2a75ced50c959f193aa6b8026bbada6cfe70da5ce97f51af2f783116e49f7197

Analysis

max time kernel
48s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2022 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client.exe
Size

21.4MB
MD5

26594126c6f9ddc82e14fd2fbe426482
SHA1

b019ba161beaea161656607b26cd8f5de40206ae
SHA256

2a75ced50c959f193aa6b8026bbada6cfe70da5ce97f51af2f783116e49f7197
SHA512

1d69d1398d46e6f096c20683b5eb709d9af6935b1cfe53aae2c31aacfb4f4ec9fcb501631f4ea132d32a7c62741badd88826497b81d3fc3c5071e9065d88bbaf
SSDEEP

393216:MEFXEYP3IfWJe+o7CEDza2Qs5gqTlh2pP1J83a10DUsP7zr7/iZkK:MeXEYP3IfWIt7CEDOEQpPjEajqH/s

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

Processes:

client.exe

pid	process
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe
5044	client.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

client.exe

pid process

5044 client.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

client.execlient.exe

description	pid	process	target process
PID 1944 wrote to memory of 5044	1944	client.exe	client.exe
PID 1944 wrote to memory of 5044	1944	client.exe	client.exe
PID 5044 wrote to memory of 1472	5044	client.exe	cmd.exe
PID 5044 wrote to memory of 1472	5044	client.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\client.exe
"C:\Users\Admin\AppData\Local\Temp\client.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1944

C:\Users\Admin\AppData\Local\Temp\client.exe
"C:\Users\Admin\AppData\Local\Temp\client.exe"
2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19442\VCRUNTIME140.dll
Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\VCRUNTIME140.dll
Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_bz2.pyd
Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_bz2.pyd
Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_ctypes.pyd
Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_ctypes.pyd
Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_lzma.pyd
Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_lzma.pyd
Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_pytransform.dll
Filesize
1.1MB

MD5
b1209990dd26012617882b10e587630b

SHA1
75a85d82d7e69fb8c128cff5970ba2f2d2732dac

SHA256
b21af7e2367fa8b87ea46a70acc3bf5e7bb8fcc13c28532170a30870d89258ba

SHA512
d1fb99ab4cdc8c24be2613d1df064ec108af831a42d4f8141459c65f2224b7ab8afa38a94dabb90111235ef0b6ab1826b00bac2609402a9b09ea9ba6f08c9588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_pytransform.dll
Filesize
1.1MB

MD5
b1209990dd26012617882b10e587630b

SHA1
75a85d82d7e69fb8c128cff5970ba2f2d2732dac

SHA256
b21af7e2367fa8b87ea46a70acc3bf5e7bb8fcc13c28532170a30870d89258ba

SHA512
d1fb99ab4cdc8c24be2613d1df064ec108af831a42d4f8141459c65f2224b7ab8afa38a94dabb90111235ef0b6ab1826b00bac2609402a9b09ea9ba6f08c9588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_socket.pyd
Filesize
78KB

MD5
4827652de133c83fa1cae839b361856c

SHA1
182f9a04bdc42766cfd5fb352f2cb22e5c26665e

SHA256
87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

SHA512
8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_socket.pyd
Filesize
78KB

MD5
4827652de133c83fa1cae839b361856c

SHA1
182f9a04bdc42766cfd5fb352f2cb22e5c26665e

SHA256
87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

SHA512
8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\base_library.zip
Filesize
1008KB

MD5
9697f110bf4ea5b217f9e33fb8716bac

SHA1
a353fbc0450598bfa90a9974c2b16b8900883091

SHA256
e7de7d586993a8c18e99b904a08ecc05fe8e68a8b5bb9d6e0da94e221bfb643f

SHA512
6e1c933d5a9f3081b985ea558756245487068f1ab842284e19b6628ba7e039ca578515e6cde18ab50d44e31e76fb99f1ba68ddf1d2afe9f14d52f2ef88ebce53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pyexpat.pyd
Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pyexpat.pyd
Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python3.DLL
Filesize
58KB

MD5
c9f0b55fce50c904dff9276014cef6d8

SHA1
9f9ae27df619b695827a5af29414b592fc584e43

SHA256
074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e

SHA512
8dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python3.dll
Filesize
58KB

MD5
c9f0b55fce50c904dff9276014cef6d8

SHA1
9f9ae27df619b695827a5af29414b592fc584e43

SHA256
074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e

SHA512
8dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python38.dll
Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python38.dll
Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pythoncom38.dll
Filesize
560KB

MD5
efd05544ac3a7f0c7e38223004c1b81a

SHA1
2973a5c4d2d118fe66b6591455a90c33811ef3cd

SHA256
b46daa6b63e2dde217ed2ec1da6dbd9256df1549d8ad306efcd3b4c4b0843a5b

SHA512
3a25385ace2ca903df5bf9e04befdefa84fc325c53c379bf658df8033ac07bbf1a4ae7d216b77bb6b1f94bd8f99417d5d052d89f63f80250fb7cc6a91a05ba4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pythoncom38.dll
Filesize
560KB

MD5
efd05544ac3a7f0c7e38223004c1b81a

SHA1
2973a5c4d2d118fe66b6591455a90c33811ef3cd

SHA256
b46daa6b63e2dde217ed2ec1da6dbd9256df1549d8ad306efcd3b4c4b0843a5b

SHA512
3a25385ace2ca903df5bf9e04befdefa84fc325c53c379bf658df8033ac07bbf1a4ae7d216b77bb6b1f94bd8f99417d5d052d89f63f80250fb7cc6a91a05ba4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pywintypes38.dll
Filesize
141KB

MD5
d273b6494c4761536d6eef26e01956f1

SHA1
a6e65c6745a593a23b20cbe9b8ba3414e46e50bb

SHA256
28680409fd1ff08f87936f920b6bfa6ddc6ac8cd13fd3079e5600909cef5d0f6

SHA512
65db50b36c8b1d1285e1659e1a67dd02329eac330192609a247057b535053571251f450865a9ccf3c86f23d2017b6950d68108c7171bf840f07958b39a034ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\pywintypes38.dll
Filesize
141KB

MD5
d273b6494c4761536d6eef26e01956f1

SHA1
a6e65c6745a593a23b20cbe9b8ba3414e46e50bb

SHA256
28680409fd1ff08f87936f920b6bfa6ddc6ac8cd13fd3079e5600909cef5d0f6

SHA512
65db50b36c8b1d1285e1659e1a67dd02329eac330192609a247057b535053571251f450865a9ccf3c86f23d2017b6950d68108c7171bf840f07958b39a034ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\select.pyd
Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\select.pyd
Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\ucrtbase.dll
Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\ucrtbase.dll
Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\win32api.pyd
Filesize
132KB

MD5
701d49790343f77b9cc78033f47772b7

SHA1
7f9031b27c30fe9b5a7432bd92505bcd5fcaf600

SHA256
e10d19b35b220abf718bee0de4bf59ffa27d1b068c837934b3d5ba36329b8257

SHA512
c15e89bcd6e9bd12d31514b1110a6347c0fc1809c6dfeb711f08a7ca51d19b3a7db856f0e1240d953bc8316f2066bbe1f012f588a7a925f98d29a991f8c40620

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\win32api.pyd
Filesize
132KB

MD5
701d49790343f77b9cc78033f47772b7

SHA1
7f9031b27c30fe9b5a7432bd92505bcd5fcaf600

SHA256
e10d19b35b220abf718bee0de4bf59ffa27d1b068c837934b3d5ba36329b8257

SHA512
c15e89bcd6e9bd12d31514b1110a6347c0fc1809c6dfeb711f08a7ca51d19b3a7db856f0e1240d953bc8316f2066bbe1f012f588a7a925f98d29a991f8c40620

Download Submit
memory/1472-162-0x0000000000000000-mapping.dmp

Download
memory/5044-132-0x0000000000000000-mapping.dmp

Download