fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38

Analysis

max time kernel
69s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
16-05-2022 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
Size

17.5MB
MD5

2d4aab62e92ac1ccf9e1e282b13042a7
SHA1

5c0ae8cbf858e6b707fd8277f46854b5f7f57412
SHA256

fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38
SHA512

0bcccd97605a44d4a163b1e2790e37a01e5f254cafebbb0ae9bfe1fc78759d4f0298fb4bb81abecc8d422348abb8d0e15255d918fdd37e1353c90a00b85e26be

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

Processes:

fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

pid	process
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

description pid process

Token: 35 1528 fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

description	pid	process
Token: 35	1528	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

description	pid	process	target process
PID 1668 wrote to memory of 1528	1668	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
PID 1668 wrote to memory of 1528	1668	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
PID 1668 wrote to memory of 1528	1668	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe	fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe

C:\Users\Admin\AppData\Local\Temp\fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
"C:\Users\Admin\AppData\Local\Temp\fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe
"C:\Users\Admin\AppData\Local\Temp\fc9c123793826a2a1c9f41de3fdff42ac7b69c262c4f2444b304b777d9ee7c38.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16682\VCRUNTIME140.dll
Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\VIRUUUUZ.exe.manifest
Filesize
1KB

MD5
5e8cf61d2db47c2ae70bd5ff04a20c22

SHA1
c9eb505321594198b5e3f6f78725029acb968a84

SHA256
6f3770926df4e625ad9bea6cb9c743cfd88f147a3f9b253b054d04466980994d

SHA512
32f9c25eecb8d4509403ee25dcd6fd8edfbf7531048170a475ec434b46c2f55a054032b8db8797f6b2449bb3b234196b9718a36bf564ee4c4f756dc9c47a9836

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\_bz2.pyd
Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\_ctypes.pyd
Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\_hashlib.pyd
Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\_lzma.pyd
Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\_socket.pyd
Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\base_library.zip
Filesize
769KB

MD5
4d25342486ea94cd72ed96e4167dec95

SHA1
38bfb9ef54d532de5f71964495fbf91ed947ded1

SHA256
ecb3691b9f62d8ebb6ba37b3502a3f4f431103682ae308ab1be9ca7a9b8cabb9

SHA512
d2fc5b0a9c0a821fa1c1d77fac11d7cbffcfc02d14cfbb3ee93f345bb2a79f19795bb5f4f141b402a16140971dc8bb981f673bfbf00ebecded4303f2bcfc527f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\pyexpat.pyd
Filesize
198KB

MD5
6500aa010c8b50ffd1544f08af03fa4f

SHA1
a03f9f70d4ecc565f0fae26ef690d63e3711a20a

SHA256
752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

SHA512
f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\python3.DLL
Filesize
57KB

MD5
274853e19235d411a751a750c54b9893

SHA1
97bd15688b549cd5dbf49597af508c72679385af

SHA256
d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

SHA512
580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\python37.dll
Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\pythoncom37.dll
Filesize
541KB

MD5
f82307abe1f4a00def94d0ec15d8cf8c

SHA1
213ecb718d15214645d742579db40acd0badb332

SHA256
335a0efd7d65fbdca5fac19c6c7a4772cbd31909206b2934a6a409b30d276b70

SHA512
56591f0e90b0def9eb761a30df5e3978aca68aa38f9f68f867c175c7b5b2837144ee62b29f02911eb016323067a2fd81da3da044c5b37aa0a9d58b556e08cd76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\pywintypes37.dll
Filesize
136KB

MD5
6d932e5bcb97cd88becc29d74aa6c5fd

SHA1
8acd48adac80ad77e6a5e0bcad274ad650651d68

SHA256
dfa36240a39757f676eb5636ed32f28f23f09d81c47e6fca0ee51dfa94074e0f

SHA512
fed93d1d9624f08d4aa6f6d0e194d9d43ad19e1209b8944fad0347f80e24e20f4ba7c7274437eadada782760b3e1c7904d702115688e4ebb3b1b4ba5aa821635

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\select.pyd
Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16682\win32api.pyd
Filesize
129KB

MD5
5bb26a51ae46c298bc41453eb0ae9018

SHA1
87e7cce7774c9327d747f279cf04c3e22f92f91e

SHA256
6afd5bbfe14cc756b59013a7beb8d23729a6c71f848b8975813b08ed4789694b

SHA512
bdfc78737ae22ed1358bc261bce0bb363a19bf429a2f191cc24559f206dd032322ec265f74179b1b45e7de747362d4bbfd6c314c167d052b7b60890ce032f340

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\VCRUNTIME140.dll
Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\_bz2.pyd
Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\_ctypes.pyd
Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\_hashlib.pyd
Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\_lzma.pyd
Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\_socket.pyd
Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\pyexpat.pyd
Filesize
198KB

MD5
6500aa010c8b50ffd1544f08af03fa4f

SHA1
a03f9f70d4ecc565f0fae26ef690d63e3711a20a

SHA256
752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

SHA512
f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\python3.dll
Filesize
57KB

MD5
274853e19235d411a751a750c54b9893

SHA1
97bd15688b549cd5dbf49597af508c72679385af

SHA256
d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

SHA512
580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\python37.dll
Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\pythoncom37.dll
Filesize
541KB

MD5
f82307abe1f4a00def94d0ec15d8cf8c

SHA1
213ecb718d15214645d742579db40acd0badb332

SHA256
335a0efd7d65fbdca5fac19c6c7a4772cbd31909206b2934a6a409b30d276b70

SHA512
56591f0e90b0def9eb761a30df5e3978aca68aa38f9f68f867c175c7b5b2837144ee62b29f02911eb016323067a2fd81da3da044c5b37aa0a9d58b556e08cd76

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\pywintypes37.dll
Filesize
136KB

MD5
6d932e5bcb97cd88becc29d74aa6c5fd

SHA1
8acd48adac80ad77e6a5e0bcad274ad650651d68

SHA256
dfa36240a39757f676eb5636ed32f28f23f09d81c47e6fca0ee51dfa94074e0f

SHA512
fed93d1d9624f08d4aa6f6d0e194d9d43ad19e1209b8944fad0347f80e24e20f4ba7c7274437eadada782760b3e1c7904d702115688e4ebb3b1b4ba5aa821635

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\select.pyd
Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16682\win32api.pyd
Filesize
129KB

MD5
5bb26a51ae46c298bc41453eb0ae9018

SHA1
87e7cce7774c9327d747f279cf04c3e22f92f91e

SHA256
6afd5bbfe14cc756b59013a7beb8d23729a6c71f848b8975813b08ed4789694b

SHA512
bdfc78737ae22ed1358bc261bce0bb363a19bf429a2f191cc24559f206dd032322ec265f74179b1b45e7de747362d4bbfd6c314c167d052b7b60890ce032f340

Download Submit
memory/1528-54-0x0000000000000000-mapping.dmp

Download