3bcfcd54895c4705b8cab8118731e1c871c7177cc5d60262a624f644ca3770f8

Resubmissions

10-07-2021 18:41

210710-epgrxwjdts 10

10-07-2021 18:20

210710-aqkx8q14hs 7

Analysis

max time kernel
770s
max time network
774s
platform
windows10_x64
resource
win10v20210408
submitted
10-07-2021 18:20

Sharing

Copy URL

Twitter E-mail

Reason

Remote task has failed: Machine shutdown

Report Analysis Logs

General

Target

Injector_Warzone.exe
Size

4.0MB
MD5

2553bae916c54abf130bffc80cf7b55b
SHA1

c2199fdf7d186b0ab1d783ab4b7a7c1985aa3547
SHA256

fd0bb02a78c37b39b310880b958ae134e2f3fed71faee34c42f0aed9a033de96
SHA512

5879087f62951b1191c3ec194a0a78a1fcea8c1e080fb08cbb9f7a8f761a8415e7140c2d6d956a2074f79cbac28efc1169bcbd3cdf5524f717fde4452dad562e

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

Processes:

capa.exe

pid	process
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe
2752	capa.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3876 652 WerFault.exe Injector_Warzone.exe

pid	pid_target	process	target process
3876	652	WerFault.exe	Injector_Warzone.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

WerFault.exe

pid	process
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe
3876	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 3876 WerFault.exe
Token: SeBackupPrivilege 3876 WerFault.exe
Token: SeDebugPrivilege 3876 WerFault.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

LogonUI.exe

pid process

2852 LogonUI.exe
2852 LogonUI.exe

description	pid	process
Token: SeRestorePrivilege	3876	WerFault.exe
Token: SeBackupPrivilege	3876	WerFault.exe
Token: SeDebugPrivilege	3876	WerFault.exe

pid	process
2852	LogonUI.exe
2852	LogonUI.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.execapa.exe

description	pid	process	target process
PID 424 wrote to memory of 3968	424	cmd.exe	capa.exe
PID 424 wrote to memory of 3968	424	cmd.exe	capa.exe
PID 3968 wrote to memory of 2752	3968	capa.exe	capa.exe
PID 3968 wrote to memory of 2752	3968	capa.exe	capa.exe

C:\Users\Admin\AppData\Local\Temp\Injector_Warzone.exe
"C:\Users\Admin\AppData\Local\Temp\Injector_Warzone.exe"
1⤵
PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 252
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1796

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:640

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:424

C:\Users\Admin\AppData\Local\Temp\capa.exe
capa.exe Injector_Warzone.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:3968

C:\Users\Admin\AppData\Local\Temp\capa.exe
capa.exe Injector_Warzone.exe
3⤵
- Loads dropped DLL
PID:2752

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad6055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2852

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI39682\VCRUNTIME140.dll
MD5
ade7aac069131f54e4294f722c17a412

SHA1
fede04724bdd280dae2c3ce04db0fe5f6e54988d

SHA256
92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76

SHA512
76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_bz2.pyd
MD5
0083b7118baca26c44df117a40b8e974

SHA1
218176d616a57fd2057a34c98f510ac8b7d0f550

SHA256
e1f791a3f5e277880d56f21006cec8e0b93ca50cd4464b2b4c6e88ab3ca5234d

SHA512
e093937e4f1c8e3c321e2059a3dda703f0d3df88deba2b15656bca87a258a9cd4dc677859cb1879157d4e60e10efb4d35c402135960ef2afddfef9c388077b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_ctypes.pyd
MD5
9755d3747e407ca70a4855bc9e98cfb9

SHA1
5a1871716715ba7f898afaae8c182bd8199ed60a

SHA256
213937a90b1b91a31d3d4b240129e30f36108f46589ba68cd07920ce18c572c2

SHA512
fb2d709b4a8f718c1ab33a1b65ac990052e3a5a0d8dd57f415b4b12bce95189397bfddb5fb3a7fc1776c191eb92fd28e3aaebbebdf1024ecd99e412376ca4467

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_hashlib.pyd
MD5
f6f10f79867e33929e8c3263beaee423

SHA1
91ed04e12da5e5bed607f1957ede5057d78c275f

SHA256
c66d0a524a9d6c7f110273ffb14fb0ead440bf42f7a3957554f8b053331a7c3c

SHA512
30004621f7ee267e18987922b3e4243da6080cc7fcff8caa9cc8fdf795ba156ffba8c163a621959c2696cea6835398b046ff3175c0d02154532a93395391124b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_lzma.pyd
MD5
e63bf80e04ae950ef22d8fc100d6495f

SHA1
f2340ecaa46cb1737abcb19dbab6de9e3cbc51d7

SHA256
f4016a1a8eb34aaf4f20d6c2fdbb02992cc5125f5c32f0335c6dfbeedb9add5c

SHA512
cd70c7c99e5fb131567aa2213abd5f811e2a271ac12a2210be6a04728c696c407814e4535e7ca19ca86a2d3311d822cc6985864a2e178e1b36faf6bc828e621f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_multiprocessing.pyd
MD5
18fd166504c6bd1f60ad3b903e602532

SHA1
019ff28a64b4e1e227d1ee536a8774e441ebaf44

SHA256
a50e38ab8b6c4bfb834c047142f69a08d18a0bcc2f84a5ee81c5627ff5156618

SHA512
5ba1b75f24da3ff4b1babc4bf4ed039e42cea2c2c7dbcf7c9686050c21c3864c576ad80a11cbf47f4bc4073e8ad343ffe9702407a4fd92b07bbf88930596d6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_ruamel_yaml.cp38-win_amd64.pyd
MD5
1bf012c76a3288d6ef6586b1dc270f19

SHA1
8ec29f8b7627918b9c12e9873d314abb3171fbe4

SHA256
8ab5bbe2f26ed3e48918b9b2ee3e0cefd01a6b678819a92108cf5c566a0a435e

SHA512
4c00245d0b50b5ed9fae1be19c47ffaec076843fc0ff6031d6619c01b2c37310b2b7f8ddf569badd94f844cb2b8b4e57e7a3d69c9c1a70269df14bacbf7e16c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\_socket.pyd
MD5
ee5c9250e766a02aa745a0d1493a387c

SHA1
0e6e86b7cda5f99e719dab8bdcae21558e7def10

SHA256
28b23ef979ff75b3cc44fce358b7ed087488105e3186249163504cd719567ccf

SHA512
ba4ad7d081b307f220212a9fbf982f925ac742eec64b3c9ed2bdbf3d06a589b1acc992d9585dec077de3b7f9e814a7115470a89307123491a3aff0ac3d795419

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\base_library.zip
MD5
f93f8a27e57799857afe17f6ad872bc0

SHA1
7e485a0b3f2331b6a7ff7f933f42a1db22a2af60

SHA256
29a52735bb173445604132b18e7e8390c2b1b3a131a6082fdfd0d3b569b05154

SHA512
641ec102ad9b6e019b454d9fbd45746e4c3caf2284693d4046af33184afe5aed2b461f7bfc04257c5f82999b9a33fdc56052407006b062f611915107d6a7aa5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\libcrypto-1_1.dll
MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\pyexpat.pyd
MD5
a9e03036e55c680004576490efa6a792

SHA1
8a1948f1ba8b4bb9e34f29eade786fc85949d74c

SHA256
70fe25f01eafbf730deb95fd101b220149bb2eeea690b24b20f6f4bcdb0f04ed

SHA512
fa664233ceaa848901d19091f01cbd3ada8dd1a30de352dca693c4394e243941405edb0fe09fc9fb404fe18a5455c78aa8ce64f7037e63ac9574c2aec5ee4267

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\python38.dll
MD5
c381edf39a0c3ed74f1df4a44fbab4ba

SHA1
688af6616d5f2f67ff9f49dc6790583825fb82ab

SHA256
f8c622753feb3cec062a535f2a285b17f6d118fee0bf8ed5a2f3d06ca53e729d

SHA512
88abc4ef225593e176050a6526b4873c08aca3b464616b502e64e7995368e82ec413cdf9e0bc8902994b2be25aa0aaf2e5135977599e57a0e8e1809f2b67eeec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-av\check-for-sandbox-and-av-modules.yml
MD5
5fff89f41eaf6de4213846698d3abb30

SHA1
b47b80bd16830cf9e79e720efa26d2403fec7cbb

SHA256
602b8c4caaf7cc62a710c794c3de824e35621c49b47d3f90a78dae7f8db4b4df

SHA512
9af5cf91e12c83fe196f4226243ba47e0543c1fa1964649c97e2544cbf3898ca220d0246ac417cad7be1ac16db0f72338df9a34f3fc7468ed0b29426ea2fb51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-debugger-via-api.yml
MD5
98900ce4d8636436e7c1fc4d1c5183d3

SHA1
3bf24d5a422c2742c809d6fe653d45989494dfdb

SHA256
cb3145176eec6907becd14da78de63c9c042b00d8c78c3763fef87598ab46220

SHA512
348e814d1fd88d5a27b4059a0aa96f309dba20cf1e22eb804bc65c037a94e7c0597ce2d53f04321e7606db43ff5dbd71e89d4d1cb608bf09238232137bd252dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-hardware-breakpoints.yml
MD5
1eaebce0edac89ff2f9dd1f79cf32350

SHA1
d509ec2c32e582b3bc4a03b92b0e037da1b43d15

SHA256
2b82363cae34f1c2a0dbf1542661f2b67572617249097d5f10cc9ed13584bb25

SHA512
12a3e49d3b95e0995f66aa66a9db3c41856e0c3ea805bda17110f5107f530e142dc62d9ab75464c906d1e9a092a4d15bd35607a0968305db0571548ae95d7100

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-kernel-debugger-via-shared-user-data-structure.yml
MD5
af9b8a68f8ba5f91502ed08551946d0f

SHA1
ea55a1dcb6d2494eb825e9ff5ba322fbcdd3cb6c

SHA256
b4c933769821ea85d6db503f63496d75c3edb8f9676b0b393884ae424d7cea2d

SHA512
442cb04b275d345e6401b30ad74febce84a68221d13c39371d2e36427c0cfd06c37bc080f4909a085b1ce1145c286f673e643663779590a42814f4e47c84b8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-outputdebugstring-error.yml
MD5
90f32ab5dc3c69fad3478d065a4b27be

SHA1
8d442a3b96aaf86cedb092526ad5ee986f02bf3e

SHA256
c28094fc4d4fdb1540257d4e914eda70b69502d0df59c172b9035f4bf0589997

SHA512
75d33f6255f2825b8c16c8c9c4395bf6e3f1ad9146d5b06db9247bfe6ccb581b233143a6c990e6db6363c12c8258c2d07f6462ea5b03e216c8af6bf245c12d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-peb-beingdebugged-flag.yml
MD5
82cfaf8cde42d02554f959462833c2bb

SHA1
a2aceb263d0b2d3bdbbd2198f331383c4fb32d6b

SHA256
d391a358f57d7b81b01cc6778f5de8eaaaaca61b37f9d2e6c1ae2f823519c694

SHA512
e4538e04a9fef3a20db43982b6c3763f46c886ad48496f020ea9f9f786e83a18968a2e5e941317ca6f00770415372f601fb68a56e5e52c464272115e6fa40221

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-peb-ntglobalflag-flag.yml
MD5
897ce601592ac687887593f1cbc1289d

SHA1
cb935cf45d686049bee289ae432bef20dd7c4aa5

SHA256
edee6f34447658129bdcbf427a478385730aa5076fad7122cc224593e0c5fd60

SHA512
f38f1b292ca276263c836ebfdfed2de9594297729683ad5e376e3727d376cde6b1564653e5e40afcbf94667c9d497a8301d8dabf34b56748a0a64d284014e761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-protected-handle-exception.yml
MD5
70872afe346dfb0d8a4a38657478c2db

SHA1
f49bb6b0d5c35c265c64d84eeb1efbc9e759aaad

SHA256
a1daceae13188e3faec104dedd7e5074987bda843ef6fab2e4e309840727a657

SHA512
d0d8ce82303b48cd4daa544fc3f57694645c7b3a5c5aaf07f00b02af961e272edab41691effe1b4c8243cd89a7998d38282838cde15cb39146a6a98db61043d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-software-breakpoints.yml
MD5
86913cd31cd2b47f203f2ec268f540ff

SHA1
0c592d4da81124a0424bb61493caf9f1c9a9a630

SHA256
1c79c5dc48fbe7828aa5c537baab3e7f534952c8f5282e49b51df6101dbde54c

SHA512
b412396e654da0b5e41cb4dd5d5202bb2312668cd374b9d2688cd66929a59f774fe966575b6e1eea70a6db9e6393cbc21feca9d2d8c5bbb56d7b4b2b220c322e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-time-delay-via-gettickcount.yml
MD5
c31326cce4db1ef0525e77a928c12967

SHA1
69d43c89af848463c55cda018343a114afade6bc

SHA256
d3a93b51ccdcbe59b1cd49af9488c9edc84872b792af6b73af8e34c5e2083bbc

SHA512
abc87be59ed31ffbd49114fabecebdf16da576e4205d72fc07df452fac1bb3c508a4d4f691ecac6be17041c869afefef6a15a3ad8201d9de12c310ee49aa0e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-time-delay-via-queryperformancecounter.yml
MD5
2c5f115f0fe3bd13ecde5914caadbb6d

SHA1
ae03f5671f9b539f98d780bced8d17f4b1bf543d

SHA256
566ef0c6f504c663ba5f5bdec8046ce2b090dfa868245517eb7dac1f8336b658

SHA512
92e125d1e6e743a9d1b8ea3f9191d55a475098143f13278469b2f17f7581634cc834ab50190c5a9c759bfd129499e49eb73e1b6369e5b6a708143c982d962edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-trap-flag-exception.yml
MD5
c8aec7bd80a50643494f2dfe85da1a7c

SHA1
f824e9e408e3afbe8dc8157d325e48214191d75f

SHA256
dc9822eba817ad740ed43c31adfb4168927f185169b68f6e25118eb34af66d73

SHA512
d5b0885ee8bf30193e766dd380775caadd9ed84d1a1f123a2a1f1d96108ce111beb003533aea7c95d1f8206b3afc0a83aabe10155c0ca01c47b502d692360dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-for-unexpected-memory-writes.yml
MD5
5e025b6c20d30072ed39103c9443e2f4

SHA1
6f61947482f46ab8ecaacccc084d5b48e97b98f9

SHA256
80b9eb1f70771c371679c46195fe69a5d6d4ebb3303cb920099defc17639071c

SHA512
bd6b8e4f61393c2a7c70cd50874c509b492663ac39101ac2b5d31f794899ba7ce8b5c277047a1e32641465411c570aa27af51dc8499f5d701445b2cb1fecf2bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\check-process-job-object.yml
MD5
9a64149392051604f9fa9449a116f1e1

SHA1
069ab401ab25b870a40747746ecf2568fe6c1cc8

SHA256
dbe73c79e8db775e9554472e194af143e4f8450fdf636416576cd5b0d24ecb14

SHA512
a595b54f1b78cbb9f16d1b73e298836dd72b3aa9d65874f03f1e16b6e58da6e291599cdc8f574aa80c888ffc5af57868bce0f304b525edde8f612b04a7433d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-debugging\debugger-detection\execute-anti-debugging-instructions.yml
MD5
71748da4b95aa66386713a55cc80a9a0

SHA1
9cdc07486548755a90f1978ae54a7dcd082244d9

SHA256
c03255ecfa2ecafb14bc86dbbd6c2ec47a6695be37fdbe9a13f3c503a11ba1b0

SHA512
19556d0896cd060ca04ebe1e615011da4646076d6d18c5eccc4414af6e6baa7156116a456fd40983e90891a87a728a56bbe6f0151ad1832fb910c379b363c2aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-disasm\64-bit-execution-via-heavens-gate.yml
MD5
14281d926207b262d51da672b826febd

SHA1
e4c53c928950854719e6ea109f4c7417ba31f811

SHA256
3a048a2f2df42e5b1de96a2688bc0b7fb923e6887a1624021b1469ff4f385a59

SHA512
686914e96fea37bf0af9dc3e6e1d169ddde018da7a242cd79afad4de39b8b73b1466df19d1c8e6fc47e34558c5b8d823f713fbcb364412bfe8a6cfd99ac2692d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-disasm\contain-anti-disasm-techniques.yml
MD5
15ac13554f118ee212f9e21c4bdc4eb0

SHA1
035c4ab9891b62c7e5c8f88d8583db63de7f0f82

SHA256
1bd6f289b500c6a2d0f530bf311dc8b5af2b0e751cd9686719b77ac570674cd7

SHA512
5996a511f7c85b83e12bc5fb8100fbfe72fb00185703da793813e85f9b5beaf9fde4442728e282e0d21abf892fa8e0abb54a7310db7392b526d060b8e5b8e376

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-emulation\wine\check-if-process-is-running-under-wine.yml
MD5
3f2a56466fd65039095b40f031d233af

SHA1
19dc32b24b20ed616d157c1e1f38d61d01cbc835

SHA256
fb9222090cf32649d78a575903fd86ea6aba463326169230afe47fac1240f693

SHA512
a3c0ff21705116b80a5b18e772f625ae7533082bd4d5823d0bba2d6d04bfe944545455a6bb18552248987a6c0bcd92e6e3209ce66709a769b656aa52e0949f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-forensic\clear-logs\clear-the-windows-event-log.yml
MD5
3c61dad015ee77336d8f89d5d15e8b52

SHA1
e1ba2f3588b32b1c83dd74c1ed6e83d793faaf45

SHA256
53ebe5a2bd5a1572991c8a932e4b322b92fc694f84085f66601dd525b855161c

SHA512
8325b40efdde0dac4bfdf77bc7c5283d94212b9d9132c24baa9a86cceb37afb4f8ce5fcab19b178e232b1595ec23904fc2ed2248a9c646c11d58803b5348df84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-forensic\crash-the-windows-event-logging-service.yml
MD5
1f2ddb8ba60af62b4662c09b57c5204b

SHA1
3b4b155e2b5258578d6f889bf76ab5adcbdf6513

SHA256
c1ae23795bad4365099006006da6b8a8bdb5aca74254d69733cacb84a25fcca8

SHA512
ae2802fbac4d64ee77caef086ee6bac6322662fca3078dbbe8a3f8f84235ef4edfe9034497ca8967c08ef3b126e805c662e77954d3958a91c433ccfae1b882f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-forensic\patch-process-command-line.yml
MD5
67b417064394e0ce77e79c7ed00a5ffd

SHA1
4c5d4cb8f140578ba75538a8c543efae011a270e

SHA256
7b2699f3ce97d48eb6d4518e2937328b5c503273ccbd88c655d4522f904b199b

SHA512
96ab341766ab4c3b9bbf1aec5da0398eb35f383a040237c2c4f9e0ba83158380d6b2b5ff1325d6cae843e5f4e7f1e80b027864d1a65abe91848bb3627148181d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-forensic\self-deletion\self-delete-via-comspec-environment-variable.yml
MD5
ffb45b52045ce992ced48fda8a8f7df3

SHA1
6b3a895bfc0a0bcf0e2f4f5c7496bb4eefa16a3f

SHA256
86bf704e2c5732c040973797b13b4bcaec1410e21ffb001ec56ee91f1a72f532

SHA512
6fe4398500b0f1ab3c331365486fa93755e48f649b64287a66d3a1bb45a205be6945e4030c64d032f0525db50dea151a5212cf93f0e23f6aba07ff1550a3dfeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-forensic\timestomp\timestomp-file.yml
MD5
26a93098ec884a680105b67892a25dc9

SHA1
0c053ad89b27db216f5e52b00d88adbcfb411072

SHA256
dc648011227cc6e0114b73bf7bc531d33be432602664809229c4e877d8754118

SHA512
c47b56e289f5e0cb6b099ae3c0e893d9d8e9b37625887412590763d28b3d2c5dfbe088a5c14523a25eb9ce44f8c4466e0f1b1ea62a062dfbed3d50ad5303258c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-microsoft-office-emulation.yml
MD5
e5f20cbb6c9c62d09a27df2341434237

SHA1
392e1b4c254bb3ca9291047a8f3c5a050b02539e

SHA256
3eee1da924745cf02171e65f46d3355a2a0d094705ea040b654d95b7dc20a89d

SHA512
b18784c31d2f9b5db2c2443ef8b65f1a5a7f7d568e4c6e16adfffca452ca54e534999f4388d19849fe1a8bdf7afdebf460bbaf57431ef2d91d1db3cbd4ff33f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-sandbox-username.yml
MD5
833b079d499df546351ec4aa34e878b2

SHA1
8aea2a4d81aa8981d1a471dca5bcc3953ba3f864

SHA256
b7c4d6691190481c440d90d0b77e1e539e7e6ce08c7e7271adb819d4ea1ea0a1

SHA512
147a8c78070b40d622920a527d220441c8ace8e5efebcbdd404b0502f86247942899e57e995696daf73fed0ad44442ebe9307a4c8600632ef335ea6c96647fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-unmoving-mouse-cursor.yml
MD5
f635bdf79bdf8d19b29c7f23f8e8f802

SHA1
cebff90c22d9b0ea1a34e884bffa883fcd3b23dc

SHA256
1ffef7cf7600332660ac5a6dbe3e58204ed5f9e23871de84e648eed3e075074d

SHA512
155dde6d901c86f7967ba211bc3885aec8aeeb172345609d19bc34a99b5b51bb87d5d7e1188a777921a9ed35edc0992ded69cf2b63c2d61bfc2585abf566ee08

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-windows-sandbox-via-device.yml
MD5
e5563600e40c0c605d3f328a7322aadd

SHA1
db1251d307454176a93108ea3b60844d9176c0b9

SHA256
56689ae78fcc7c15866d07f182e949ef999bd21078f27b9c7009fe6a6dff8b12

SHA512
e09e876e483b24d369d745f68b1ad7cab910686d91c043e9b110cdc85e1bb34ec232a640da42130220bec90c08116752a193dce4f3adbc4b49264f4c5318ff89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-windows-sandbox-via-dns-suffix.yml
MD5
d25de0e92687c6d7dead68535e82335b

SHA1
4c52bc4190db137b2402590a8e56bf7ecc8e34cd

SHA256
00f567c6b7efe50fecf79665129cd3cd97ea4dfdccf2a11ce64371e4fb15fd6c

SHA512
f89e8713e749accf27c80c5f430ea6e7ea952ae4360bca371f46503f8491770bfa946d426c58c1707e4355cab0abf6c0c1419f73f52714f56b516c2e31fce7dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-windows-sandbox-via-genuine-state.yml
MD5
422bc66caa96cf23850d3af1cf2ff679

SHA1
a34244ccdee94b0c6a0517bed56b80aa181aa96f

SHA256
1c8716aa4e9db8eb173e1bbc08ad4aedb733dd02d4c7f65a9a5b2ac0060ddd2a

SHA512
4ad15a676fc04b7d51c8e90c799fa452af51cb4498c51a2cea8a2df76396b01a9eaa11981bb29122d55f97888a0f55e34793a8e2aff5e899552b49f2e696f42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\anti-vm\vm-detection\check-for-windows-sandbox-via-process-name.yml
MD5
d00e91a7163ba57657d07f34ab45ae3b

SHA1
dd18a87a1be1ebb02917d8ea86c71c80b9a0b9de

SHA256
fa19992ce5d0ef7e59eec5fbddca769ed76887fe78028076a2665ce7bc01395b

SHA512
7a516b200d473ec33d8e1de31811322dcdc9a58d8cb612a1ee086a03eff21d2f229c44e13d2c9022569e97434fdb6eeeb76b8215823a5352e028b10b0d1f40b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\rules\anti-analysis\reference-analysis-tools-strings.yml
MD5
9a53760a7d0957c1f59489f6ce42b5de

SHA1
26840170db20c4834b92c8e5b6aa9aa5b783b7cb

SHA256
d19b597864cbed8ec979f4b321312de5bd2a021a169c7986dc7399873022988a

SHA512
b4f006ad7c9e8011a8a48a4b282fb357848e767cb4db5d2dd8cde1592072d9fbbdd4ed307f229e08a5cb74357fea8494af6b18c1eb302d1c1e79d023b3a5f6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\select.pyd
MD5
6e3e3565f98e23bee501c54a4b8833db

SHA1
a4c9ecbd00c774e210eb9216e03d7945b3406c2c

SHA256
71a2198c2f9c8cb117f3ea41dc96b9ae9899f64f21392778d1516986f72d434b

SHA512
359aac4a443a013f06295e1a370f89d4452ea75fd2d11776f4eccf605b59caf529baffdcc3cef3eeb59e44a42beaf927bed908b507ac479cccc870768a620fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\ucrtbase.dll
MD5
bb0e3819e308a153c99fa6bccf2f4e77

SHA1
d96dc06cb9f441869c5088aaee4e55a81fa14387

SHA256
83e7252e6af0e63bd80bc996eed6cb687c36b94f20a55a16145d5e68076b1587

SHA512
7eb23a895bc4fac0cda16b1ab8cdcdacac7ade76519b5d9e14d2917025f3cdd7fc4bd16d22df59a8dfe7b110eb8a8ce98a50355aa32d8c49bcab3596bd0a01ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\unicodedata.pyd
MD5
0a22c143ab1dbd20e6ed6a4cb5fe1e43

SHA1
2eb837eb204d7467caad4a82e7b9932553cc9011

SHA256
d0b8deabc7bc531c0c45f17ffc75c55b1ac9ff71347b74753096050eec6235db

SHA512
8a48246bbf1dfbae63aafca8bb9ae5c14c9dbb60dcc43a1030d7ea11033cba8d6e780ab9620eeadf303f5a3a9167bddec4b2fa23dbe526b95db5c297c9f688d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39682\yaml\_yaml.cp38-win_amd64.pyd
MD5
4ed0e37e4973bcdfe85bbc7583642bbe

SHA1
5beb50ecc8b6451e2633064f4061bb79f32ef6b4

SHA256
0d1feb559ee20ba187e80154a9fed1495772ab4157a29584fb7fbd1c3b9e57e8

SHA512
9162e7ade5830c22c3e2bc55bce9b3bc83d919f42e9559554fd7aea6c4d17ae5429bdf13116fe3cfa826655278675198ee5033720e6043b2ed9ba00b99d47669

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\VCRUNTIME140.dll
MD5
ade7aac069131f54e4294f722c17a412

SHA1
fede04724bdd280dae2c3ce04db0fe5f6e54988d

SHA256
92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76

SHA512
76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_bz2.pyd
MD5
0083b7118baca26c44df117a40b8e974

SHA1
218176d616a57fd2057a34c98f510ac8b7d0f550

SHA256
e1f791a3f5e277880d56f21006cec8e0b93ca50cd4464b2b4c6e88ab3ca5234d

SHA512
e093937e4f1c8e3c321e2059a3dda703f0d3df88deba2b15656bca87a258a9cd4dc677859cb1879157d4e60e10efb4d35c402135960ef2afddfef9c388077b85

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_ctypes.pyd
MD5
9755d3747e407ca70a4855bc9e98cfb9

SHA1
5a1871716715ba7f898afaae8c182bd8199ed60a

SHA256
213937a90b1b91a31d3d4b240129e30f36108f46589ba68cd07920ce18c572c2

SHA512
fb2d709b4a8f718c1ab33a1b65ac990052e3a5a0d8dd57f415b4b12bce95189397bfddb5fb3a7fc1776c191eb92fd28e3aaebbebdf1024ecd99e412376ca4467

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_hashlib.pyd
MD5
f6f10f79867e33929e8c3263beaee423

SHA1
91ed04e12da5e5bed607f1957ede5057d78c275f

SHA256
c66d0a524a9d6c7f110273ffb14fb0ead440bf42f7a3957554f8b053331a7c3c

SHA512
30004621f7ee267e18987922b3e4243da6080cc7fcff8caa9cc8fdf795ba156ffba8c163a621959c2696cea6835398b046ff3175c0d02154532a93395391124b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_lzma.pyd
MD5
e63bf80e04ae950ef22d8fc100d6495f

SHA1
f2340ecaa46cb1737abcb19dbab6de9e3cbc51d7

SHA256
f4016a1a8eb34aaf4f20d6c2fdbb02992cc5125f5c32f0335c6dfbeedb9add5c

SHA512
cd70c7c99e5fb131567aa2213abd5f811e2a271ac12a2210be6a04728c696c407814e4535e7ca19ca86a2d3311d822cc6985864a2e178e1b36faf6bc828e621f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_multiprocessing.pyd
MD5
18fd166504c6bd1f60ad3b903e602532

SHA1
019ff28a64b4e1e227d1ee536a8774e441ebaf44

SHA256
a50e38ab8b6c4bfb834c047142f69a08d18a0bcc2f84a5ee81c5627ff5156618

SHA512
5ba1b75f24da3ff4b1babc4bf4ed039e42cea2c2c7dbcf7c9686050c21c3864c576ad80a11cbf47f4bc4073e8ad343ffe9702407a4fd92b07bbf88930596d6bd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_ruamel_yaml.cp38-win_amd64.pyd
MD5
1bf012c76a3288d6ef6586b1dc270f19

SHA1
8ec29f8b7627918b9c12e9873d314abb3171fbe4

SHA256
8ab5bbe2f26ed3e48918b9b2ee3e0cefd01a6b678819a92108cf5c566a0a435e

SHA512
4c00245d0b50b5ed9fae1be19c47ffaec076843fc0ff6031d6619c01b2c37310b2b7f8ddf569badd94f844cb2b8b4e57e7a3d69c9c1a70269df14bacbf7e16c8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\_socket.pyd
MD5
ee5c9250e766a02aa745a0d1493a387c

SHA1
0e6e86b7cda5f99e719dab8bdcae21558e7def10

SHA256
28b23ef979ff75b3cc44fce358b7ed087488105e3186249163504cd719567ccf

SHA512
ba4ad7d081b307f220212a9fbf982f925ac742eec64b3c9ed2bdbf3d06a589b1acc992d9585dec077de3b7f9e814a7115470a89307123491a3aff0ac3d795419

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\libcrypto-1_1.dll
MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\pyexpat.pyd
MD5
a9e03036e55c680004576490efa6a792

SHA1
8a1948f1ba8b4bb9e34f29eade786fc85949d74c

SHA256
70fe25f01eafbf730deb95fd101b220149bb2eeea690b24b20f6f4bcdb0f04ed

SHA512
fa664233ceaa848901d19091f01cbd3ada8dd1a30de352dca693c4394e243941405edb0fe09fc9fb404fe18a5455c78aa8ce64f7037e63ac9574c2aec5ee4267

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\python38.dll
MD5
c381edf39a0c3ed74f1df4a44fbab4ba

SHA1
688af6616d5f2f67ff9f49dc6790583825fb82ab

SHA256
f8c622753feb3cec062a535f2a285b17f6d118fee0bf8ed5a2f3d06ca53e729d

SHA512
88abc4ef225593e176050a6526b4873c08aca3b464616b502e64e7995368e82ec413cdf9e0bc8902994b2be25aa0aaf2e5135977599e57a0e8e1809f2b67eeec

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\select.pyd
MD5
6e3e3565f98e23bee501c54a4b8833db

SHA1
a4c9ecbd00c774e210eb9216e03d7945b3406c2c

SHA256
71a2198c2f9c8cb117f3ea41dc96b9ae9899f64f21392778d1516986f72d434b

SHA512
359aac4a443a013f06295e1a370f89d4452ea75fd2d11776f4eccf605b59caf529baffdcc3cef3eeb59e44a42beaf927bed908b507ac479cccc870768a620fed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\ucrtbase.dll
MD5
bb0e3819e308a153c99fa6bccf2f4e77

SHA1
d96dc06cb9f441869c5088aaee4e55a81fa14387

SHA256
83e7252e6af0e63bd80bc996eed6cb687c36b94f20a55a16145d5e68076b1587

SHA512
7eb23a895bc4fac0cda16b1ab8cdcdacac7ade76519b5d9e14d2917025f3cdd7fc4bd16d22df59a8dfe7b110eb8a8ce98a50355aa32d8c49bcab3596bd0a01ed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\unicodedata.pyd
MD5
0a22c143ab1dbd20e6ed6a4cb5fe1e43

SHA1
2eb837eb204d7467caad4a82e7b9932553cc9011

SHA256
d0b8deabc7bc531c0c45f17ffc75c55b1ac9ff71347b74753096050eec6235db

SHA512
8a48246bbf1dfbae63aafca8bb9ae5c14c9dbb60dcc43a1030d7ea11033cba8d6e780ab9620eeadf303f5a3a9167bddec4b2fa23dbe526b95db5c297c9f688d8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI39682\yaml\_yaml.cp38-win_amd64.pyd
MD5
4ed0e37e4973bcdfe85bbc7583642bbe

SHA1
5beb50ecc8b6451e2633064f4061bb79f32ef6b4

SHA256
0d1feb559ee20ba187e80154a9fed1495772ab4157a29584fb7fbd1c3b9e57e8

SHA512
9162e7ade5830c22c3e2bc55bce9b3bc83d919f42e9559554fd7aea6c4d17ae5429bdf13116fe3cfa826655278675198ee5033720e6043b2ed9ba00b99d47669

Download Submit
memory/2752-115-0x0000000000000000-mapping.dmp

Download
memory/3968-114-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads