Overview

overview

7

Static

static

3

63cf24a78f...bb.exe

windows7_x64

7

63cf24a78f...bb.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    22-05-2022 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63cf24a78f7a8348ce068c2c7f4c49bb.exe

  • Size

    5.6MB

  • MD5

    63cf24a78f7a8348ce068c2c7f4c49bb

  • SHA1

    b3a12b4d0dae0832528225d403454702d6e59919

  • SHA256

    ec88ec45de1d62f50d19ee38f2ac3aec950ede9f22ab629e59834f79ca3858a1

  • SHA512

    095c732f0722f25090dc2739a69ec4fefb823dcf4458e5b272fb383a357b892b86be50a702a55716bea6a85cb17b8fdd5aa09bcada2d9ec78d3bf85933a80488

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63cf24a78f7a8348ce068c2c7f4c49bb.exe
    "C:\Users\Admin\AppData\Local\Temp\63cf24a78f7a8348ce068c2c7f4c49bb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\Users\Admin\AppData\Local\Temp\63cf24a78f7a8348ce068c2c7f4c49bb.exe
      "C:\Users\Admin\AppData\Local\Temp\63cf24a78f7a8348ce068c2c7f4c49bb.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:3108
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3448
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    1⤵
      PID:2596

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\VCRUNTIME140.dll
      Filesize

      84KB

      MD5

      ae96651cfbd18991d186a029cbecb30c

      SHA1

      18df8af1022b5cb188e3ee98ac5b4da24ac9c526

      SHA256

      1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

      SHA512

      42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\VCRUNTIME140.dll
      Filesize

      84KB

      MD5

      ae96651cfbd18991d186a029cbecb30c

      SHA1

      18df8af1022b5cb188e3ee98ac5b4da24ac9c526

      SHA256

      1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

      SHA512

      42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_bz2.pyd
      Filesize

      71KB

      MD5

      2dd25ac2510c5640169d89ee220e748e

      SHA1

      38fd561088e61e4dbb97a026bfee8fbf6533250e

      SHA256

      f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54

      SHA512

      e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_bz2.pyd
      Filesize

      71KB

      MD5

      2dd25ac2510c5640169d89ee220e748e

      SHA1

      38fd561088e61e4dbb97a026bfee8fbf6533250e

      SHA256

      f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54

      SHA512

      e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_hashlib.pyd
      Filesize

      31KB

      MD5

      d7fb745382c6356cb58a865b7868a87f

      SHA1

      c05940c7e57e7e1c8e031d1644cd91f507adf5e1

      SHA256

      a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d

      SHA512

      1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_hashlib.pyd
      Filesize

      31KB

      MD5

      d7fb745382c6356cb58a865b7868a87f

      SHA1

      c05940c7e57e7e1c8e031d1644cd91f507adf5e1

      SHA256

      a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d

      SHA512

      1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_lzma.pyd
      Filesize

      180KB

      MD5

      3f9883975873f598093f33164be01fbc

      SHA1

      851b304266d19ec89193ade145e7aa7094cb9217

      SHA256

      1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831

      SHA512

      a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_lzma.pyd
      Filesize

      180KB

      MD5

      3f9883975873f598093f33164be01fbc

      SHA1

      851b304266d19ec89193ade145e7aa7094cb9217

      SHA256

      1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831

      SHA512

      a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_socket.pyd
      Filesize

      65KB

      MD5

      86d72934a494121978ef74c8b8aca5a4

      SHA1

      3c15697eee23365722f79d70710ac0a1ba5de6e1

      SHA256

      24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb

      SHA512

      b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_socket.pyd
      Filesize

      65KB

      MD5

      86d72934a494121978ef74c8b8aca5a4

      SHA1

      3c15697eee23365722f79d70710ac0a1ba5de6e1

      SHA256

      24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb

      SHA512

      b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_ssl.pyd
      Filesize

      101KB

      MD5

      6e8d415d50d8292dbfb479447ac09c27

      SHA1

      cb2154d70a5cb9a875309e0860b82a825c6416f0

      SHA256

      5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0

      SHA512

      a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\_ssl.pyd
      Filesize

      101KB

      MD5

      6e8d415d50d8292dbfb479447ac09c27

      SHA1

      cb2154d70a5cb9a875309e0860b82a825c6416f0

      SHA256

      5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0

      SHA512

      a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\base_library.zip
      Filesize

      776KB

      MD5

      af13fd074531a90928f2dca912f0356a

      SHA1

      bb2ce92794478a88191f4bda01fd6fec58378595

      SHA256

      750fe26efd96674d32df7e00eddb03d88ae4a3eb8d4f99d8f00a9c2d4caaef48

      SHA512

      0d77fafeb095819090738325e0aa5eef236f2a5e89dd1438dfc1aaaf2ac1d43384584fab003df2586e4fde4dd962487499627240dcb01bc51e0c2e63528cbbfa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\libcrypto-1_1.dll
      Filesize

      1.8MB

      MD5

      25c4ebe7eb728eb40f9f9857849abad9

      SHA1

      d907b46d6b5924a4d887438583145b8d2edda10c

      SHA256

      ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a

      SHA512

      9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\libcrypto-1_1.dll
      Filesize

      1.8MB

      MD5

      25c4ebe7eb728eb40f9f9857849abad9

      SHA1

      d907b46d6b5924a4d887438583145b8d2edda10c

      SHA256

      ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a

      SHA512

      9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\libssl-1_1.dll
      Filesize

      396KB

      MD5

      a11c90defa3969b20b8730450447636c

      SHA1

      05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0

      SHA256

      5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255

      SHA512

      d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\libssl-1_1.dll
      Filesize

      396KB

      MD5

      a11c90defa3969b20b8730450447636c

      SHA1

      05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0

      SHA256

      5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255

      SHA512

      d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\python37.dll
      Filesize

      3.4MB

      MD5

      c66cff63d88f6e9dd4d8e12263a928b5

      SHA1

      95c617965db8d8ddb76c2775a2441d1609605162

      SHA256

      1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718

      SHA512

      993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\python37.dll
      Filesize

      3.4MB

      MD5

      c66cff63d88f6e9dd4d8e12263a928b5

      SHA1

      95c617965db8d8ddb76c2775a2441d1609605162

      SHA256

      1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718

      SHA512

      993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\select.pyd
      Filesize

      22KB

      MD5

      91ce806fb378ca8e5752aefeb5775da8

      SHA1

      5d18e0120b181f56562c228a360283fed1071d1f

      SHA256

      715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6

      SHA512

      ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\select.pyd
      Filesize

      22KB

      MD5

      91ce806fb378ca8e5752aefeb5775da8

      SHA1

      5d18e0120b181f56562c228a360283fed1071d1f

      SHA256

      715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6

      SHA512

      ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\ucrtbase.dll
      Filesize

      1.1MB

      MD5

      df160b9471e9ce9aa4efcfe625673310

      SHA1

      54d14ace2f00a93c28984a577ebb47929d29e3cf

      SHA256

      c8dbd811bb85d7e17d457c7938c15ef39dbde395f82e967387e082f2c9860748

      SHA512

      956af4328eaa55ca44d3c64aa6463f5e4d771d390afae0db9267df8267bad146177b9d7fdae817ec8aaba49d0bcada3f6d55cfa8bdefa9fa3610fc9c9353cd29

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\ucrtbase.dll
      Filesize

      1.1MB

      MD5

      df160b9471e9ce9aa4efcfe625673310

      SHA1

      54d14ace2f00a93c28984a577ebb47929d29e3cf

      SHA256

      c8dbd811bb85d7e17d457c7938c15ef39dbde395f82e967387e082f2c9860748

      SHA512

      956af4328eaa55ca44d3c64aa6463f5e4d771d390afae0db9267df8267bad146177b9d7fdae817ec8aaba49d0bcada3f6d55cfa8bdefa9fa3610fc9c9353cd29

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\unicodedata.pyd
      Filesize

      1.0MB

      MD5

      c184941d097bf03782cc74b785e6dada

      SHA1

      c4ca2607047ef69e0cff516d38c4147087f45b02

      SHA256

      95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891

      SHA512

      1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\_MEI31362\unicodedata.pyd
      Filesize

      1.0MB

      MD5

      c184941d097bf03782cc74b785e6dada

      SHA1

      c4ca2607047ef69e0cff516d38c4147087f45b02

      SHA256

      95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891

      SHA512

      1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

      Download Submit
    • memory/3108-130-0x0000000000000000-mapping.dmp
      Download