f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6

Analysis

max time kernel
39s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-05-2022 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
Size

4.7MB
MD5

769c2d567d7ba55b148888c511d11387
SHA1

67a3c612b08de092e8d508811677b8668a0ef72a
SHA256

f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6
SHA512

9953977fae38708e5d87732b0c71a130be7c5a59acfe9ccb478e2aa9e5aae18c7f735b2f6d83215124254d8f3cf6df78e98aef0f456d4c5209c86c11899913f7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

pid	process
1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

description pid process

Token: 35 1108 f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

description	pid	process
Token: 35	1108	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

description	pid	process	target process
PID 960 wrote to memory of 1108	960	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
PID 960 wrote to memory of 1108	960	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
PID 960 wrote to memory of 1108	960	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
PID 960 wrote to memory of 1108	960	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe	f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe

C:\Users\Admin\AppData\Local\Temp\f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
"C:\Users\Admin\AppData\Local\Temp\f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Users\Admin\AppData\Local\Temp\f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe
"C:\Users\Admin\AppData\Local\Temp\f48af15629e921ad7ef3779e4e3f00fb10eecbd7cdec7bb9068071ba2e8c4dd6.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1108

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI9602\VCRUNTIME140.dll
Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\_ctypes.pyd
Filesize
100KB

MD5
e23c5557d84d3528d9cdcdee0e78afd0

SHA1
6cf971e5d016c32bb3e82ac07d71ac1258678419

SHA256
85491fff6cc61772948a1a92f329b2a9872ea16dd261011cfc1ef1a35fa5e6bb

SHA512
18ed82907d45bc3fa6a0568b910610b1cc7ba8d7d3251dec341dcbd624361c3a4fff8d51ad4300e8453890553909ea7d58d3cd9b46a625f1245328d3757912b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\_socket.pyd
Filesize
62KB

MD5
6a57a7bf8124875687bc60f57f4a26d1

SHA1
657dfd76df01cba4b590f29dcc1769c488f40787

SHA256
a824a0df8ca068f889837c4da04fa65e90b2c71b6ab28b11827ea615dc697695

SHA512
7adf5de1858588173af338b88807e00f04ce15b9ccf3ec028f271a49ac1ea96a1770d6fb5a7bf2f2e654d28a3fbde2deff16a38fb2d45e1dc6e508e868f36f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\base_library.zip
Filesize
757KB

MD5
06a92547c48c7d9dcae13f12b0032133

SHA1
d60d18bc97fab92029040a5bb29ecdce31d017ab

SHA256
8e341b5e6a49fc15409578cd93daa39364956beb46ba6f91022e12b0a10ac0c1

SHA512
011279cdd0db77a2686e515b659d35d0f008eb477ac7d8c1e20bce080de15a8a4c42e42c60a859fa156fe4ef586ef3351929450b909521056ccd10e9c9a69cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\bypass.exe.manifest
Filesize
1KB

MD5
6c224b69328579d437feab54a5a4d6a7

SHA1
eb42c6a561ec558f86d2d3b5a044a7ca95e82b1f

SHA256
da180c6fe4c38b2e1652e10fcbb52c95d4f87df91172f1447af0f9cb0a90f618

SHA512
4e616ac25f8893433bfc14c5721ef94eb424f0bfd2a703de164cf8d05362e4436a584bb961db9e971b490ceb0217671689ec7915371ab63196a972856dbc3106

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\python36.dll
Filesize
3.2MB

MD5
4ae29bdbc36bcad281034fb43247612e

SHA1
7bd80e6e58763aa6cd94eff31989ff5b732d8741

SHA256
927b879e8877e332e7580944fcae65d767a894fbcbd968b2b57199800eaf98cf

SHA512
5c679fea125ca933a00574050716f9eae2be80c46ce5080c69237eb851fd9b4f6f19a8dfdf6b389ddb493ae0a060e50bd70eff7a78499ba57d9b5ba0ac127633

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9602\select.pyd
Filesize
23KB

MD5
ba320fb122df4277e24a6b60965ae48a

SHA1
8de41702f09cb13546ce3e8519b8689ef66621d5

SHA256
1c4876e281eb1f77c7eda612ae4c91b311fab02b96a1061f915872633ff5501c

SHA512
b11d43c545efdfcec399db38a3a13169c98ad1b782208afea816ffedb366ee1ce2c1ea24935887398c18bd3f537033695dfe774c8fd4ae0d687028f11c0524e9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9602\VCRUNTIME140.dll
Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9602\_ctypes.pyd
Filesize
100KB

MD5
e23c5557d84d3528d9cdcdee0e78afd0

SHA1
6cf971e5d016c32bb3e82ac07d71ac1258678419

SHA256
85491fff6cc61772948a1a92f329b2a9872ea16dd261011cfc1ef1a35fa5e6bb

SHA512
18ed82907d45bc3fa6a0568b910610b1cc7ba8d7d3251dec341dcbd624361c3a4fff8d51ad4300e8453890553909ea7d58d3cd9b46a625f1245328d3757912b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9602\_socket.pyd
Filesize
62KB

MD5
6a57a7bf8124875687bc60f57f4a26d1

SHA1
657dfd76df01cba4b590f29dcc1769c488f40787

SHA256
a824a0df8ca068f889837c4da04fa65e90b2c71b6ab28b11827ea615dc697695

SHA512
7adf5de1858588173af338b88807e00f04ce15b9ccf3ec028f271a49ac1ea96a1770d6fb5a7bf2f2e654d28a3fbde2deff16a38fb2d45e1dc6e508e868f36f27

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9602\python36.dll
Filesize
3.2MB

MD5
4ae29bdbc36bcad281034fb43247612e

SHA1
7bd80e6e58763aa6cd94eff31989ff5b732d8741

SHA256
927b879e8877e332e7580944fcae65d767a894fbcbd968b2b57199800eaf98cf

SHA512
5c679fea125ca933a00574050716f9eae2be80c46ce5080c69237eb851fd9b4f6f19a8dfdf6b389ddb493ae0a060e50bd70eff7a78499ba57d9b5ba0ac127633

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9602\select.pyd
Filesize
23KB

MD5
ba320fb122df4277e24a6b60965ae48a

SHA1
8de41702f09cb13546ce3e8519b8689ef66621d5

SHA256
1c4876e281eb1f77c7eda612ae4c91b311fab02b96a1061f915872633ff5501c

SHA512
b11d43c545efdfcec399db38a3a13169c98ad1b782208afea816ffedb366ee1ce2c1ea24935887398c18bd3f537033695dfe774c8fd4ae0d687028f11c0524e9

Download Submit
memory/1108-54-0x0000000000000000-mapping.dmp

Download