4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027

Analysis

max time kernel
25s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
Size

4.6MB
MD5

33eb91a8ccf139429b32bde7ff04dbb9
SHA1

061bec84ce66c48a5fed92a0ea497e99d255788e
SHA256

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027
SHA512

a08e01950ad4179dcfbbcadcc1405ec44df5a156525738423efade577e7deb1d20844d951d1e0dd844a3702d349e278ad9b86504dee8edb4b87e39f33df1a2c2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

pid	process
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description pid process

Token: 35 908 4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description	pid	process
Token: 35	908	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description	pid	process	target process
PID 876 wrote to memory of 908	876	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
PID 876 wrote to memory of 908	876	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
PID 876 wrote to memory of 908	876	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
PID 876 wrote to memory of 908	876	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
"C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:876

C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
"C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI8762\Crypto.Cipher._AES.pyd
Filesize
29KB

MD5
3c4ab2e06feb6e4ca1b7a1244055671a

SHA1
a4c3c44b45248b7cf53881e6d8efa8d557e100a9

SHA256
c7e4194470a677304fad05c771654e6986c32bc29a04c3c4c52594172d83cb23

SHA512
7531b4ecf3c2a37b33b790e403cf69c6c90c33b0236ad65996fad6e5fdd0e831935126ed96026f612d6fdd2847f2d7b01823f49fbdbd8c95b434fbdd9aaf557c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\TOHA.exe.manifest
Filesize
1KB

MD5
6e9aeeb6c6d486c92fdd6b4856bb4272

SHA1
5c90512ce0bd5eee90a7717498c6fdef6f7da7a8

SHA256
46a05c99cff2f39c7d936d5c346f53c3bbbf66406ed8599dd6e6fc4b77ef7da4

SHA512
deebe03c65baaf4b975900ffb47d18f467a1e24e411ca2d60dfbe8e647ab20db3263ebd8d6463ad4757901225636dc90bb927206dd46738d089c11784e50378d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\_ctypes.pyd
Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\_hashlib.pyd
Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\_socket.pyd
Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\base_library.zip
Filesize
717KB

MD5
12befbf27183c0e665b660c9055d2032

SHA1
b0d10065c1b2a5fc08dfc5035e7ac6f411814720

SHA256
b292d422771d96cade2012a5af9ae0fc11f9ab39375f544390275e6393b3e17d

SHA512
f1a35a8bc14ec06d1fefe00d76bfdaaea71b763c2640d1c67248c117bc27cebfb57e9ef3432e7853a3ddb8a769c98d20824f0bfd995d43c7e1b326d476207ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\python34.dll
Filesize
1.8MB

MD5
003eba96df4727b47b79b1266a0020dd

SHA1
b5341c415989d864c0e1fd57d86e100b751076c6

SHA256
74ae2bf0083c30d07cd5daaca76181aab7fe82cc42fc2fdfc40793354833d133

SHA512
9708f7ef921c4a727f7a828c24fcaac559ab92fc9184fc2119857192bb28720ec5967e7714d0df10d378df9b0f267a3e1c4343aa0953f5849afb86ba08585075

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\unicodedata.pyd
Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\Crypto.Cipher._AES.pyd
Filesize
29KB

MD5
3c4ab2e06feb6e4ca1b7a1244055671a

SHA1
a4c3c44b45248b7cf53881e6d8efa8d557e100a9

SHA256
c7e4194470a677304fad05c771654e6986c32bc29a04c3c4c52594172d83cb23

SHA512
7531b4ecf3c2a37b33b790e403cf69c6c90c33b0236ad65996fad6e5fdd0e831935126ed96026f612d6fdd2847f2d7b01823f49fbdbd8c95b434fbdd9aaf557c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\_ctypes.pyd
Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\_hashlib.pyd
Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\_socket.pyd
Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\python34.dll
Filesize
1.8MB

MD5
91299d956ae0a4c42a602092d78a408a

SHA1
2306da67961a66a5266e9448efc268806aaab6b1

SHA256
3b937e3f72e17bb5b366de74aa7deded109d554133815f8a054bdb7fcee06b1a

SHA512
ac67b03e84166e6a895425b84ecbe5f6ad04526a93b6152e255f47f9a876b0c1458b5959bbe8947faa0190ccd03dc4ca3e922b330cf02c8d4ca9819c826c077c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\unicodedata.pyd
Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
memory/908-58-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/908-54-0x0000000000000000-mapping.dmp

Download