fd20c0ba4c97cf33eadd8431c09f0bd620964eb50032edbab7e12cda2430adc8

Analysis

max time kernel
90s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
22-05-2022 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

6.3MB
MD5

2a772b3e47f38d1889edf8e50d7c0cb1
SHA1

bfec4d51800bbb19e707fa7aec18fc7dd0f2f864
SHA256

fd20c0ba4c97cf33eadd8431c09f0bd620964eb50032edbab7e12cda2430adc8
SHA512

2960c0a8785a06f4b1249c8c10cd282bac7769f5d49042f6994c68514f402c25c4da5ac5d565840f91d6694beadf648da34e1d925798d5480edd5901366398ac

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 12 IoCs

Processes:

tmp.exe

pid process

528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
528 tmp.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3792 528 WerFault.exe tmp.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

tmp.exe

description pid process target process

PID 3016 wrote to memory of 528 3016 tmp.exe tmp.exe
PID 3016 wrote to memory of 528 3016 tmp.exe tmp.exe

pid	process
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe
528	tmp.exe

pid	pid_target	process	target process
3792	528	WerFault.exe	tmp.exe

description	pid	process	target process
PID 3016 wrote to memory of 528	3016	tmp.exe	tmp.exe
PID 3016 wrote to memory of 528	3016	tmp.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
- Loads dropped DLL
PID:528

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 528 -s 1192
3⤵
- Program crash
PID:3792

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 528 -ip 528
1⤵
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30162\VCRUNTIME140.dll
Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\VCRUNTIME140.dll
Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_bz2.pyd
Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_bz2.pyd
Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_ctypes.pyd
Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_ctypes.pyd
Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_hashlib.pyd
Filesize
45KB

MD5
496cde3c381c8e33186354631dfad0f1

SHA1
cbdb280ecb54469fd1987b9eff666d519e20249f

SHA256
f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

SHA512
f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_hashlib.pyd
Filesize
45KB

MD5
496cde3c381c8e33186354631dfad0f1

SHA1
cbdb280ecb54469fd1987b9eff666d519e20249f

SHA256
f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

SHA512
f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_lzma.pyd
Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_lzma.pyd
Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_socket.pyd
Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_socket.pyd
Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_ssl.pyd
Filesize
150KB

MD5
fefbb91866778278460e16e44cfb8151

SHA1
53890f03a999078b70b921b104df198f2f481a7c

SHA256
8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

SHA512
449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\_ssl.pyd
Filesize
150KB

MD5
fefbb91866778278460e16e44cfb8151

SHA1
53890f03a999078b70b921b104df198f2f481a7c

SHA256
8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

SHA512
449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\base_library.zip
Filesize
763KB

MD5
dda866cf23f554dbd7a0330c939a9f51

SHA1
958c76d04fd0bfd5cd4b539d4baaeaecc039b662

SHA256
7cfd517ad13a1c28ec012b0e7de0e40c488afee69d6fa7456a38d5dd6af01751

SHA512
05762f22637ab43f288c2d00bb3aaa2020f7086db85015a9aef49177e3e92d45ef00fcf772d4b1789e70be5630d0ae8bf7e469f33747d78d24e1486ee1db1888

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libssl-1_1.dll
Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\libssl-1_1.dll
Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\python38.dll
Filesize
4.0MB

MD5
3cd1e87aeb3d0037d52c8e51030e1084

SHA1
49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

SHA256
13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

SHA512
497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\python38.dll
Filesize
4.0MB

MD5
3cd1e87aeb3d0037d52c8e51030e1084

SHA1
49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

SHA256
13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

SHA512
497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\select.pyd
Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30162\select.pyd
Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit
memory/528-130-0x0000000000000000-mapping.dmp

Download
memory/528-156-0x000001540F940000-0x000001540FD40000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads