Overview

overview

7

Static

static

3

f48930a056...d2.exe

windows7_x64

7

f48930a056...d2.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    94s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2.exe

  • Size

    5.1MB

  • MD5

    ec11b09c5f7314c702b59e7f6b58ab39

  • SHA1

    5b8299b919bbb1cb883b794408682acb7476e80b

  • SHA256

    f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2

  • SHA512

    fdc4aa2043a376e6289cffb6ad39b0688f74dfaa31eea17c5fd626cd6623f59a6dd902fa79b21283129068b9a4dd475516c72503ee2572a2afc5f0c57fddd9af

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2.exe
    "C:\Users\Admin\AppData\Local\Temp\f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2.exe
      "C:\Users\Admin\AppData\Local\Temp\f48930a056eabc2d77d9717ba2c22ca0f6313c147b77f7f986413ea524ed9ad2.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140.dll
    Filesize

    81KB

    MD5

    a2523ea6950e248cbdf18c9ea1a844f6

    SHA1

    549c8c2a96605f90d79a872be73efb5d40965444

    SHA256

    6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

    SHA512

    2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140.dll
    Filesize

    81KB

    MD5

    a2523ea6950e248cbdf18c9ea1a844f6

    SHA1

    549c8c2a96605f90d79a872be73efb5d40965444

    SHA256

    6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

    SHA512

    2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\_sqlite3.pyd
    Filesize

    62KB

    MD5

    3a6c9c518da65bd0d04e0bd51c9cf5dc

    SHA1

    f117bcedeb405d87f67ebe10b82dd06b6e088260

    SHA256

    74625e8d5db4c25e0886ac8ce60ba665472e8147a19ad37fc34a22a665be8855

    SHA512

    3754ded6cdb6d4dcf9dad2f78f43ff0c6c30ad05f2012a9ab94891422c304afcdc0530c5098a0f45bf428c67ae3b57ac073162749355683707ba5e628755fd07

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\_sqlite3.pyd
    Filesize

    62KB

    MD5

    3a6c9c518da65bd0d04e0bd51c9cf5dc

    SHA1

    f117bcedeb405d87f67ebe10b82dd06b6e088260

    SHA256

    74625e8d5db4c25e0886ac8ce60ba665472e8147a19ad37fc34a22a665be8855

    SHA512

    3754ded6cdb6d4dcf9dad2f78f43ff0c6c30ad05f2012a9ab94891422c304afcdc0530c5098a0f45bf428c67ae3b57ac073162749355683707ba5e628755fd07

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\base_library.zip
    Filesize

    757KB

    MD5

    a7cb00602111a9549f136b743ed3ef1e

    SHA1

    d6d430db8f01ff4f0c60495f48aa34fb21ced4a9

    SHA256

    2c817b19505fc47505b6b34906d7a5b534b5af4d2fe960bab102d50179030c60

    SHA512

    37666d7f54cb12f1685e18121787beb19826b14d0340653072d8a6979b57b79e614b8eb2c68eb5f066836129f209ffbdc409c83a592cac19c52db9173b183282

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\python36.dll
    Filesize

    3.1MB

    MD5

    1ac97dbe4a81fc2beb509f8da5a3e8b6

    SHA1

    b9e7d3857a10072c8569b2d07e0208059cf9495c

    SHA256

    258dd151e3ec9632d0b49488cc689bcbab172648854e121dc6b5f2e43e58cb62

    SHA512

    c69a7619d3b75d7170e087be9f02afc6d6bd1706aefcb60e84507f33d393f7323b168436f77c540c9439e2045b7577a2fb77ad287e02ff1afac747017478fad1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\python36.dll
    Filesize

    3.1MB

    MD5

    1ac97dbe4a81fc2beb509f8da5a3e8b6

    SHA1

    b9e7d3857a10072c8569b2d07e0208059cf9495c

    SHA256

    258dd151e3ec9632d0b49488cc689bcbab172648854e121dc6b5f2e43e58cb62

    SHA512

    c69a7619d3b75d7170e087be9f02afc6d6bd1706aefcb60e84507f33d393f7323b168436f77c540c9439e2045b7577a2fb77ad287e02ff1afac747017478fad1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\sqlite3.dll
    Filesize

    846KB

    MD5

    647ffe50ba324b12c1b955a487e88cb4

    SHA1

    efc2452c1bc3d48903388e362eb3afaa12688467

    SHA256

    372d66efb14d841fc62501203ea19b2fbb64b214c20f15c6c3d9752d2a4bb08c

    SHA512

    8288fe8778d8dbb61c5557a597b7e41bf2668caeda6388c6bb21b955964dcb1fec043b054d57950d7bf3d1a758495ba128609b19989245ca23fe869eb9a92d2d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\sqlite3.dll
    Filesize

    846KB

    MD5

    647ffe50ba324b12c1b955a487e88cb4

    SHA1

    efc2452c1bc3d48903388e362eb3afaa12688467

    SHA256

    372d66efb14d841fc62501203ea19b2fbb64b214c20f15c6c3d9752d2a4bb08c

    SHA512

    8288fe8778d8dbb61c5557a597b7e41bf2668caeda6388c6bb21b955964dcb1fec043b054d57950d7bf3d1a758495ba128609b19989245ca23fe869eb9a92d2d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI14642\syscheck.exe.manifest
    Filesize

    1KB

    MD5

    20a8967eda19d30c2d7a7f1acd662606

    SHA1

    56c8742794401fa83ea5a2d1f74e03dfddf71912

    SHA256

    6584885ec18e06d4db41970e69414aa45415261a66d17bf3af64f9e6c95a5329

    SHA512

    c91dd24dd7970bd83f662e778f4cc5ea5c563b9b9767ca83058e2f4c2283bbd6efa4c7aac5a6fdddea42aee957fefd2614eff9970c32c06f9328934e575f3ef9

    Download Submit
  • memory/952-130-0x0000000000000000-mapping.dmp
    Download