12b932b28d7399aeb3a45d9efc62109c1b4392be4f62520021e229a7705ca886

Analysis

max time kernel
14s
max time network
102s
platform
windows10_x64
resource
win10v20201028
submitted
23-02-2021 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3baf1e165b63c05c8f649893312d55aa.exe
Size

7.1MB
MD5

3baf1e165b63c05c8f649893312d55aa
SHA1

b7de2a82a93e39084fe24a42663f6d5880cb53e8
SHA256

12b932b28d7399aeb3a45d9efc62109c1b4392be4f62520021e229a7705ca886
SHA512

03a252d25fac3146ed8eea3e0a3cbba51137f457b71a1671eb66384e444b5b5e4ba6b0785cf94be32eb55101d0aa77dfcb4f82a839ac3ce10b1ca2bbf5578108

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

3baf1e165b63c05c8f649893312d55aa.exe

pid	process
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe
2268	3baf1e165b63c05c8f649893312d55aa.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

3baf1e165b63c05c8f649893312d55aa.exe

pid process

2268 3baf1e165b63c05c8f649893312d55aa.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

3baf1e165b63c05c8f649893312d55aa.exe

description	pid	process	target process
PID 1052 wrote to memory of 2268	1052	3baf1e165b63c05c8f649893312d55aa.exe	3baf1e165b63c05c8f649893312d55aa.exe
PID 1052 wrote to memory of 2268	1052	3baf1e165b63c05c8f649893312d55aa.exe	3baf1e165b63c05c8f649893312d55aa.exe

C:\Users\Admin\AppData\Local\Temp\3baf1e165b63c05c8f649893312d55aa.exe
"C:\Users\Admin\AppData\Local\Temp\3baf1e165b63c05c8f649893312d55aa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052

C:\Users\Admin\AppData\Local\Temp\3baf1e165b63c05c8f649893312d55aa.exe
"C:\Users\Admin\AppData\Local\Temp\3baf1e165b63c05c8f649893312d55aa.exe"
2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2268

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10522\NitroGenerator.exe.manifest
MD5
e04d86a221eda427aeb3eb46771b3829

SHA1
db6ee105d6eb2e213fc0f08719918e13587bfe9b

SHA256
032a404bc271554f786d04ead996758560e54cd99db59d6d198f716c32beadc9

SHA512
8e10623846aa146f7158cc8785d36182cae835091518435e6296b45d57bd4e90bfd98cc46bf9ee9ff9b7066646e416c17422b01d8a4bd6583b0a455e706166de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\_bz2.pyd
MD5
499462206034b6ab7d18cc208a5b67e3

SHA1
1cd350a9f5d048d337475e66dcc0b9fab6aebf78

SHA256
6c2bbed242c399c4bc9b33268afe538cf1dea494c75c8d0db786030a0dcc4b7e

SHA512
17a1191f1d5ca00562b80eff2363b22869f7606a2a17f2f0b361d9b36b6e88cb43814255a5bac49d044ea7046b872bac63bd524f9442c9839ab80a54d96f1e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\_ctypes.pyd
MD5
b74f6285a790ffd7e9ec26e3ab4ca8df

SHA1
7e023c1e4f12e8e577e46da756657fd2db80b5e8

SHA256
c1e3e9548243ca523f1941990477723f57a1052965fccc8f10c2cfae414a6b8a

SHA512
3a700638959cbd88e8a36291af954c7ccf00f6101287fc8bd3221ee31bd91b7bd1830c7847d8c2f4f07c94bc233be32a466b915283d3d2c66abed2c70570c299

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\_lzma.pyd
MD5
bc118fb4e14de484452bb1be413c082a

SHA1
25d09b7fbc2452457bcf7025c3498947bc96c2d1

SHA256
ac0ceb8e6b5e67525b136b5ce97500fe4f152061b1bf2783f127eff557b248a3

SHA512
68a24d137b8641cd474180971142511d8708738096d865a73fb928315dd9edf46c4ebf97d596f4a9e207ec81828e5db7e90c7b8b00d5f416737ba8bffc2887bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\_pytransform.dll
MD5
d891ba261c88965a0cdc56308c1513c0

SHA1
6e3b1261c5ca27f1d16b0cddafa8c5930cc79527

SHA256
0f9a5e90561d32b499f3bef03afe65d7b025feac4ea269325966bc8fcae1f167

SHA512
7fca226abe6f8403a4ab4991a3cd4a6e0e57f4c0e6d495ad5a38adaaff14f3bdda3345a7df28c50ce49cdc0f4bb1180e0ec469cf3ecf3a0ae814692c72f0d8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\_socket.pyd
MD5
0df2287791c20a764e6641029a882f09

SHA1
8a0aeb4b4d8410d837469339244997c745c9640c

SHA256
09ab789238120df329956278f68a683210692c9bcccb8cd548c771e7f9711869

SHA512
60c24e38ba5d87f9456157e3f4501f4ffabce263105ff07aa611b2f35c3269ade458dbf857633c73c65660e0c37aee884b1c844b51a05ced6aed0c5d500006de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\base_library.zip
MD5
ffc01b614a61d204095d0ba3f110d0bc

SHA1
0d103e30c32b843b325f4fdd17c575fe8eb6ea0b

SHA256
cbda495cf95ea72c964211ae2d9c72143e9dcb8acdcf2aa3a6959e9df5c60f4b

SHA512
fa02d67284cfa24935e455b71a056ff4a49c6c116dd27c9bce5b11cb6f0d173b0ea6a04e3890c226030a2803a168870aafe5e50e95b026c0bb2e8c91d2e78003

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\python39.dll
MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10522\select.pyd
MD5
a2a4cf664570944ccc691acf47076eeb

SHA1
918a953817fff228dbd0bdf784ed6510314f4dd9

SHA256
b26b6631d433af5d63b8e7cda221b578e7236c8b34b3cffcf7630f2e83fc8434

SHA512
d022da9e2606c5c3875c21ba8e1132ad8b830411d6ec9c4ddf8ebd33798c44a7e9fe64793b8efb72f3e220bb5ce1512769a0398ecc109f53f394ea47da7a8767

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\_bz2.pyd
MD5
499462206034b6ab7d18cc208a5b67e3

SHA1
1cd350a9f5d048d337475e66dcc0b9fab6aebf78

SHA256
6c2bbed242c399c4bc9b33268afe538cf1dea494c75c8d0db786030a0dcc4b7e

SHA512
17a1191f1d5ca00562b80eff2363b22869f7606a2a17f2f0b361d9b36b6e88cb43814255a5bac49d044ea7046b872bac63bd524f9442c9839ab80a54d96f1e6b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\_ctypes.pyd
MD5
b74f6285a790ffd7e9ec26e3ab4ca8df

SHA1
7e023c1e4f12e8e577e46da756657fd2db80b5e8

SHA256
c1e3e9548243ca523f1941990477723f57a1052965fccc8f10c2cfae414a6b8a

SHA512
3a700638959cbd88e8a36291af954c7ccf00f6101287fc8bd3221ee31bd91b7bd1830c7847d8c2f4f07c94bc233be32a466b915283d3d2c66abed2c70570c299

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\_lzma.pyd
MD5
bc118fb4e14de484452bb1be413c082a

SHA1
25d09b7fbc2452457bcf7025c3498947bc96c2d1

SHA256
ac0ceb8e6b5e67525b136b5ce97500fe4f152061b1bf2783f127eff557b248a3

SHA512
68a24d137b8641cd474180971142511d8708738096d865a73fb928315dd9edf46c4ebf97d596f4a9e207ec81828e5db7e90c7b8b00d5f416737ba8bffc2887bf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\_pytransform.dll
MD5
d891ba261c88965a0cdc56308c1513c0

SHA1
6e3b1261c5ca27f1d16b0cddafa8c5930cc79527

SHA256
0f9a5e90561d32b499f3bef03afe65d7b025feac4ea269325966bc8fcae1f167

SHA512
7fca226abe6f8403a4ab4991a3cd4a6e0e57f4c0e6d495ad5a38adaaff14f3bdda3345a7df28c50ce49cdc0f4bb1180e0ec469cf3ecf3a0ae814692c72f0d8c8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\_socket.pyd
MD5
0df2287791c20a764e6641029a882f09

SHA1
8a0aeb4b4d8410d837469339244997c745c9640c

SHA256
09ab789238120df329956278f68a683210692c9bcccb8cd548c771e7f9711869

SHA512
60c24e38ba5d87f9456157e3f4501f4ffabce263105ff07aa611b2f35c3269ade458dbf857633c73c65660e0c37aee884b1c844b51a05ced6aed0c5d500006de

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\python39.dll
MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10522\select.pyd
MD5
a2a4cf664570944ccc691acf47076eeb

SHA1
918a953817fff228dbd0bdf784ed6510314f4dd9

SHA256
b26b6631d433af5d63b8e7cda221b578e7236c8b34b3cffcf7630f2e83fc8434

SHA512
d022da9e2606c5c3875c21ba8e1132ad8b830411d6ec9c4ddf8ebd33798c44a7e9fe64793b8efb72f3e220bb5ce1512769a0398ecc109f53f394ea47da7a8767

Download Submit
memory/2268-2-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads