0a58b753a6c1927045d6fba0c1947c2f8e64eeaee2422d24a16cb3dbd91cf1d0

Analysis

max time kernel
22s
max time network
60s
platform
windows7_x64
resource
win7v20210408
submitted
18-05-2021 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.bin.exe
Size

24.8MB
MD5

ff3e538ca4f72aa803986246ccd6204c
SHA1

aaef4bf2d4d7dde0164b5218dad3b7a691d1b96b
SHA256

4363c6197e0fd7b380f30154c36bc7bd15a81bda1158ef3a6a021f80928f7fae
SHA512

995be671dbf7af6c7ab69b823c3bcd914bb776d525425e3395824b234068330afdd1c06d6d897d4cf1d36da0faee017510905baba5c56a590dbbcd1001a6733f

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

Processes:

a.bin.exe

pid	process
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe
1324	a.bin.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a.bin.exe

description	pid	process	target process
PID 1240 wrote to memory of 1324	1240	a.bin.exe	a.bin.exe
PID 1240 wrote to memory of 1324	1240	a.bin.exe	a.bin.exe
PID 1240 wrote to memory of 1324	1240	a.bin.exe	a.bin.exe
PID 1240 wrote to memory of 1324	1240	a.bin.exe	a.bin.exe

C:\Users\Admin\AppData\Local\Temp\a.bin.exe
"C:\Users\Admin\AppData\Local\Temp\a.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1240

C:\Users\Admin\AppData\Local\Temp\a.bin.exe
"C:\Users\Admin\AppData\Local\Temp\a.bin.exe"
2⤵
- Loads dropped DLL
PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12402\MSVCR90.dll
MD5
1b5c42a4e92703d7f1c85b6d0b8f1c34

SHA1
fa72d425737e19e1b51e6ebb57865ec38e51b5b7

SHA256
2e13fa6feaa89396a67fb0c1c32924d2019236d34b6f97cf13287cc7d7395149

SHA512
feffde9a026fda2618b3a6a3a6f5d2f7046d8969ba8a907a361c669e0054717be58455f48675dab4ea0b5db2195d794ae37bb3dec8cd37f2cd0d6d07c822de48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12402\python27.dll
MD5
be120408ef57f9ce48b4fc5c21a7d66b

SHA1
b6fe521ed64bea5d7c42580460a142b579aa1afe

SHA256
3aa6b92851d53a27b762ad0ae11bf02dfefeb9a886717d7537d5ba12cb4e4d12

SHA512
21df9cf02aa1b6c1e4b948d2c667f756311351a04d06f04dfd9479903552530d2f71fb853f6ea7212157f1dfc437095efecbe1c1bf6198432288015a9deb2537

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\Crypto.Cipher._AES.pyd
MD5
ddf71701414eefe53cd272f3ddbec08c

SHA1
7b43ac035f85fb9e6d285d9e796f78e2093d5d25

SHA256
7ee67691ab7ffa55f8bf16a3da2922671dea66bed3ef37727136170ebc9bcff9

SHA512
3c169ed4ca5051a5f60975707fad2df79494776e8e247273af9981617399fa5f55cf91739f782242abdf5c688dc601f0aa252f04dd6f5402ee9d56bbf3a08001

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\_ctypes.pyd
MD5
9e6c48ec9508423d0ce6b6e4d4a10d90

SHA1
82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

SHA256
b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

SHA512
37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\_hashlib.pyd
MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\_multiprocessing.pyd
MD5
06c8615f66abdd6c2d986d40339d1410

SHA1
5db9e634bff65d33ff0ee6aa95182f8291b5afcc

SHA256
df9fe9289d591f0891f321f8aae5b7ba7e7c4e8b0ffd5db9766ce90934a202cf

SHA512
fc085f5db97f41b0d62bd584d24c68e57e508f225ad55839b0680bb10398b3d6364c88dcc925cb4427e311d9d2631d5d21836419e4a02f3c7d2e9c33e59d6e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\_socket.pyd
MD5
600de8a82e2204e88df27714687f88b9

SHA1
dac20e0bf5482a6f09648648bc4d38562473c89e

SHA256
a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

SHA512
3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\_ssl.pyd
MD5
9b59be1fa8427368c4e0e763f578d74c

SHA1
7287fe431a0a67aa41e9952906759746ddcffad1

SHA256
4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

SHA512
6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\pythoncom27.dll
MD5
52b865ec9937c6b1f6ba686b7e21258d

SHA1
b9e108968574577364048c18d4d6b21912bd4454

SHA256
5df515976d0f2955ae4be1e19990de644e5461db98b0ce91ca6b0e22851fea52

SHA512
6c172889a48aa3fef43250fe52b97911e79aa153e14471fce95aff5340c4646b1cf9b89942849c50e2903ee21ec345295989d49899fc6bf5782421e087d9c219

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\pywintypes27.dll
MD5
a28653caf591fc7b4c7971821deb9a56

SHA1
5ff590e23cbb45ae4a441eeecf2d0609103eec08

SHA256
88d8eb5894c47990b4ff88e94a75f59c498cfd16b0f29894f0947f5ed2a862f3

SHA512
c1bbb29e2aaa6181aeccd19d2843646e1e2dd7d33e7ace04f9df215ec5bdc604ce170e5ee6cefbe646663c278e0e9e1332c4fd63f241d2db0e66bcd7950bdd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\select.pyd
MD5
efb6435cb9fb6462132181738c729885

SHA1
0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

SHA256
039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

SHA512
6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\unicodedata.pyd
MD5
a13020f231b588d46aaf82fe9314efdc

SHA1
fa43858266fbfa564e98fba78f7e8634659f2dfe

SHA256
426d241e6480cecaf55a23ac686311a362548377edcfbfc920ac4cfbe3ea479c

SHA512
ed759afde4cf4960f059162b945c5de0e8270780004309c85093684ebfba93cfbb6e642e9db667ed852e8ceaa8c7c4386ff303db08713af4b31a4eeee45955f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12~1\win32api.pyd
MD5
04e34bf4a5bb715c7263401f0415cc3c

SHA1
0a2ec0b7a02ecfb2c4423aac0fa80565b03fd9dd

SHA256
3f85787b2d9ccded7176fd564cde748fd73cc79c0812ecf0d87d7bb0e92f88d2

SHA512
5e642e62cb9ef92a2894ee0258ca89188d1875dfb37700cd9474fe9c99bef85df718469885b98f56b44082ed3b76f4a33b27e6bf1cfacbea7f731d31f49d19c7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12402\msvcr90.dll
MD5
1b5c42a4e92703d7f1c85b6d0b8f1c34

SHA1
fa72d425737e19e1b51e6ebb57865ec38e51b5b7

SHA256
2e13fa6feaa89396a67fb0c1c32924d2019236d34b6f97cf13287cc7d7395149

SHA512
feffde9a026fda2618b3a6a3a6f5d2f7046d8969ba8a907a361c669e0054717be58455f48675dab4ea0b5db2195d794ae37bb3dec8cd37f2cd0d6d07c822de48

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12402\python27.dll
MD5
be120408ef57f9ce48b4fc5c21a7d66b

SHA1
b6fe521ed64bea5d7c42580460a142b579aa1afe

SHA256
3aa6b92851d53a27b762ad0ae11bf02dfefeb9a886717d7537d5ba12cb4e4d12

SHA512
21df9cf02aa1b6c1e4b948d2c667f756311351a04d06f04dfd9479903552530d2f71fb853f6ea7212157f1dfc437095efecbe1c1bf6198432288015a9deb2537

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\Crypto.Cipher._AES.pyd
MD5
ddf71701414eefe53cd272f3ddbec08c

SHA1
7b43ac035f85fb9e6d285d9e796f78e2093d5d25

SHA256
7ee67691ab7ffa55f8bf16a3da2922671dea66bed3ef37727136170ebc9bcff9

SHA512
3c169ed4ca5051a5f60975707fad2df79494776e8e247273af9981617399fa5f55cf91739f782242abdf5c688dc601f0aa252f04dd6f5402ee9d56bbf3a08001

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\_ctypes.pyd
MD5
9e6c48ec9508423d0ce6b6e4d4a10d90

SHA1
82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

SHA256
b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

SHA512
37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\_hashlib.pyd
MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\_multiprocessing.pyd
MD5
06c8615f66abdd6c2d986d40339d1410

SHA1
5db9e634bff65d33ff0ee6aa95182f8291b5afcc

SHA256
df9fe9289d591f0891f321f8aae5b7ba7e7c4e8b0ffd5db9766ce90934a202cf

SHA512
fc085f5db97f41b0d62bd584d24c68e57e508f225ad55839b0680bb10398b3d6364c88dcc925cb4427e311d9d2631d5d21836419e4a02f3c7d2e9c33e59d6e97

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\_socket.pyd
MD5
600de8a82e2204e88df27714687f88b9

SHA1
dac20e0bf5482a6f09648648bc4d38562473c89e

SHA256
a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

SHA512
3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\_ssl.pyd
MD5
9b59be1fa8427368c4e0e763f578d74c

SHA1
7287fe431a0a67aa41e9952906759746ddcffad1

SHA256
4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

SHA512
6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\pythoncom27.dll
MD5
52b865ec9937c6b1f6ba686b7e21258d

SHA1
b9e108968574577364048c18d4d6b21912bd4454

SHA256
5df515976d0f2955ae4be1e19990de644e5461db98b0ce91ca6b0e22851fea52

SHA512
6c172889a48aa3fef43250fe52b97911e79aa153e14471fce95aff5340c4646b1cf9b89942849c50e2903ee21ec345295989d49899fc6bf5782421e087d9c219

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\pywintypes27.dll
MD5
a28653caf591fc7b4c7971821deb9a56

SHA1
5ff590e23cbb45ae4a441eeecf2d0609103eec08

SHA256
88d8eb5894c47990b4ff88e94a75f59c498cfd16b0f29894f0947f5ed2a862f3

SHA512
c1bbb29e2aaa6181aeccd19d2843646e1e2dd7d33e7ace04f9df215ec5bdc604ce170e5ee6cefbe646663c278e0e9e1332c4fd63f241d2db0e66bcd7950bdd92

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\select.pyd
MD5
efb6435cb9fb6462132181738c729885

SHA1
0931e3aa2682fdf676b9b6009e8ca8f92f014e7e

SHA256
039981e17c2eb88cb2d08e50f2d323027e27683a7b3b3bc042e76fba40d34ab2

SHA512
6d7ad34390579e98cba75dfdbd3ace5af26ddf7f62675e33a29322911e94d1382ea84c8483265644866384ead64ffa55a1a0dd7c6d0787524fa972735f44f015

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\unicodedata.pyd
MD5
a13020f231b588d46aaf82fe9314efdc

SHA1
fa43858266fbfa564e98fba78f7e8634659f2dfe

SHA256
426d241e6480cecaf55a23ac686311a362548377edcfbfc920ac4cfbe3ea479c

SHA512
ed759afde4cf4960f059162b945c5de0e8270780004309c85093684ebfba93cfbb6e642e9db667ed852e8ceaa8c7c4386ff303db08713af4b31a4eeee45955f0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12~1\win32api.pyd
MD5
04e34bf4a5bb715c7263401f0415cc3c

SHA1
0a2ec0b7a02ecfb2c4423aac0fa80565b03fd9dd

SHA256
3f85787b2d9ccded7176fd564cde748fd73cc79c0812ecf0d87d7bb0e92f88d2

SHA512
5e642e62cb9ef92a2894ee0258ca89188d1875dfb37700cd9474fe9c99bef85df718469885b98f56b44082ed3b76f4a33b27e6bf1cfacbea7f731d31f49d19c7

Download Submit
memory/1324-63-0x0000000074D91000-0x0000000074D93000-memory.dmp

Filesize
8KB

Download
memory/1324-60-0x0000000000000000-mapping.dmp

Download