5ad6313030e1c50ed98b4c2fcd1645e37b92f3056b2d62aa7f529526183fe447

Analysis

max time kernel
54s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/09/2022, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

7.2MB
MD5

3f8ddc92b2894ac254a75241c1a46cbe
SHA1

e05b30b9c0d96d1337db63460f0be31b342a32fa
SHA256

5ad6313030e1c50ed98b4c2fcd1645e37b92f3056b2d62aa7f529526183fe447
SHA512

fbcdd5c538dc6035f0361eebff45379efd2dd6cb12d452085284431d84cd312ddbb5141385596e9f1ff591054244972e3e0446b11b77c89c542171d6bdddaa5c
SSDEEP

196608:sj+FQgvLpjwYKasmBXGau5+PIzUHbeqla:jFQgj9tNGau5mIzU7ed

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe
1696	main.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1696	1896	main.exe	28
PID 1896 wrote to memory of 1696	1896	main.exe	28
PID 1896 wrote to memory of 1696	1896	main.exe	28
PID 1896 wrote to memory of 1696	1896	main.exe	28
PID 1696 wrote to memory of 668	1696	main.exe	29
PID 1696 wrote to memory of 668	1696	main.exe	29
PID 1696 wrote to memory of 668	1696	main.exe	29
PID 1696 wrote to memory of 668	1696	main.exe	29

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls & title Bolt - Another masterpiece made by @doozle.
    3⤵
    PID:668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18962\MSVCP140.dll

Filesize
426KB

MD5
c092885ea11bd80d35cb55c7d488f1e2

SHA1
bfe2f5141af49724a54c838b9a9cb6e54c4a6aa5

SHA256
885a0a146a83b0d5a19b88c4eb6372b648cfaed817bd31d8cd3fb91313dea13d

SHA512
8a600ccf97a6d5201bb791a43f16cd4ccd19a8e9decae79b8ba3e5200b6e8936649626112b1c6bdb1465ab8afb395803a68286c76b817245c6077d0536d03344

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_brotli.cp38-win32.pyd

Filesize
780KB

MD5
458267b5b318d7baf74d286ade22718b

SHA1
52ecce4f0e84ad5b85f53c570fb095adb9093747

SHA256
f1feb3e509c3927788cb0bf16a217c8c0b7ade68f0e6170c4aa1bc0d614041a6

SHA512
1aa7379c950a4218332221d7d46a89053dab3434511bf0c6f72e6b1eeaa8b667a0c356ea3b27725651777c43dc8c44003e6caaaef3121e4ab47b9870814bdee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_bz2.pyd

Filesize
72KB

MD5
1c7f3f37a067019b7926c0f92f3a3aa7

SHA1
ab6562aaa8cfa2dd49c1779a6374cecaf0e0d151

SHA256
bbc7f102b547180ea8ca5ff496f1bd419bfefd360be15610ae6b08837076f5dc

SHA512
840b095cdbb09b20f5d6db9962f4769734e0be425c9f094571df0df2d28888708072952792faded660c3e8f3db2513b6b42032e18cc681d909993fc6500b3e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_ctypes.pyd

Filesize
109KB

MD5
adad459a275b619f700d52a0f9470131

SHA1
632ef3a58fdfe15856a7102b3c3cf96ad9b17334

SHA256
2695a7635fa2bebb6bd720146916f21676e846ea5f39288886bbb27ce2af92f4

SHA512
3f87d84adf3caaf37df30ec4acbaa0b15d9693fe445d31164c81e423ffec51a6263c7a5801e718168be928ab5b1ee689b4932a83c1876ecd97e7544d08c07fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_hashlib.pyd

Filesize
36KB

MD5
aaa99ffb90ec5985be0face4f0a40892

SHA1
0ad00c83ff86d7cd4694f2786034282386a39c38

SHA256
b118b6ef5486a65c41fdf049ef3c30d90f39097b5ef4c0b9f61824acfde50b6a

SHA512
e9df4a5480910172ec18e6de2f09eb83152db968dd974bf2e552de2349caa8e66f82110fdf511c7f3dd8436c03212f66d6720bb71306bb811392baed92c78b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_lzma.pyd

Filesize
181KB

MD5
280c3a7c8c5e5282ec8e746ae685ff54

SHA1
5d25f3bb03fa434d35b7b047892f4849e0596542

SHA256
c6e30f1139d4f2b1ec7a5aca8563d6f946ee6ffa6a90a4eb066cd867d3384c39

SHA512
f4185ec91a2e51b703263a6c9796ad589349434a82170370efacef55fde8a885c0c7cf10eff20b61910c569583887ac2e0384847cd724aabc052be2861fafb69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_queue.pyd

Filesize
24KB

MD5
8a21a5ccb136e6c265975ce1e91cb870

SHA1
c6b1ec3deac2e8e091679beda44f896e9fabea06

SHA256
7f43dfb5ba9f4afa82630cd3e234ede0596abe3584f107b9855747ef1cde9acc

SHA512
a215f1674a0ce89324e82e88245201ce5c0bb56193b732527a8f8ca72377dce8b2f1dead380fcab070182eb58c43cf55c2b4c26588e856c1f390a953dbc9de0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_socket.pyd

Filesize
67KB

MD5
e55a5618e14a01bac452b8399e281d0d

SHA1
feb071df789f02cdfc0059dfbea1e2394bfd08ef

SHA256
04e286e59facf3f1ddd54d92b45d7662044c0b17d370eb20eb9ca0c8c8e3cb9c

SHA512
1b2e57e681ea889aac680a9ae3b6c9f76ccf82cff3fc91f3c1b678851152282199172fd1900997163ae8db2a18ee385f1ecfe8230fcbc7bf1a3a896a869b2a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\_ssl.pyd

Filesize
108KB

MD5
8a2eb91cbd839da8813bb6dc5bd48178

SHA1
f4a2aabcd226385e92ee78db753544bb9287556e

SHA256
5ad15dbc726d002d356bfd7e6a077f8568fee463b7ce5f71c33a04b2e11558f1

SHA512
dce0c6cf347516f989d3292d9f9541f585b6f04e04fb8a83bef6b6195310033c01588c129db006677ed2f0971634c84d79a5627db51b21de4e1b6e4f75a32a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\base_library.zip

Filesize
1004KB

MD5
1d8c72397b67f81675277e35bf02b1f0

SHA1
ea5d6c0b2cb9929410761da2ef4c481f8523216c

SHA256
521f522b352c3ab75b3b8a978c713593eb9a2409be12aa44a5b8711198aaba5a

SHA512
22a9cf55c9796df1c1edc6264e9c4c5293b83692bd459e3290a20cb32369744b8c8daf3fdbf36b89cfa28b689078d97445b1135fe1e4c9cca3e4c5bc245cfb13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\cloudscraper\user_agent\browsers.json

Filesize
1.2MB

MD5
aa0f410a4bcf7015265186c5ecf53871

SHA1
b497a9e650484fa3a90c47945f3cb7a234c7b2e8

SHA256
a18bfa57e5fdcb8b475c6c73b13b0278aec595846882ddf8110d32cabe3f6537

SHA512
50d6fbd3fe1d40cefa34bc98a22dbe38e420c032034b5b9407a6b3a69598f3044e67c02eaba84ab2a46fdaed4e54e44c2a9c956a04810c35bb58dd650551525d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libcrypto-1_1.dll

Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\libssl-1_1.dll

Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\python3.dll

Filesize
57KB

MD5
ba32910ffd8a530fa69bc8f37828a6fd

SHA1
7bb0921ac27708082667fa3be05f08b6817cef7e

SHA256
7fa7fef857b5787c355ecd8d1bec5eba28a5bc98f95dcc5130aebcfcfaa20bf4

SHA512
a3c254979281b60ff11534e5a1feb2448c302eabdb26c668362b5b3b65a10c91fb2aad611cc93526c209473cb3501a280a7aef21833c5960e8d31449b3a71c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\python38.dll

Filesize
3.7MB

MD5
d375b654850fa100d4a8d98401c1407f

SHA1
ed10c825535e8605b67bacd48f3fcecf978a3fee

SHA256
527819a45446a7729e04a70aee587ec7e46d787c159d0f9d4e824e54c1653f4d

SHA512
fb3faadc801cbeb0697849cf539e471f7362212935607237b26293976aa65ec454ac601a013eec930a5910bafac8a3863e7d668fc7767dc53a98e84286f582b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\select.pyd

Filesize
23KB

MD5
39f61824d4e3d4be2d938a827bae18eb

SHA1
b7614cfbcdbd55ef1e4e8266722088d51ae102b8

SHA256
c86c229e97b11cb74cc87bc595d4d936171c5d334e367f55b2ee3f9bcfbc6c92

SHA512
9a5926eafba32a2260521e3d11a4faf8701d3963454cfedf7046765ebbc62baf675944fe3fff3ecb70c80c47ffb1d2c9e2adcd385b8c291908ca3cb4d18a3caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18962\unicodedata.pyd

Filesize
1.0MB

MD5
02f62469bbfcb93a8448f39beac21bbc

SHA1
e9dba509aac97f51916fe705af33a88a821f841a

SHA256
336b4ef6f59b5dba7ecf9348d9c1c67eb2897a76f21e31795f72035c1c96a1f5

SHA512
54c4f54614116f16dbf3437bdbdb01fbad45fda38b7dbc32bb15fc7c35ac2dd44d09a9a6d883769fd2b7f194a9578c94890167987312b1c20c0912dae1a01a9b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\MSVCP140.dll

Filesize
426KB

MD5
c092885ea11bd80d35cb55c7d488f1e2

SHA1
bfe2f5141af49724a54c838b9a9cb6e54c4a6aa5

SHA256
885a0a146a83b0d5a19b88c4eb6372b648cfaed817bd31d8cd3fb91313dea13d

SHA512
8a600ccf97a6d5201bb791a43f16cd4ccd19a8e9decae79b8ba3e5200b6e8936649626112b1c6bdb1465ab8afb395803a68286c76b817245c6077d0536d03344

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_brotli.cp38-win32.pyd

Filesize
780KB

MD5
458267b5b318d7baf74d286ade22718b

SHA1
52ecce4f0e84ad5b85f53c570fb095adb9093747

SHA256
f1feb3e509c3927788cb0bf16a217c8c0b7ade68f0e6170c4aa1bc0d614041a6

SHA512
1aa7379c950a4218332221d7d46a89053dab3434511bf0c6f72e6b1eeaa8b667a0c356ea3b27725651777c43dc8c44003e6caaaef3121e4ab47b9870814bdee9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_bz2.pyd

Filesize
72KB

MD5
1c7f3f37a067019b7926c0f92f3a3aa7

SHA1
ab6562aaa8cfa2dd49c1779a6374cecaf0e0d151

SHA256
bbc7f102b547180ea8ca5ff496f1bd419bfefd360be15610ae6b08837076f5dc

SHA512
840b095cdbb09b20f5d6db9962f4769734e0be425c9f094571df0df2d28888708072952792faded660c3e8f3db2513b6b42032e18cc681d909993fc6500b3e6e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_ctypes.pyd

Filesize
109KB

MD5
adad459a275b619f700d52a0f9470131

SHA1
632ef3a58fdfe15856a7102b3c3cf96ad9b17334

SHA256
2695a7635fa2bebb6bd720146916f21676e846ea5f39288886bbb27ce2af92f4

SHA512
3f87d84adf3caaf37df30ec4acbaa0b15d9693fe445d31164c81e423ffec51a6263c7a5801e718168be928ab5b1ee689b4932a83c1876ecd97e7544d08c07fa8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_hashlib.pyd

Filesize
36KB

MD5
aaa99ffb90ec5985be0face4f0a40892

SHA1
0ad00c83ff86d7cd4694f2786034282386a39c38

SHA256
b118b6ef5486a65c41fdf049ef3c30d90f39097b5ef4c0b9f61824acfde50b6a

SHA512
e9df4a5480910172ec18e6de2f09eb83152db968dd974bf2e552de2349caa8e66f82110fdf511c7f3dd8436c03212f66d6720bb71306bb811392baed92c78b7d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_lzma.pyd

Filesize
181KB

MD5
280c3a7c8c5e5282ec8e746ae685ff54

SHA1
5d25f3bb03fa434d35b7b047892f4849e0596542

SHA256
c6e30f1139d4f2b1ec7a5aca8563d6f946ee6ffa6a90a4eb066cd867d3384c39

SHA512
f4185ec91a2e51b703263a6c9796ad589349434a82170370efacef55fde8a885c0c7cf10eff20b61910c569583887ac2e0384847cd724aabc052be2861fafb69

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_queue.pyd

Filesize
24KB

MD5
8a21a5ccb136e6c265975ce1e91cb870

SHA1
c6b1ec3deac2e8e091679beda44f896e9fabea06

SHA256
7f43dfb5ba9f4afa82630cd3e234ede0596abe3584f107b9855747ef1cde9acc

SHA512
a215f1674a0ce89324e82e88245201ce5c0bb56193b732527a8f8ca72377dce8b2f1dead380fcab070182eb58c43cf55c2b4c26588e856c1f390a953dbc9de0b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_socket.pyd

Filesize
67KB

MD5
e55a5618e14a01bac452b8399e281d0d

SHA1
feb071df789f02cdfc0059dfbea1e2394bfd08ef

SHA256
04e286e59facf3f1ddd54d92b45d7662044c0b17d370eb20eb9ca0c8c8e3cb9c

SHA512
1b2e57e681ea889aac680a9ae3b6c9f76ccf82cff3fc91f3c1b678851152282199172fd1900997163ae8db2a18ee385f1ecfe8230fcbc7bf1a3a896a869b2a9c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\_ssl.pyd

Filesize
108KB

MD5
8a2eb91cbd839da8813bb6dc5bd48178

SHA1
f4a2aabcd226385e92ee78db753544bb9287556e

SHA256
5ad15dbc726d002d356bfd7e6a077f8568fee463b7ce5f71c33a04b2e11558f1

SHA512
dce0c6cf347516f989d3292d9f9541f585b6f04e04fb8a83bef6b6195310033c01588c129db006677ed2f0971634c84d79a5627db51b21de4e1b6e4f75a32a41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\libcrypto-1_1.dll

Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\libssl-1_1.dll

Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\python3.dll

Filesize
57KB

MD5
ba32910ffd8a530fa69bc8f37828a6fd

SHA1
7bb0921ac27708082667fa3be05f08b6817cef7e

SHA256
7fa7fef857b5787c355ecd8d1bec5eba28a5bc98f95dcc5130aebcfcfaa20bf4

SHA512
a3c254979281b60ff11534e5a1feb2448c302eabdb26c668362b5b3b65a10c91fb2aad611cc93526c209473cb3501a280a7aef21833c5960e8d31449b3a71c01

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\python38.dll

Filesize
3.7MB

MD5
d375b654850fa100d4a8d98401c1407f

SHA1
ed10c825535e8605b67bacd48f3fcecf978a3fee

SHA256
527819a45446a7729e04a70aee587ec7e46d787c159d0f9d4e824e54c1653f4d

SHA512
fb3faadc801cbeb0697849cf539e471f7362212935607237b26293976aa65ec454ac601a013eec930a5910bafac8a3863e7d668fc7767dc53a98e84286f582b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\select.pyd

Filesize
23KB

MD5
39f61824d4e3d4be2d938a827bae18eb

SHA1
b7614cfbcdbd55ef1e4e8266722088d51ae102b8

SHA256
c86c229e97b11cb74cc87bc595d4d936171c5d334e367f55b2ee3f9bcfbc6c92

SHA512
9a5926eafba32a2260521e3d11a4faf8701d3963454cfedf7046765ebbc62baf675944fe3fff3ecb70c80c47ffb1d2c9e2adcd385b8c291908ca3cb4d18a3caa

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI18962\unicodedata.pyd

Filesize
1.0MB

MD5
02f62469bbfcb93a8448f39beac21bbc

SHA1
e9dba509aac97f51916fe705af33a88a821f841a

SHA256
336b4ef6f59b5dba7ecf9348d9c1c67eb2897a76f21e31795f72035c1c96a1f5

SHA512
54c4f54614116f16dbf3437bdbdb01fbad45fda38b7dbc32bb15fc7c35ac2dd44d09a9a6d883769fd2b7f194a9578c94890167987312b1c20c0912dae1a01a9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads