369b8b7e51f07800ae6782ce23c61019cf66af0eeec132049371cb2f7b41a1d1

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7v20210410
submitted
13-06-2021 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
Size

4.6MB
MD5

0c0fe6c4f7311dbcb6af7cee2ecafbfe
SHA1

4082e2a9e99c025cc90afdaf283198cb5bf02d3f
SHA256

2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41
SHA512

9b5091093efa20bbae0e54a9e10da4e7b1c6b54a407a7820be46cfbfabf5795478468e728d9575f2b09a808c07a0ff553ed5592781ebb231997f8285e8f9c973

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

pid	process
1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

description pid process

Token: 35 1972 2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

description	pid	process
Token: 35	1972	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

description	pid	process	target process
PID 788 wrote to memory of 1972	788	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
PID 788 wrote to memory of 1972	788	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
PID 788 wrote to memory of 1972	788	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
PID 788 wrote to memory of 1972	788	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe	2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe

C:\Users\Admin\AppData\Local\Temp\2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
"C:\Users\Admin\AppData\Local\Temp\2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:788

C:\Users\Admin\AppData\Local\Temp\2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe
"C:\Users\Admin\AppData\Local\Temp\2584dab20fb7334db9dba5ad3dd3e3ab046fbf908a1c3623bd409b299a8faf41.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7882\MSVCR100.dll
MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\SLABHIDDevice.dll
MD5
1b94fbe86d37eeb11d5a95e1ebd449b8

SHA1
cef6f7b565f705222bab597ebe146c9b5b1da312

SHA256
a698a9e7a3b5b3db3f5df4a41201211d924239438e1a7800c0495f563cd26445

SHA512
9566769e063b70ff7152db543575415e2e2d12841b9633ad559a6cc49bb9c8aebec7f363971317d9b5b9ebdd0cab85659bd3bb39740ec5172246f6f1ac79efe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\SLABHIDtoSMBus.dll
MD5
cb4d1bf79a1734884c482815ce45b734

SHA1
0457b84b77fc7112c4c275c926806805e87513ab

SHA256
329750371f153e6e9f3110b82ce0531a6d8d020bc6066e13d6087001be9fe6d6

SHA512
db869460ee337515ae5893a8d9decc11e032cdfc08e9a8735130657c018b540af581e1152df5f1187570684038126df09dde742801762624434e158460e2902c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\_ctypes.pyd
MD5
e5861ae3e937a861295f7964c3d5db73

SHA1
7321ccb8f50b26fe54eb45853333aca1a99b7658

SHA256
68c516c3ede91c99549995ad86e84725c82136e13937c3ce993294e99b0183e5

SHA512
94b98342395c9f8501605c3a0eb0085bf54bc3d080876d47da34868b94ca5c9d98b7de081ecf9e23b3607f9c8d1da32dfbf2502340dbe566e8cedd19f23ed135

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\base_library.zip
MD5
2308e9af8f41ebc84296b08fb6c151c6

SHA1
32ffad21ffc2c27abc3160936cb89c3276fd6016

SHA256
5941c77f44c3dc37e9c44808fd8ae1627da35454d542afa4461c951acb0e9dc7

SHA512
ae1aec2fb2c440c8fc8aa4d4b19da5a9cc9a2054213947fd7ee7b9f1a336d52b2f5ecf43d64c9b722887ff3a86ba2736b1bda706722ce3b4e7fcbf7a8b01584a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\efm8load.exe.manifest
MD5
ed3efbd1bfe1be625d461aabd378a6af

SHA1
6fe2f978b576c3ec244e40677dd5803b2fc58946

SHA256
383389a4446a0eb971c528608d0957ed3b92f098e78e2e2fa3529a8180b3e730

SHA512
5f59ec934b7d50615914c489642d23e22b8267f05e5c8183d49f16ab40b482395cd4df8919235671d9619c96dc395b1e42a626fc693610f978c1e62385ebf192

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7882\python34.dll
MD5
7483c5a108bf1313f0f1bfecaa754d29

SHA1
c199f2de7c88c88693119e067ee11a673b26cfd7

SHA256
c3313fc7b3f44baac512bc2dd102a195a01ad8a31d66b87c1cf954f8381abbce

SHA512
4129be818c3c0cabcffad8d92160ceb278bf5bba6b2e84dbe8f6c128e3c0cb1266589bc6788688e1ab812f55abcd7daa6211e1cb909c88d284e7ff09660d28bf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7882\_ctypes.pyd
MD5
e5861ae3e937a861295f7964c3d5db73

SHA1
7321ccb8f50b26fe54eb45853333aca1a99b7658

SHA256
68c516c3ede91c99549995ad86e84725c82136e13937c3ce993294e99b0183e5

SHA512
94b98342395c9f8501605c3a0eb0085bf54bc3d080876d47da34868b94ca5c9d98b7de081ecf9e23b3607f9c8d1da32dfbf2502340dbe566e8cedd19f23ed135

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7882\msvcr100.dll
MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7882\python34.dll
MD5
7483c5a108bf1313f0f1bfecaa754d29

SHA1
c199f2de7c88c88693119e067ee11a673b26cfd7

SHA256
c3313fc7b3f44baac512bc2dd102a195a01ad8a31d66b87c1cf954f8381abbce

SHA512
4129be818c3c0cabcffad8d92160ceb278bf5bba6b2e84dbe8f6c128e3c0cb1266589bc6788688e1ab812f55abcd7daa6211e1cb909c88d284e7ff09660d28bf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7882\slabhiddevice.dll
MD5
1b94fbe86d37eeb11d5a95e1ebd449b8

SHA1
cef6f7b565f705222bab597ebe146c9b5b1da312

SHA256
a698a9e7a3b5b3db3f5df4a41201211d924239438e1a7800c0495f563cd26445

SHA512
9566769e063b70ff7152db543575415e2e2d12841b9633ad559a6cc49bb9c8aebec7f363971317d9b5b9ebdd0cab85659bd3bb39740ec5172246f6f1ac79efe5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7882\slabhidtosmbus.dll
MD5
cb4d1bf79a1734884c482815ce45b734

SHA1
0457b84b77fc7112c4c275c926806805e87513ab

SHA256
329750371f153e6e9f3110b82ce0531a6d8d020bc6066e13d6087001be9fe6d6

SHA512
db869460ee337515ae5893a8d9decc11e032cdfc08e9a8735130657c018b540af581e1152df5f1187570684038126df09dde742801762624434e158460e2902c

Download Submit
memory/1972-59-0x0000000000000000-mapping.dmp

Download
memory/1972-63-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download