a8cc78ac7e2fbf16da66bbb5899174edacc5706b44c7630882baec40e05f4bd2

Analysis

max time kernel
76s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2022 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_csv.exe
Size

7.0MB
MD5

98ab4ca51f57f15762f19980a39c3e5a
SHA1

fbb00700bada38e03879d7d0fb8999055f1bf816
SHA256

a8cc78ac7e2fbf16da66bbb5899174edacc5706b44c7630882baec40e05f4bd2
SHA512

1c23eaed22c28b27a402f3a48437bff004116f4ff753491448953889245ba78b2a73e3de1e33d1d45777d8cfd894c79e202fb736c4d5619dcac23a0423f6a7a1
SSDEEP

196608:3++oz+H6kINE5MLXthqMcaSahepo+8ZPVxistAVWrct:3w+hINEIGNpArct

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

_csv.exe

pid process

2156 _csv.exe
2156 _csv.exe
2156 _csv.exe
2156 _csv.exe
2156 _csv.exe
2156 _csv.exe
2156 _csv.exe
2156 _csv.exe

pid	process
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe
2156	_csv.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

_csv.exe

description	pid	process	target process
PID 4596 wrote to memory of 2156	4596	_csv.exe	_csv.exe
PID 4596 wrote to memory of 2156	4596	_csv.exe	_csv.exe
PID 4596 wrote to memory of 2156	4596	_csv.exe	_csv.exe

C:\Users\Admin\AppData\Local\Temp\_csv.exe
"C:\Users\Admin\AppData\Local\Temp\_csv.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4596

C:\Users\Admin\AppData\Local\Temp\_csv.exe
"C:\Users\Admin\AppData\Local\Temp\_csv.exe"
2⤵
- Loads dropped DLL
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45962\VCRUNTIME140.dll
Filesize
81KB

MD5
55c8e69dab59e56951d31350d7a94011

SHA1
b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

SHA256
9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

SHA512
efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\VCRUNTIME140.dll
Filesize
81KB

MD5
55c8e69dab59e56951d31350d7a94011

SHA1
b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

SHA256
9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

SHA512
efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\_ctypes.pyd
Filesize
102KB

MD5
dc332afb08657027e36c5412e705e2a6

SHA1
1fc13fb5c4dd220cc12f0041d3ff59d244397fc0

SHA256
294a02b68202f2e305415daf06acf786716a4577ed0516503e8098ad7485400f

SHA512
eb9a6b0f3572be7fe3fd8a7018bf2dfdd9928ee632a23c2a2fb749ef4364d067bcc71a271648ed36f7bee8b5c4e5ad4e6d7857e6a79e74fff0e3f45799904466

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\_ctypes.pyd
Filesize
102KB

MD5
dc332afb08657027e36c5412e705e2a6

SHA1
1fc13fb5c4dd220cc12f0041d3ff59d244397fc0

SHA256
294a02b68202f2e305415daf06acf786716a4577ed0516503e8098ad7485400f

SHA512
eb9a6b0f3572be7fe3fd8a7018bf2dfdd9928ee632a23c2a2fb749ef4364d067bcc71a271648ed36f7bee8b5c4e5ad4e6d7857e6a79e74fff0e3f45799904466

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\_socket.pyd
Filesize
60KB

MD5
ae43b51604bc312a288deb6b42a8f4d8

SHA1
19d3d8b019cb4a07db1a8d6ae18544b2312ca42a

SHA256
54fb92f88a25d491dda59cfe0f19e4cdf7cf626ea9826c1f3fc1a231e156d251

SHA512
06593fd7d23df2f99f5f8fe2567faa4bf1d9b2b56e425c8f785d2df72bd456c5ebe695fc8a21ff900c65214deab7c20afb01c16cd9b1c7323d281dce3cb4e3a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\_socket.pyd
Filesize
60KB

MD5
ae43b51604bc312a288deb6b42a8f4d8

SHA1
19d3d8b019cb4a07db1a8d6ae18544b2312ca42a

SHA256
54fb92f88a25d491dda59cfe0f19e4cdf7cf626ea9826c1f3fc1a231e156d251

SHA512
06593fd7d23df2f99f5f8fe2567faa4bf1d9b2b56e425c8f785d2df72bd456c5ebe695fc8a21ff900c65214deab7c20afb01c16cd9b1c7323d281dce3cb4e3a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\base_library.zip
Filesize
777KB

MD5
05657f49f79e05ce602ea84299c99512

SHA1
c209224b13801355ef84d554d4ecd4dd40db598f

SHA256
6e614b5d35097145158c76d8369c08d1cec95251bc84143742a02319fecab2db

SHA512
c7735a8fa05b1c9dca02c0871285c57d1297550e84a5097cffaf5004a9949c7948ff9b4c9b9b068990f8c8573a5bee223241b1f52c3bae8ca9f58495f6666a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\python38.dll
Filesize
3.8MB

MD5
9a4e1d77226618c13ac5aff1d6230aaa

SHA1
b2ca43ac5792f3847b0a9d51b1c6611e48a826e1

SHA256
4a10ea72acbfec88c69b46da1bf4b8777558d7c19ec400e1cc928b51225dd61e

SHA512
84a6cda424393bb86938e5ef3a7e7e8f43c191060df04003d122cc9518d11f9156f28a53e31e92c09f7f01546cc1d86552f433992df9e9d093fce86cc52fd634

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\python38.dll
Filesize
3.8MB

MD5
9a4e1d77226618c13ac5aff1d6230aaa

SHA1
b2ca43ac5792f3847b0a9d51b1c6611e48a826e1

SHA256
4a10ea72acbfec88c69b46da1bf4b8777558d7c19ec400e1cc928b51225dd61e

SHA512
84a6cda424393bb86938e5ef3a7e7e8f43c191060df04003d122cc9518d11f9156f28a53e31e92c09f7f01546cc1d86552f433992df9e9d093fce86cc52fd634

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\pywintypes38.dll
Filesize
113KB

MD5
16472abeee9ed3921904ad27dc49654b

SHA1
59faf642de355421871e7d97a2b795c1274593cd

SHA256
5283ec6fac05aae2865106ea1da6932ad63c5f346768461109854295bc0034c6

SHA512
3eb3d5a26499f6df0b18a26a3c3c530df00067c979380f476ac3753a69467c41e4c3d16360ca15735a144ef4a74818dea8b38f75dc1ec6af671aa7e9e39c2ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\pywintypes38.dll
Filesize
113KB

MD5
16472abeee9ed3921904ad27dc49654b

SHA1
59faf642de355421871e7d97a2b795c1274593cd

SHA256
5283ec6fac05aae2865106ea1da6932ad63c5f346768461109854295bc0034c6

SHA512
3eb3d5a26499f6df0b18a26a3c3c530df00067c979380f476ac3753a69467c41e4c3d16360ca15735a144ef4a74818dea8b38f75dc1ec6af671aa7e9e39c2ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\select.pyd
Filesize
16KB

MD5
6cfe0fef30019681fdf10fa02893f052

SHA1
92d7e65d6e4ac9085c367da9ef1a32d57ff81b35

SHA256
c8f460024b332cb8ab6f7266ffe1da7e6e792eaaa6031bf45b44982a16b90fce

SHA512
ce4863daa4deb5d3ca27fe31a7283e249ec3dc76f884b3e452cbb7ac9338d6d80cc66457a422d35a56960b3846336dd8db48b634c7364f21303efb0a2ba95f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\select.pyd
Filesize
16KB

MD5
6cfe0fef30019681fdf10fa02893f052

SHA1
92d7e65d6e4ac9085c367da9ef1a32d57ff81b35

SHA256
c8f460024b332cb8ab6f7266ffe1da7e6e792eaaa6031bf45b44982a16b90fce

SHA512
ce4863daa4deb5d3ca27fe31a7283e249ec3dc76f884b3e452cbb7ac9338d6d80cc66457a422d35a56960b3846336dd8db48b634c7364f21303efb0a2ba95f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\ucrtbase.dll
Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45962\ucrtbase.dll
Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
memory/2156-132-0x0000000000000000-mapping.dmp

Download