558607b112f50fbc472d9d72f0d5179b931a461aa473274badd4e064ee432f2a

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ffa3a6e1a8375c2652f45ccaceef095.exe
Size

9.2MB
MD5

3ffa3a6e1a8375c2652f45ccaceef095
SHA1

e5b4c7ada93818fa73d59dbb44aad262bf5a9e14
SHA256

558607b112f50fbc472d9d72f0d5179b931a461aa473274badd4e064ee432f2a
SHA512

3a0f8a45ab8a36e70b266e7dc5f9a5e25063ff06f68d3794f268d36bdbc4b858abcb8d8e6406a5354efd61db6b145f0c5fc6c5f7b787aaf26b048e6704b1c2e5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

3ffa3a6e1a8375c2652f45ccaceef095.exe

pid	process
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe
1944	3ffa3a6e1a8375c2652f45ccaceef095.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3ffa3a6e1a8375c2652f45ccaceef095.exe

description	pid	process	target process
PID 1968 wrote to memory of 1944	1968	3ffa3a6e1a8375c2652f45ccaceef095.exe	3ffa3a6e1a8375c2652f45ccaceef095.exe
PID 1968 wrote to memory of 1944	1968	3ffa3a6e1a8375c2652f45ccaceef095.exe	3ffa3a6e1a8375c2652f45ccaceef095.exe
PID 1968 wrote to memory of 1944	1968	3ffa3a6e1a8375c2652f45ccaceef095.exe	3ffa3a6e1a8375c2652f45ccaceef095.exe

C:\Users\Admin\AppData\Local\Temp\3ffa3a6e1a8375c2652f45ccaceef095.exe
"C:\Users\Admin\AppData\Local\Temp\3ffa3a6e1a8375c2652f45ccaceef095.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\3ffa3a6e1a8375c2652f45ccaceef095.exe
"C:\Users\Admin\AppData\Local\Temp\3ffa3a6e1a8375c2652f45ccaceef095.exe"
2⤵
- Loads dropped DLL
PID:1944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
765a243d3a24dc86b832edf0cb5bf6e1

SHA1
86dbf2de0617d9589cd7f2f2507fbdab7c5c922a

SHA256
76c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec

SHA512
0e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
be64a8905c905581884c987c60f02de0

SHA1
204330902966b5b19552d058c228163a0e425d64

SHA256
fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1

SHA512
de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
5e5b3246910237da716c8b189dc740fd

SHA1
acd1b12a7a5463f2212ba50a1af563073f3eb7aa

SHA256
ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52

SHA512
e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
9e7441ef965b380b75b82a1c9cd3884e

SHA1
274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f

SHA256
8ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f

SHA512
efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
b83d28b1babea99ee95d5e81ea61fb1c

SHA1
f4d492ece484e75b5cdcf680f8c8280b1ae52118

SHA256
baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e

SHA512
dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\python39.dll
Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\ucrtbase.dll
Filesize
986KB

MD5
f7409ff2f0ea3a7b6a18709d4fda563a

SHA1
902eea6263811f6866d2a1df4d3bd7686083d221

SHA256
a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a

SHA512
e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
765a243d3a24dc86b832edf0cb5bf6e1

SHA1
86dbf2de0617d9589cd7f2f2507fbdab7c5c922a

SHA256
76c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec

SHA512
0e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
be64a8905c905581884c987c60f02de0

SHA1
204330902966b5b19552d058c228163a0e425d64

SHA256
fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1

SHA512
de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
5e5b3246910237da716c8b189dc740fd

SHA1
acd1b12a7a5463f2212ba50a1af563073f3eb7aa

SHA256
ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52

SHA512
e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
9e7441ef965b380b75b82a1c9cd3884e

SHA1
274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f

SHA256
8ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f

SHA512
efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
b83d28b1babea99ee95d5e81ea61fb1c

SHA1
f4d492ece484e75b5cdcf680f8c8280b1ae52118

SHA256
baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e

SHA512
dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\python39.dll
Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\ucrtbase.dll
Filesize
986KB

MD5
f7409ff2f0ea3a7b6a18709d4fda563a

SHA1
902eea6263811f6866d2a1df4d3bd7686083d221

SHA256
a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a

SHA512
e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a

Download Submit
memory/1944-55-0x0000000000000000-mapping.dmp

Download
memory/1968-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads