4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027

Analysis

max time kernel
150s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
Size

4.6MB
MD5

33eb91a8ccf139429b32bde7ff04dbb9
SHA1

061bec84ce66c48a5fed92a0ea497e99d255788e
SHA256

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027
SHA512

a08e01950ad4179dcfbbcadcc1405ec44df5a156525738423efade577e7deb1d20844d951d1e0dd844a3702d349e278ad9b86504dee8edb4b87e39f33df1a2c2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

pid	process
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description pid process

Token: 35 1856 4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description	pid	process
Token: 35	1856	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

description	pid	process	target process
PID 4532 wrote to memory of 1856	4532	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
PID 4532 wrote to memory of 1856	4532	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
PID 4532 wrote to memory of 1856	4532	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe	4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe

C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
"C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4532

C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe
"C:\Users\Admin\AppData\Local\Temp\4192d2ae55aa5afb00eb02f1628173fca2845ffd8446ff3e1c84268a5a6b9027.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45322\Crypto.Cipher._AES.pyd
Filesize
29KB

MD5
3c4ab2e06feb6e4ca1b7a1244055671a

SHA1
a4c3c44b45248b7cf53881e6d8efa8d557e100a9

SHA256
c7e4194470a677304fad05c771654e6986c32bc29a04c3c4c52594172d83cb23

SHA512
7531b4ecf3c2a37b33b790e403cf69c6c90c33b0236ad65996fad6e5fdd0e831935126ed96026f612d6fdd2847f2d7b01823f49fbdbd8c95b434fbdd9aaf557c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\Crypto.Cipher._AES.pyd
Filesize
29KB

MD5
3c4ab2e06feb6e4ca1b7a1244055671a

SHA1
a4c3c44b45248b7cf53881e6d8efa8d557e100a9

SHA256
c7e4194470a677304fad05c771654e6986c32bc29a04c3c4c52594172d83cb23

SHA512
7531b4ecf3c2a37b33b790e403cf69c6c90c33b0236ad65996fad6e5fdd0e831935126ed96026f612d6fdd2847f2d7b01823f49fbdbd8c95b434fbdd9aaf557c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\MSVCR100.dll
Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\TOHA.exe.manifest
Filesize
1KB

MD5
6e9aeeb6c6d486c92fdd6b4856bb4272

SHA1
5c90512ce0bd5eee90a7717498c6fdef6f7da7a8

SHA256
46a05c99cff2f39c7d936d5c346f53c3bbbf66406ed8599dd6e6fc4b77ef7da4

SHA512
deebe03c65baaf4b975900ffb47d18f467a1e24e411ca2d60dfbe8e647ab20db3263ebd8d6463ad4757901225636dc90bb927206dd46738d089c11784e50378d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_ctypes.pyd
Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_ctypes.pyd
Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_hashlib.pyd
Filesize
851KB

MD5
5311b64b86ada63e9b14f8a3d84eb1c7

SHA1
095ec83a4551331759d92017f7177d756e2d10cc

SHA256
a85eb062a9d4b21a94b6555782113633b96441d54c3a389bfa4c002ff569795b

SHA512
4249a37393c15b3745b23feacb1f491b83f79b9de5285153b3b522bf3020cdc2a0b497a580d8fc98fbeca747eca124dca3678fbe526a6a4afa5c219d27a94f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_hashlib.pyd
Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_socket.pyd
Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\_socket.pyd
Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\base_library.zip
Filesize
717KB

MD5
12befbf27183c0e665b660c9055d2032

SHA1
b0d10065c1b2a5fc08dfc5035e7ac6f411814720

SHA256
b292d422771d96cade2012a5af9ae0fc11f9ab39375f544390275e6393b3e17d

SHA512
f1a35a8bc14ec06d1fefe00d76bfdaaea71b763c2640d1c67248c117bc27cebfb57e9ef3432e7853a3ddb8a769c98d20824f0bfd995d43c7e1b326d476207ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\python34.dll
Filesize
1.1MB

MD5
b874173a5716da47bf3c3ee48228009a

SHA1
2bc8f6e843a83e1778f57dee3bc866d0df6e71aa

SHA256
57e8771de18bd6fb685d846baf105058c0b9f995a3faf1bedf7dda53ece0ae2e

SHA512
295da53279f99991c97a46ba221c72efbe03b89222b94a7def692d91ef3da4d99396523355cee738f6fb11fe6f4dba5d0741f7576243b421d0fb9ecdd0071930

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\python34.dll
Filesize
1007KB

MD5
e1896c6c798fe344d1e2491fe4ace47a

SHA1
88ef01b85aff5a80f432b9ca05c1450e501eb9c0

SHA256
428174d35f00256c4141ff773d5945a97f8a8bc0fd8536bdffbf6a349ea7dd23

SHA512
effd7aa075479bf7b8718ffd44e2d3645ec0187a002bb36a847b9ea72163b01b554cb517149f7e346d717662916fdb3a2d88c84203e7e9a1226ec0c1023141ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\unicodedata.pyd
Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45322\unicodedata.pyd
Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
memory/1856-130-0x0000000000000000-mapping.dmp

Download