cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb

Analysis

max time kernel
4294179s
max time network
128s
platform
windows7_x64
resource
win7-20220310-en
submitted
19-03-2022 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
Size

12.5MB
MD5

edc704dd390b0997eb400b9b88b59d69
SHA1

2e2859363b9e35f6b315fb1b6f120418b32143a0
SHA256

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb
SHA512

288ce3b254ed54efca983b64ad7b7260d7d2bc440ad43bbb1e64ad5ef851f16ea8578a40ebbe516bb151e30a6b3d9ba327b22e545cd42738f2c75357ea681208

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe

pid	Process
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
1960	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe

description	pid	Process	procid_target
PID 1088 wrote to memory of 1960	1088	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe	29
PID 1088 wrote to memory of 1960	1088	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe	29
PID 1088 wrote to memory of 1960	1088	cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe	29

C:\Users\Admin\AppData\Local\Temp\cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
"C:\Users\Admin\AppData\Local\Temp\cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Users\Admin\AppData\Local\Temp\cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe
  "C:\Users\Admin\AppData\Local\Temp\cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb.exe"
  2⤵
  - Loads dropped DLL
  PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-file-l1-2-0.dll

MD5
35bc1f1c6fbccec7eb8819178ef67664

SHA1
bbcad0148ff008e984a75937aaddf1ef6fda5e0c

SHA256
7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

SHA512
9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-file-l2-1-0.dll

MD5
3bf4406de02aa148f460e5d709f4f67d

SHA1
89b28107c39bb216da00507ffd8adb7838d883f6

SHA256
349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

SHA512
5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-localization-l1-2-0.dll

MD5
8acb83d102dabd9a5017a94239a2b0c6

SHA1
9b43a40a7b498e02f96107e1524fe2f4112d36ae

SHA256
059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

SHA512
b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-processthreads-l1-1-1.dll

MD5
9c9b50b204fcb84265810ef1f3c5d70a

SHA1
0913ab720bd692abcdb18a2609df6a7f85d96db3

SHA256
25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

SHA512
ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-timezone-l1-1-0.dll

MD5
43e1ae2e432eb99aa4427bb68f8826bb

SHA1
eee1747b3ade5a9b985467512215caf7e0d4cb9b

SHA256
3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

SHA512
40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\payload.exe.manifest

MD5
d67bc153fed4560ceb331087b13dae8c

SHA1
bb61d6806e3c5567a335acf38bd2912fa26825aa

SHA256
0c66d699d5c7490715774dab9b1a9631dfc47233c35ac952ef58fe9e59105a6a

SHA512
dbb67444d9becbdfb6650bea64aa4f2641b66188a690faa4535359faefd25291fd3646a05c87536446af239a8dfdbcc8f453b1b398697bc4dcdb517955e2cb7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\python39.dll

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10882\ucrtbase.dll

MD5
61eb0ad4c285b60732353a0cb5c9b2ab

SHA1
21a1bea01f6ca7e9828a522c696853706d0a457b

SHA256
10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

SHA512
44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-file-l1-2-0.dll

MD5
35bc1f1c6fbccec7eb8819178ef67664

SHA1
bbcad0148ff008e984a75937aaddf1ef6fda5e0c

SHA256
7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

SHA512
9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-file-l2-1-0.dll

MD5
3bf4406de02aa148f460e5d709f4f67d

SHA1
89b28107c39bb216da00507ffd8adb7838d883f6

SHA256
349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

SHA512
5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-localization-l1-2-0.dll

MD5
8acb83d102dabd9a5017a94239a2b0c6

SHA1
9b43a40a7b498e02f96107e1524fe2f4112d36ae

SHA256
059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

SHA512
b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-processthreads-l1-1-1.dll

MD5
9c9b50b204fcb84265810ef1f3c5d70a

SHA1
0913ab720bd692abcdb18a2609df6a7f85d96db3

SHA256
25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

SHA512
ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\api-ms-win-core-timezone-l1-1-0.dll

MD5
43e1ae2e432eb99aa4427bb68f8826bb

SHA1
eee1747b3ade5a9b985467512215caf7e0d4cb9b

SHA256
3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

SHA512
40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\python39.dll

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI10882\ucrtbase.dll

MD5
61eb0ad4c285b60732353a0cb5c9b2ab

SHA1
21a1bea01f6ca7e9828a522c696853706d0a457b

SHA256
10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

SHA512
44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

Download Submit
memory/1960-69-0x000007FEFC271000-0x000007FEFC273000-memory.dmp

Filesize
8KB

Download