0df6eca30071051714c4d1b5bd16e11feb7a76ab208c907771d0dd470d91ab07

Resubmissions

13-05-2022 02:12

220513-cm8pqabgh7 7

12-05-2022 17:45

220512-wbp8sahhem 7

Analysis

max time kernel
5s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
13-05-2022 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueScreen.exe
Size

7.4MB
MD5

3c445a0d0e7d96ebfba730db72bc8e37
SHA1

063dc457d3a879769b118bde5e16816d58388912
SHA256

0df6eca30071051714c4d1b5bd16e11feb7a76ab208c907771d0dd470d91ab07
SHA512

6ff653ca22518dd7766fe451fba56a65f05bb6c3da580e4135832ffb60aa3e9270f823a34ef69ce8d317b733af1be69d942e6312c75f3de4f55c23b4668ea857

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

BlueScreen.exe

pid process

4168 BlueScreen.exe
4168 BlueScreen.exe
4168 BlueScreen.exe
4168 BlueScreen.exe
4168 BlueScreen.exe
4168 BlueScreen.exe
4168 BlueScreen.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

BlueScreen.exe

description pid process

Token: SeShutdownPrivilege 4168 BlueScreen.exe

pid	process
4168	BlueScreen.exe
4168	BlueScreen.exe
4168	BlueScreen.exe
4168	BlueScreen.exe
4168	BlueScreen.exe
4168	BlueScreen.exe
4168	BlueScreen.exe

description	pid	process
Token: SeShutdownPrivilege	4168	BlueScreen.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

BlueScreen.exe

description	pid	process	target process
PID 3236 wrote to memory of 4168	3236	BlueScreen.exe	BlueScreen.exe
PID 3236 wrote to memory of 4168	3236	BlueScreen.exe	BlueScreen.exe

C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe
"C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3236

C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe
"C:\Users\Admin\AppData\Local\Temp\BlueScreen.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI32362\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\_ctypes.pyd
Filesize
116KB

MD5
41a9708af86ae3ebc358e182f67b0fb2

SHA1
accab901e2746f7da03fab8301f81a737b6cc180

SHA256
0bd4ed11f2fb097f235b62eb26a00c0cb16815bbf90ab29f191af823a9fed8cf

SHA512
835f9aa33fdfbb096c31f8ac9a50db9fac35918fc78bce03dae55ea917f738a41f01aee4234a5a91ffa5bdbbd8e529399205592eb0cae3224552c35c098b7843

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\_ctypes.pyd
Filesize
116KB

MD5
41a9708af86ae3ebc358e182f67b0fb2

SHA1
accab901e2746f7da03fab8301f81a737b6cc180

SHA256
0bd4ed11f2fb097f235b62eb26a00c0cb16815bbf90ab29f191af823a9fed8cf

SHA512
835f9aa33fdfbb096c31f8ac9a50db9fac35918fc78bce03dae55ea917f738a41f01aee4234a5a91ffa5bdbbd8e529399205592eb0cae3224552c35c098b7843

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\_socket.pyd
Filesize
73KB

MD5
79c2ff05157ef4ba0a940d1c427c404e

SHA1
17da75d598deaa480cdd43e282398e860763297b

SHA256
f3e0e2f3e70ab142e7ce1a4d551c5623a3317fb398d359e3bd8e26d21847f707

SHA512
f91fc9c65818e74ddc08bbe1ccea49f5f60d6979bc27e1cdb2ef40c2c8a957bd3be7aea5036394abab52d51895290d245fd5c9f84cc3cc554597ae6f85c149e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\_socket.pyd
Filesize
73KB

MD5
79c2ff05157ef4ba0a940d1c427c404e

SHA1
17da75d598deaa480cdd43e282398e860763297b

SHA256
f3e0e2f3e70ab142e7ce1a4d551c5623a3317fb398d359e3bd8e26d21847f707

SHA512
f91fc9c65818e74ddc08bbe1ccea49f5f60d6979bc27e1cdb2ef40c2c8a957bd3be7aea5036394abab52d51895290d245fd5c9f84cc3cc554597ae6f85c149e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\base_library.zip
Filesize
812KB

MD5
2825b9d2dfaf8faf1eb334d46e76ee27

SHA1
bbcadcb6ef7886e8cad2486ffad1daca67d480f9

SHA256
5275220032134dbf6fa04e928b2e6012a2312920471c1ea50332a67b21307391

SHA512
b9918ad5dcbc7220a5a44387364ed76c8816235b2c56d2cd6835e83d0e5cfba34756744ae5960b3abec2712fb6982a4cdbaf5fab246cadc819e126f285ad7d9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\python310.dll
Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\python310.dll
Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\select.pyd
Filesize
25KB

MD5
431464c4813ed60fbf15a8bf77b0e0ce

SHA1
9825f6a8898e38c7a7ddc6f0d4b017449fb54794

SHA256
1f56df23a36132f1e5be4484582c73081516bee67c25ef79beee01180c04c7f0

SHA512
53175384699a7bb3b93467065992753b73d8f3a09e95e301a1a0386c6a1224fa9ed8fa42c99c1ffbcfa6377b6129e3db96e23750e7f23b4130af77d14ac504a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\select.pyd
Filesize
25KB

MD5
431464c4813ed60fbf15a8bf77b0e0ce

SHA1
9825f6a8898e38c7a7ddc6f0d4b017449fb54794

SHA256
1f56df23a36132f1e5be4484582c73081516bee67c25ef79beee01180c04c7f0

SHA512
53175384699a7bb3b93467065992753b73d8f3a09e95e301a1a0386c6a1224fa9ed8fa42c99c1ffbcfa6377b6129e3db96e23750e7f23b4130af77d14ac504a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\ucrtbase.dll
Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32362\ucrtbase.dll
Filesize
986KB

MD5
84514432690f7cf190b1647adf1b1c9c

SHA1
d6d7b26baab64bda6a30f158d5f1fa4f28960f60

SHA256
7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

SHA512
fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

Download Submit
memory/4168-130-0x0000000000000000-mapping.dmp

Download