Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 18:06

General

  • Target

    ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63.exe

  • Size

    5.7MB

  • MD5

    0a2480dee0105e3cf1bacf79d6bc279c

  • SHA1

    79caa6e3dd9615e8d4d4157d37738bafdc3d7925

  • SHA256

    ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63

  • SHA512

    a843363292f5c96d02a046b4b95b188d374930234a2dfce1391a0c3bb4292662d2e961f716d6901b6b70c4543d5e8b9cf286398ffee8f8133d2da65d5866116a

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63.exe
    "C:\Users\Admin\AppData\Local\Temp\ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63.exe
      "C:\Users\Admin\AppData\Local\Temp\ed1b8ecb82dcdf896791aadeb9d85344b7e8229f4355dcf24e7c7cee39818f63.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1928

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19762\k.exe.manifest
    Filesize

    1KB

    MD5

    ff71392394fc9b65d543b274b6081d09

    SHA1

    17600db41d78108ba44c38254ce513cc4a7384cd

    SHA256

    2914ccc346196be3e1bfd13e9fec870c9f775b6f18484faf757b7b7957f69d80

    SHA512

    7dbc1cd28bed46ad637d91e9934e9b4186d255074129eae1388e432f546731a204eb1c63d3ba0786385d85e33f12f18ab2eb60a24fab166c049fcc6ce070d42f

  • C:\Users\Admin\AppData\Local\Temp\_MEI19762\python27.dll
    Filesize

    2.5MB

    MD5

    797f4566d81c04ed5f21637d2d64197f

    SHA1

    63b3fc75231fafbd40a973a37812f1771ed4b5bf

    SHA256

    441caf8a1aed00caf6e9b28fec67a25c0af16fc1150c3caf848148397cc48e0e

    SHA512

    93f2370d600f35dafaadea426c65479e05246204513c28839903206ba3fa7b2c847a427a76ed3e522d5a27f251b5926d2f23506073fe182cac8546dab4d13e28

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_hashlib.pyd
    Filesize

    990KB

    MD5

    ca928e89b3153a303b20db5bb02171a6

    SHA1

    a843d0cf34367441c64b27bef35d2a0cc3bd479b

    SHA256

    8b0a26be2cdf95351f27d407f3ddb235f803bb0abb3004c73b5a53f614a559ee

    SHA512

    defbf4ad1a00b9867e7934bb5edc5f157d2fcf6d3567604084ea168deb4db7c22477b252b739b0987ed421f8651aa87136ca4e1e77515a36d5d764336d926aa2

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_socket.pyd
    Filesize

    46KB

    MD5

    c09b45502b40e17ea85da99b45c97bb9

    SHA1

    0578ad2993c827502f47f78184cb640a3029a368

    SHA256

    67b9dc047566250da1905751c96208bc78b2d558446e4e447ed32dbfdd399c13

    SHA512

    3c66d3f8ab7aa2930b3ba78f06711d107c9016d202a67de8d2d3806bab536549dd82f83c0331b44ff9ac5231273876515e0034bdbde7436853d17c16903150a1

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_ssl.pyd
    Filesize

    1.3MB

    MD5

    f12a4d8a3bb4d4c589cebc25373ca1ff

    SHA1

    3e018b0b54bec184c182de381a02aaadece97a39

    SHA256

    01a11ad86603f47ee4b5aac18d6534d43865a16978aa245ebbc29ba68d701078

    SHA512

    6928c03b242a658bd61e443b39ac5f98e6ca590f29be30ec6c9f3505aae3da98307b01c38ac6f294e7ea59765c6302f9c27bbe05a13a167aa90559487cb865ec

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\pyHook._cpyHook.pyd
    Filesize

    26KB

    MD5

    3c7cb79171e636137acd8fdf42ea10df

    SHA1

    1eec5cf28be22f9cc64ae640d584daeb35601403

    SHA256

    03a59137ca8f9dda395079daddd7fcf0636543f41cc0c2fcf19bea492eb4ad80

    SHA512

    dc161bbecec77c86a3c70f1a7c2d5c7d029c8cfad8e1606b90372da5a49d601f3146cf52fb56d453637195c1bcabe66f633c5dca1c5b106bb33025d5f9704d14

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\pythoncom27.dll
    Filesize

    387KB

    MD5

    52b865ec9937c6b1f6ba686b7e21258d

    SHA1

    b9e108968574577364048c18d4d6b21912bd4454

    SHA256

    5df515976d0f2955ae4be1e19990de644e5461db98b0ce91ca6b0e22851fea52

    SHA512

    6c172889a48aa3fef43250fe52b97911e79aa153e14471fce95aff5340c4646b1cf9b89942849c50e2903ee21ec345295989d49899fc6bf5782421e087d9c219

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\pywintypes27.dll
    Filesize

    107KB

    MD5

    a28653caf591fc7b4c7971821deb9a56

    SHA1

    5ff590e23cbb45ae4a441eeecf2d0609103eec08

    SHA256

    88d8eb5894c47990b4ff88e94a75f59c498cfd16b0f29894f0947f5ed2a862f3

    SHA512

    c1bbb29e2aaa6181aeccd19d2843646e1e2dd7d33e7ace04f9df215ec5bdc604ce170e5ee6cefbe646663c278e0e9e1332c4fd63f241d2db0e66bcd7950bdd92

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\win32api.pyd
    Filesize

    98KB

    MD5

    04e34bf4a5bb715c7263401f0415cc3c

    SHA1

    0a2ec0b7a02ecfb2c4423aac0fa80565b03fd9dd

    SHA256

    3f85787b2d9ccded7176fd564cde748fd73cc79c0812ecf0d87d7bb0e92f88d2

    SHA512

    5e642e62cb9ef92a2894ee0258ca89188d1875dfb37700cd9474fe9c99bef85df718469885b98f56b44082ed3b76f4a33b27e6bf1cfacbea7f731d31f49d19c7

  • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\win32event.pyd
    Filesize

    18KB

    MD5

    dc7a5c18901f304260ce1bb4507494d8

    SHA1

    519393c319d28207c89f416bfa8ed2a7feed2dfd

    SHA256

    b1fc1d89f5c4d7c5af342107e9460eccbc638608077298bafcefa50889f172da

    SHA512

    17564adbb4ded84e3c38087510f067de1342f9960df4bc639ea94bb2034fc8c09d8fc6f7670d9b6f0c6957147f3822adea373189dcd33b8374d7a64b4fb4cb04

  • \Users\Admin\AppData\Local\Temp\_MEI19762\python27.dll
    Filesize

    2.5MB

    MD5

    797f4566d81c04ed5f21637d2d64197f

    SHA1

    63b3fc75231fafbd40a973a37812f1771ed4b5bf

    SHA256

    441caf8a1aed00caf6e9b28fec67a25c0af16fc1150c3caf848148397cc48e0e

    SHA512

    93f2370d600f35dafaadea426c65479e05246204513c28839903206ba3fa7b2c847a427a76ed3e522d5a27f251b5926d2f23506073fe182cac8546dab4d13e28

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\_hashlib.pyd
    Filesize

    990KB

    MD5

    ca928e89b3153a303b20db5bb02171a6

    SHA1

    a843d0cf34367441c64b27bef35d2a0cc3bd479b

    SHA256

    8b0a26be2cdf95351f27d407f3ddb235f803bb0abb3004c73b5a53f614a559ee

    SHA512

    defbf4ad1a00b9867e7934bb5edc5f157d2fcf6d3567604084ea168deb4db7c22477b252b739b0987ed421f8651aa87136ca4e1e77515a36d5d764336d926aa2

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\_socket.pyd
    Filesize

    46KB

    MD5

    c09b45502b40e17ea85da99b45c97bb9

    SHA1

    0578ad2993c827502f47f78184cb640a3029a368

    SHA256

    67b9dc047566250da1905751c96208bc78b2d558446e4e447ed32dbfdd399c13

    SHA512

    3c66d3f8ab7aa2930b3ba78f06711d107c9016d202a67de8d2d3806bab536549dd82f83c0331b44ff9ac5231273876515e0034bdbde7436853d17c16903150a1

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\_ssl.pyd
    Filesize

    1.3MB

    MD5

    f12a4d8a3bb4d4c589cebc25373ca1ff

    SHA1

    3e018b0b54bec184c182de381a02aaadece97a39

    SHA256

    01a11ad86603f47ee4b5aac18d6534d43865a16978aa245ebbc29ba68d701078

    SHA512

    6928c03b242a658bd61e443b39ac5f98e6ca590f29be30ec6c9f3505aae3da98307b01c38ac6f294e7ea59765c6302f9c27bbe05a13a167aa90559487cb865ec

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\pyHook._cpyHook.pyd
    Filesize

    26KB

    MD5

    3c7cb79171e636137acd8fdf42ea10df

    SHA1

    1eec5cf28be22f9cc64ae640d584daeb35601403

    SHA256

    03a59137ca8f9dda395079daddd7fcf0636543f41cc0c2fcf19bea492eb4ad80

    SHA512

    dc161bbecec77c86a3c70f1a7c2d5c7d029c8cfad8e1606b90372da5a49d601f3146cf52fb56d453637195c1bcabe66f633c5dca1c5b106bb33025d5f9704d14

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\pythoncom27.dll
    Filesize

    387KB

    MD5

    52b865ec9937c6b1f6ba686b7e21258d

    SHA1

    b9e108968574577364048c18d4d6b21912bd4454

    SHA256

    5df515976d0f2955ae4be1e19990de644e5461db98b0ce91ca6b0e22851fea52

    SHA512

    6c172889a48aa3fef43250fe52b97911e79aa153e14471fce95aff5340c4646b1cf9b89942849c50e2903ee21ec345295989d49899fc6bf5782421e087d9c219

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\pywintypes27.dll
    Filesize

    107KB

    MD5

    a28653caf591fc7b4c7971821deb9a56

    SHA1

    5ff590e23cbb45ae4a441eeecf2d0609103eec08

    SHA256

    88d8eb5894c47990b4ff88e94a75f59c498cfd16b0f29894f0947f5ed2a862f3

    SHA512

    c1bbb29e2aaa6181aeccd19d2843646e1e2dd7d33e7ace04f9df215ec5bdc604ce170e5ee6cefbe646663c278e0e9e1332c4fd63f241d2db0e66bcd7950bdd92

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\win32api.pyd
    Filesize

    98KB

    MD5

    04e34bf4a5bb715c7263401f0415cc3c

    SHA1

    0a2ec0b7a02ecfb2c4423aac0fa80565b03fd9dd

    SHA256

    3f85787b2d9ccded7176fd564cde748fd73cc79c0812ecf0d87d7bb0e92f88d2

    SHA512

    5e642e62cb9ef92a2894ee0258ca89188d1875dfb37700cd9474fe9c99bef85df718469885b98f56b44082ed3b76f4a33b27e6bf1cfacbea7f731d31f49d19c7

  • \Users\Admin\AppData\Local\Temp\_MEI19~1\win32event.pyd
    Filesize

    18KB

    MD5

    dc7a5c18901f304260ce1bb4507494d8

    SHA1

    519393c319d28207c89f416bfa8ed2a7feed2dfd

    SHA256

    b1fc1d89f5c4d7c5af342107e9460eccbc638608077298bafcefa50889f172da

    SHA512

    17564adbb4ded84e3c38087510f067de1342f9960df4bc639ea94bb2034fc8c09d8fc6f7670d9b6f0c6957147f3822adea373189dcd33b8374d7a64b4fb4cb04

  • memory/1928-54-0x0000000000000000-mapping.dmp
  • memory/1928-58-0x00000000757C1000-0x00000000757C3000-memory.dmp
    Filesize

    8KB