4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6

General

Target

4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
Size

12.6MB
MD5

d427390e9fad598ec3288c9275c84628
SHA1

7b88e1eaa07151fc0d7639574fc7f40fa5be8aa3
SHA256

4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6
SHA512

83ecc48386999ec6d05999d88e9a81eae5267ea807441727cd60d44f17ead8a0ca6e8a0ffa7d5e4e9fc800d858fb2ee824815abe4299e0ec85639384b75324a8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 32 IoCs

Processes:

4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

pid	process
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

JavaScript code in executable 5 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI16842\python37.dll	js
\Users\Admin\AppData\Local\Temp\_MEI16842\python37.dll	js
C:\Users\Admin\AppData\Local\Temp\_MEI16842\base_library.zip	js
C:\Users\Admin\AppData\Local\Temp\_MEI16842\libcrypto-1_1.dll	js
\Users\Admin\AppData\Local\Temp\_MEI16842\libcrypto-1_1.dll	js

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

description pid process

Token: 35 1940 4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

description	pid	process
Token: 35	1940	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

description	pid	process	target process
PID 1684 wrote to memory of 1940	1684	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
PID 1684 wrote to memory of 1940	1684	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
PID 1684 wrote to memory of 1940	1684	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe	4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe

C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
"C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe
"C:\Users\Admin\AppData\Local\Temp\4b76ad80e9ce4c503bde0e476a88447426fc38315d440d22926627295e1b0ec6.bin.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1940

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_Salsa20.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_cbc.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_cfb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ctr.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ecb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ocb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ofb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_BLAKE2s.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_MD5.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_SHA1.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_SHA256.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_ghash_portable.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Math\_modexp.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Protocol\_scrypt.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Util\_cpuid_c.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Util\_strxor.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\VCRUNTIME140.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_bz2.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_cffi_backend.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_ctypes.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_hashlib.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_lzma.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_queue.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_socket.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_ssl.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\base_library.zip

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\certifi\cacert.pem

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\cryptography\hazmat\bindings\_padding.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\libcrypto-1_1.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\libssl-1_1.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\pyexpat.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\python37.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\select.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\unicodedata.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_Salsa20.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_cbc.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_cfb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ctr.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ecb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ocb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Cipher\_raw_ofb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_BLAKE2s.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_MD5.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_SHA1.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_SHA256.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Hash\_ghash_portable.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Math\_modexp.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Protocol\_scrypt.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Util\_cpuid_c.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\Cryptodome\Util\_strxor.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\VCRUNTIME140.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_bz2.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_cffi_backend.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_ctypes.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_hashlib.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_lzma.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_queue.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_socket.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\_ssl.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\cryptography\hazmat\bindings\_padding.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\libcrypto-1_1.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\libssl-1_1.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\pyexpat.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\python37.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\select.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16842\unicodedata.pyd

Download Submit
memory/1940-0-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads