0df6eca30071051714c4d1b5bd16e11feb7a76ab208c907771d0dd470d91ab07

Resubmissions

13-05-2022 02:12

220513-cm8pqabgh7 7

12-05-2022 17:45

220512-wbp8sahhem 7

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueScreen.exe
Size

7.4MB
MD5

3c445a0d0e7d96ebfba730db72bc8e37
SHA1

063dc457d3a879769b118bde5e16816d58388912
SHA256

0df6eca30071051714c4d1b5bd16e11feb7a76ab208c907771d0dd470d91ab07
SHA512

6ff653ca22518dd7766fe451fba56a65f05bb6c3da580e4135832ffb60aa3e9270f823a34ef69ce8d317b733af1be69d942e6312c75f3de4f55c23b4668ea857

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

BlueScreen.exe

pid process

2032 BlueScreen.exe
2032 BlueScreen.exe
2032 BlueScreen.exe
2032 BlueScreen.exe
2032 BlueScreen.exe
2032 BlueScreen.exe
2032 BlueScreen.exe

pid	process
2032	BlueScreen.exe
2032	BlueScreen.exe
2032	BlueScreen.exe
2032	BlueScreen.exe
2032	BlueScreen.exe
2032	BlueScreen.exe
2032	BlueScreen.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

BlueScreen.exe

description	pid	process	target process
PID 1988 wrote to memory of 2032	1988	BlueScreen.exe	BlueScreen.exe
PID 1988 wrote to memory of 2032	1988	BlueScreen.exe	BlueScreen.exe
PID 1988 wrote to memory of 2032	1988	BlueScreen.exe	BlueScreen.exe

C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe
"C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988

C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe
"C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe"
2⤵
- Loads dropped DLL
PID:2032

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
34004faa65345221d342763a2d9d2c76

SHA1
6e8948cf23c7c5093d427d6704bad894602a6e85

SHA256
323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

SHA512
1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
3ea156612d26e640e871fb39c90dd9bd

SHA1
98f72761bcc7a6511876c0930a00625972980aae

SHA256
18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

SHA512
ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
0dabba3f149f39b970d55e286f050778

SHA1
26d601128e83ac9718d6a8981d4dc7d02760339a

SHA256
0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

SHA512
7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
c22f816975c4032a6cc945b888cf1e14

SHA1
79e99924554dd12aea74fb346a66debbee3230b7

SHA256
39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

SHA512
09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
7331299924ffdc94d1d62ce3d5da8199

SHA1
07743d83abd9a9ca0fcdb879d7b0ab388ee04945

SHA256
d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

SHA512
9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\python310.dll
Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\ucrtbase.dll
Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
34004faa65345221d342763a2d9d2c76

SHA1
6e8948cf23c7c5093d427d6704bad894602a6e85

SHA256
323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

SHA512
1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
3ea156612d26e640e871fb39c90dd9bd

SHA1
98f72761bcc7a6511876c0930a00625972980aae

SHA256
18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

SHA512
ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
0dabba3f149f39b970d55e286f050778

SHA1
26d601128e83ac9718d6a8981d4dc7d02760339a

SHA256
0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

SHA512
7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
c22f816975c4032a6cc945b888cf1e14

SHA1
79e99924554dd12aea74fb346a66debbee3230b7

SHA256
39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

SHA512
09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
7331299924ffdc94d1d62ce3d5da8199

SHA1
07743d83abd9a9ca0fcdb879d7b0ab388ee04945

SHA256
d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

SHA512
9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\python310.dll
Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\ucrtbase.dll
Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit
memory/2032-54-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads