fbccca4d8868b54f1d1741eb80cf9dc88953b5fd77284b61faa2bd240023d63c

Analysis

max time kernel
84s
max time network
152s
platform
windows10_x64
resource
win10v20210408
submitted
05-10-2021 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payment Confirmation_pdf.exe
Size

6.8MB
MD5

ba8d0f2355ba88d4833cb563fd88dcd5
SHA1

7304cb58dbb342415f9703b24f0ac1a87cf2f6df
SHA256

fbccca4d8868b54f1d1741eb80cf9dc88953b5fd77284b61faa2bd240023d63c
SHA512

ee341a10f753b829611e83b6078b9deca3dbf75541bf9395c43706e10ee17617b214be1e4ca6e5b11756d405b8a7b37c2327d44c16970e9d3d4853de078e5276

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

Processes:

Payment Confirmation_pdf.exe

pid	process
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe
408	Payment Confirmation_pdf.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

2 api.ipify.org
3 api.ipify.org

flow	ioc
2	api.ipify.org
3	api.ipify.org

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Payment Confirmation_pdf.exe

description	pid	process	target process
PID 4060 wrote to memory of 408	4060	Payment Confirmation_pdf.exe	Payment Confirmation_pdf.exe
PID 4060 wrote to memory of 408	4060	Payment Confirmation_pdf.exe	Payment Confirmation_pdf.exe

C:\Users\Admin\AppData\Local\Temp\Payment Confirmation_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Confirmation_pdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Users\Admin\AppData\Local\Temp\Payment Confirmation_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Confirmation_pdf.exe"
2⤵
- Loads dropped DLL
PID:408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI40602\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_bz2.pyd
MD5
712a8dba2916f0261a1290a8e3d85ebf

SHA1
27dbfa5de547c30c457855594272545dafaeb39d

SHA256
d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82

SHA512
662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_ctypes.pyd
MD5
4786508ffadc542bd677f45af820fdb9

SHA1
fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

SHA256
64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

SHA512
ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_hashlib.pyd
MD5
ef3b935e7d9e1685b84636f908732b06

SHA1
968bca85a6f61fa24d53fc6aa77a3f48d2b08dd6

SHA256
46d3016b73ecf3713228df563971feefcbebcea9925349a0807b48f0e09877ce

SHA512
34c1779b8b7cd8449afaaeabb37a9bbb895c199d06557ea301361972ce4722f3db98e2e099eb2ce52486ab60567ac8041a4b3b3e8e917256bdd9954cbb9b05b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_lzma.pyd
MD5
fea0e77f594207b8af1d240a16c6650e

SHA1
dd48f108074eade8c0f84916d619bce4a97c07bb

SHA256
d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0

SHA512
3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_queue.pyd
MD5
04849a636d85ad8bc535643580466b50

SHA1
17baef1ae4a1e33ed44e55c6b8de554b4814af0c

SHA256
80a803b8f9e2f1034cdbf47ba13efafaf2167a7ff9e5d97259506489e4ee58bd

SHA512
9a282680f9aaa5770cad88ee21ff1370a3a5209107d2965c2e6fed5d4fd40195e456c212ce4c27b89b29c68f30b666c803c9ef628e40ce8628c8664bbb8931f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_socket.pyd
MD5
bc7b1b0112427976b83911e607213c37

SHA1
f4c7eb5b46ebe015a13de59f17ca158c01a377f4

SHA256
85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc

SHA512
18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\_ssl.pyd
MD5
d1430e77cec5e84073700c3a65e3b8eb

SHA1
32009a7ea5e3097f38a33e3c5d73a9588f78e4a9

SHA256
174ec95c793fc33a97c57709b5117ca17700b90e7c71d72c9ec4bc7757b747a9

SHA512
1b49ce51e17b28eacc22e060b028697c93ee52a0a671ef615c6386c19e78a9ff67b84920fa5d8443970b53858a29c99dfcc395c0d6bc110ef125ec1c9da648f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\base_library.zip
MD5
174bb26af0a7c7669d1fb2e54d150971

SHA1
ef1ac2b122265f0bca3f776b6ae2a7becc276c35

SHA256
02f81520a69cf2a1d901755f61c139f67b6e727ddcd91c46f89b74fb882d6cf6

SHA512
ed4f08dbefc4a9b5a4b0051d10fb2efa80add6cf9fab258d8b1f83bcc249a1171146e89716699a3f3ad067a23f04dda28b6f7d9cf1bdcd23b945d97751f8ed19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\certifi\cacert.pem
MD5
3dcd08b803fbb28231e18b5d1eef4258

SHA1
b81ea40b943cd8a0c341f3a13e5bc05090b5a72a

SHA256
de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e

SHA512
9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\libssl-1_1.dll
MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\python38.dll
MD5
eec355a6e9586f823a4f12bed11e6c80

SHA1
33627398cb32f4fbb162f38f7c277ad5b13a99ba

SHA256
560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

SHA512
7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\select.pyd
MD5
bb6e9825bd4a98e0700d96b59ec64f68

SHA1
afd51547dad9cd7fac0efbda76b5e2388a027681

SHA256
bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac

SHA512
2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40602\unicodedata.pyd
MD5
c5334880576bbc751b20f6bd4baba992

SHA1
ebd8b76221d4dad9931aabcbb0434752280a99d1

SHA256
e5ebcc99f94766951bb75731afe07b7c4481e7ff3d252f21d39ddea7c8da4147

SHA512
08c964acd3064edf0210d6f12fe55896030756537b7e272c8e0f9b5e5606a6ed91094febabe3eadef51426bd6e4b06039cd9aa41a7756671edcac84684dfabb4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_bz2.pyd
MD5
712a8dba2916f0261a1290a8e3d85ebf

SHA1
27dbfa5de547c30c457855594272545dafaeb39d

SHA256
d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82

SHA512
662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_ctypes.pyd
MD5
4786508ffadc542bd677f45af820fdb9

SHA1
fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

SHA256
64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

SHA512
ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_hashlib.pyd
MD5
ef3b935e7d9e1685b84636f908732b06

SHA1
968bca85a6f61fa24d53fc6aa77a3f48d2b08dd6

SHA256
46d3016b73ecf3713228df563971feefcbebcea9925349a0807b48f0e09877ce

SHA512
34c1779b8b7cd8449afaaeabb37a9bbb895c199d06557ea301361972ce4722f3db98e2e099eb2ce52486ab60567ac8041a4b3b3e8e917256bdd9954cbb9b05b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_lzma.pyd
MD5
fea0e77f594207b8af1d240a16c6650e

SHA1
dd48f108074eade8c0f84916d619bce4a97c07bb

SHA256
d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0

SHA512
3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_queue.pyd
MD5
04849a636d85ad8bc535643580466b50

SHA1
17baef1ae4a1e33ed44e55c6b8de554b4814af0c

SHA256
80a803b8f9e2f1034cdbf47ba13efafaf2167a7ff9e5d97259506489e4ee58bd

SHA512
9a282680f9aaa5770cad88ee21ff1370a3a5209107d2965c2e6fed5d4fd40195e456c212ce4c27b89b29c68f30b666c803c9ef628e40ce8628c8664bbb8931f3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_socket.pyd
MD5
bc7b1b0112427976b83911e607213c37

SHA1
f4c7eb5b46ebe015a13de59f17ca158c01a377f4

SHA256
85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc

SHA512
18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\_ssl.pyd
MD5
d1430e77cec5e84073700c3a65e3b8eb

SHA1
32009a7ea5e3097f38a33e3c5d73a9588f78e4a9

SHA256
174ec95c793fc33a97c57709b5117ca17700b90e7c71d72c9ec4bc7757b747a9

SHA512
1b49ce51e17b28eacc22e060b028697c93ee52a0a671ef615c6386c19e78a9ff67b84920fa5d8443970b53858a29c99dfcc395c0d6bc110ef125ec1c9da648f7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\libssl-1_1.dll
MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\python38.dll
MD5
eec355a6e9586f823a4f12bed11e6c80

SHA1
33627398cb32f4fbb162f38f7c277ad5b13a99ba

SHA256
560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

SHA512
7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\select.pyd
MD5
bb6e9825bd4a98e0700d96b59ec64f68

SHA1
afd51547dad9cd7fac0efbda76b5e2388a027681

SHA256
bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac

SHA512
2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40602\unicodedata.pyd
MD5
c5334880576bbc751b20f6bd4baba992

SHA1
ebd8b76221d4dad9931aabcbb0434752280a99d1

SHA256
e5ebcc99f94766951bb75731afe07b7c4481e7ff3d252f21d39ddea7c8da4147

SHA512
08c964acd3064edf0210d6f12fe55896030756537b7e272c8e0f9b5e5606a6ed91094febabe3eadef51426bd6e4b06039cd9aa41a7756671edcac84684dfabb4

Download Submit
memory/408-114-0x0000000000000000-mapping.dmp

Download