

Download Submit
memory/2080-14-0x0000000074F20000-0x000000007533E000-memory.dmp

Filesize
4.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads