1af9d611b0ac7698181d3624f6e917f5cd3705d64b8d02ab7b034dcec91ebd1f

Analysis

max time kernel
121s
max time network
119s
platform
windows7_x64
resource
win7-en-20210920
submitted
13-10-2021 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v01.exe
Size

11.4MB
MD5

cbc230afb3a741013ca046b09f982dd2
SHA1

cc7bc01180f2ed052ab2c28faecf8b1824ead634
SHA256

1af9d611b0ac7698181d3624f6e917f5cd3705d64b8d02ab7b034dcec91ebd1f
SHA512

ba0b79540ba798a2ef041602ff16bd70a8d93e008a679025e048ffe20c961ae30744e7ce172e8d15a048580e542173b8e0a18f086d7c27917569c5846299b422

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

v01.exe

pid process

1152 v01.exe
1152 v01.exe
1152 v01.exe
1152 v01.exe
1152 v01.exe
1152 v01.exe
1152 v01.exe

pid	process
1152	v01.exe
1152	v01.exe
1152	v01.exe
1152	v01.exe
1152	v01.exe
1152	v01.exe
1152	v01.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

v01.exe

description	pid	process	target process
PID 1544 wrote to memory of 1152	1544	v01.exe	v01.exe
PID 1544 wrote to memory of 1152	1544	v01.exe	v01.exe
PID 1544 wrote to memory of 1152	1544	v01.exe	v01.exe

C:\Users\Admin\AppData\Local\Temp\v01.exe
"C:\Users\Admin\AppData\Local\Temp\v01.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\Temp\v01.exe
"C:\Users\Admin\AppData\Local\Temp\v01.exe"
2⤵
- Loads dropped DLL
PID:1152

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-file-l1-2-0.dll
MD5
4d65b1e5968d9f209b85a2e91bb61795

SHA1
59d3ec2dabc421268503a8434bfbf0013ce931cd

SHA256
c335bc44fc3f731e60444d3580daa283e02791db201101990b7614b4a0bdb677

SHA512
8502b66879da0a92c0d0ee01b2b9fc187977fa25847c5a572d9942d5ef77a657b894bca2e33aae55e287aa3b0c82a832349c7a215c7f1c91783ec0b4c9d8e725

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-file-l2-1-0.dll
MD5
01bc5a5328af69e18f47d4d9a34cdc14

SHA1
94523b399717901fffcbfb73ec526a0bdc59baae

SHA256
72f98c310d66b549c85c86d97a7c8296024132ef40ce55b97bb10ad1561c8e18

SHA512
402194eb4ae92757fedefef145e1b7e9f6d0747614bdca84cccaf5788160637e0bdef98f3f11457dbdb3e17869153c71f97f4fef35dcc72b3c728b0986422e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-localization-l1-2-0.dll
MD5
a31c0779771424ab5312ad6b35fc7ed4

SHA1
724cb04bdec2091864654262a172538286280996

SHA256
0aeb221f09c278710860653a2b9ef24188bb71a2d6ec3ed1fb269fdba3c1a12b

SHA512
59320fc6cc7893a484c8e27c7a8adefa2e511c04d5a7974e25e3f848b07c0baa987a7349042998fcad32c92c7bc3c03b82123818edbdc400a9f453a12fe03fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-processthreads-l1-1-1.dll
MD5
05835a72c8cdca8845126416c370229e

SHA1
15033ca46c159e3cf35766dc200d82538f203db0

SHA256
64fcc2cd952059cd9fdf64f978ef4c25474263fbca57a16a38b39f1c499fcca7

SHA512
ebe3cbcd40118a99bde58e428752df5cfb2218c305665a8ea390027c7e5a1d7c0600943688e012a53d54568732f859a75e09f0101669da800b10f399a52c945e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-timezone-l1-1-0.dll
MD5
3c2425e4d7ff8f64c37f5d272fb347f2

SHA1
4c8bf1a8ca6926d7950a7a2594a1c9cb71b86e11

SHA256
81f2425aab6ae6863c688ee6e8ef1679eecdaa3010bc558a2d15d2e464eda7f4

SHA512
44f187c2b5292d607698fbe9371f5ae2b56f568a0e5478f09abe45fa611bc9ffaf6e04aa1fe0ad875c223a25c856c4620f5e601036b443dcfacc30b3e774884e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15442\ucrtbase.dll
MD5
fdbdabd62a2efb845c4ee89460ee0a07

SHA1
303e4153cb604817d8bfed35c5a7c7305652e3de

SHA256
3ff49964549380cd0e46bc3a7a85fc3bd43e27c6355f4bf255ea4382bba0a96f

SHA512
2cacd98fb31e6f6a082df5078de400437c4aacafc4d7149bd2ab31ae55b0ca5ebf4e542016ff42833a63bd5b8fab95a646e5db0be0af0959921ebd988e9ece2a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-file-l1-2-0.dll
MD5
4d65b1e5968d9f209b85a2e91bb61795

SHA1
59d3ec2dabc421268503a8434bfbf0013ce931cd

SHA256
c335bc44fc3f731e60444d3580daa283e02791db201101990b7614b4a0bdb677

SHA512
8502b66879da0a92c0d0ee01b2b9fc187977fa25847c5a572d9942d5ef77a657b894bca2e33aae55e287aa3b0c82a832349c7a215c7f1c91783ec0b4c9d8e725

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-file-l2-1-0.dll
MD5
01bc5a5328af69e18f47d4d9a34cdc14

SHA1
94523b399717901fffcbfb73ec526a0bdc59baae

SHA256
72f98c310d66b549c85c86d97a7c8296024132ef40ce55b97bb10ad1561c8e18

SHA512
402194eb4ae92757fedefef145e1b7e9f6d0747614bdca84cccaf5788160637e0bdef98f3f11457dbdb3e17869153c71f97f4fef35dcc72b3c728b0986422e89

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-localization-l1-2-0.dll
MD5
a31c0779771424ab5312ad6b35fc7ed4

SHA1
724cb04bdec2091864654262a172538286280996

SHA256
0aeb221f09c278710860653a2b9ef24188bb71a2d6ec3ed1fb269fdba3c1a12b

SHA512
59320fc6cc7893a484c8e27c7a8adefa2e511c04d5a7974e25e3f848b07c0baa987a7349042998fcad32c92c7bc3c03b82123818edbdc400a9f453a12fe03fb7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-processthreads-l1-1-1.dll
MD5
05835a72c8cdca8845126416c370229e

SHA1
15033ca46c159e3cf35766dc200d82538f203db0

SHA256
64fcc2cd952059cd9fdf64f978ef4c25474263fbca57a16a38b39f1c499fcca7

SHA512
ebe3cbcd40118a99bde58e428752df5cfb2218c305665a8ea390027c7e5a1d7c0600943688e012a53d54568732f859a75e09f0101669da800b10f399a52c945e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\api-ms-win-core-timezone-l1-1-0.dll
MD5
3c2425e4d7ff8f64c37f5d272fb347f2

SHA1
4c8bf1a8ca6926d7950a7a2594a1c9cb71b86e11

SHA256
81f2425aab6ae6863c688ee6e8ef1679eecdaa3010bc558a2d15d2e464eda7f4

SHA512
44f187c2b5292d607698fbe9371f5ae2b56f568a0e5478f09abe45fa611bc9ffaf6e04aa1fe0ad875c223a25c856c4620f5e601036b443dcfacc30b3e774884e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15442\ucrtbase.dll
MD5
fdbdabd62a2efb845c4ee89460ee0a07

SHA1
303e4153cb604817d8bfed35c5a7c7305652e3de

SHA256
3ff49964549380cd0e46bc3a7a85fc3bd43e27c6355f4bf255ea4382bba0a96f

SHA512
2cacd98fb31e6f6a082df5078de400437c4aacafc4d7149bd2ab31ae55b0ca5ebf4e542016ff42833a63bd5b8fab95a646e5db0be0af0959921ebd988e9ece2a

Download Submit
memory/1152-54-0x0000000000000000-mapping.dmp

Download
memory/1544-53-0x000007FEFB711000-0x000007FEFB713000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads