89f162964e3bb16dda6e6de11c8ed4a2cd95308124d1235b28bfdcc1a4aa823e

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-10-2022 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
Size

4.4MB
MD5

45762874ac1d3677b72cc52e6e223b90
SHA1

dfbaccf19ce02589f8f25d33295c9506d354a260
SHA256

744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6
SHA512

c22caa341ea2aced1a73167385f6acec98f0111fb767ef8c5f0d9d02e3809fbefd940cbef8aa2bfc47252e54715cca0c83ec9f903ab89815764e2959b7500f30
SSDEEP

98304:GxQOg/cd5drZIEbFc/1Foa6uJwNGKqntsWXIBJI:1G1ZIP/1m4JwasWYBG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

Processes:

744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe

pid	process
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
1004	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe

description	pid	process	target process
PID 780 wrote to memory of 1004	780	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
PID 780 wrote to memory of 1004	780	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
PID 780 wrote to memory of 1004	780	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
PID 780 wrote to memory of 1004	780	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe	744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe

C:\Users\Admin\AppData\Local\Temp\744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
"C:\Users\Admin\AppData\Local\Temp\744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:780

C:\Users\Admin\AppData\Local\Temp\744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe
"C:\Users\Admin\AppData\Local\Temp\744f4a6f3c86698241360accb1438892119d037310c7f2f3da0f44d145b4e3b6.exe"
2⤵
- Loads dropped DLL
PID:1004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7802\MSVCR90.dll
Filesize
638KB

MD5
11d49148a302de4104ded6a92b78b0ed

SHA1
fd58a091b39ed52611ade20a782ef58ac33012af

SHA256
ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0

SHA512
fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7802\_ctypes.pyd
Filesize
91KB

MD5
eed8fc0f1788f2e4bc3cde8b80af776c

SHA1
5aa0aca3891efa4eaf4c2e937c123a43c9ea3847

SHA256
beed2a11018adb0a1c99861d52c9983c711c4122834a44b2d62b683da731caa7

SHA512
b10da312af49291d41e54eb4fa5c721d4f79c36571f153e460cd7a4c507df982bafca9e748d409d48a6483f899486ee861a7a5329b997844f94dd0ae767f7a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7802\_hashlib.pyd
Filesize
985KB

MD5
0852b278f9e5f2267592a44bdaf814a3

SHA1
298c36f3aaf317524707323939e539c0c6c868b4

SHA256
553f00dd2de7236ef8e7e2dbd3eac4dfd3f48ac0c9e8821c8ca54e20f0636b42

SHA512
2ce54faa80bfe4744ae3e0e613e83eaf6e715f6ae993c6a0c67784f321cd7328f1fdae7859b5f5a1f5b02382e065c32d7499179eb3169c0a68b600c1e661b60f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7802\_socket.pyd
Filesize
47KB

MD5
4f0bde7485ec7ed25dd226e894235c9c

SHA1
0bea6bb40326e7c86d3fea6fc56426fb1800c005

SHA256
f6da37e0b4ea834e0de96948a91e433f1b8636700bb33b8ce23cba0e6e33a92f

SHA512
9aceb8dfa3b48cb98f15a7afe5ee3276e9a0252bd2dfc2552823a6831be705c3bca684f8e0b81568b2d9754f4751627fbcee4cfeb3a673cffcf35801164b716b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7802\_ssl.pyd
Filesize
1.4MB

MD5
640a6f204c534cb19424a6bc39b24cbb

SHA1
528fe9891035861859730082212fd415eda85a77

SHA256
dd347a101531698592dbfda32d618ff045e5e5f8c9603286c820ab6bbbfb4e0a

SHA512
4b6588288d750e0885f44de80557d95859b362f6245e46a4209a9416508cc40de15e6c3f941d2a550b9e4db2f0e486caf06cd687e76e23a2f532c0de4572ae98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7802\python27.dll
Filesize
2.5MB

MD5
d8d7b21ad1b48a3488fcceb737484540

SHA1
4ac846c6fb21c26658aa8713ff9a803e7db6a2f5

SHA256
2d9202baa383f6bacb52b696cd0d546a38bb972a332309a21197e6a2e1c77912

SHA512
7f170c29144433b57b808ffaf97eb008044efeebd83b2460792707eac49f8d0f0e9ca4ec8383256e2a633028891d1e88a4c5b613341a4eba5d46b154517cc8cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\_ctypes.pyd
Filesize
91KB

MD5
eed8fc0f1788f2e4bc3cde8b80af776c

SHA1
5aa0aca3891efa4eaf4c2e937c123a43c9ea3847

SHA256
beed2a11018adb0a1c99861d52c9983c711c4122834a44b2d62b683da731caa7

SHA512
b10da312af49291d41e54eb4fa5c721d4f79c36571f153e460cd7a4c507df982bafca9e748d409d48a6483f899486ee861a7a5329b997844f94dd0ae767f7a28

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\_hashlib.pyd
Filesize
985KB

MD5
0852b278f9e5f2267592a44bdaf814a3

SHA1
298c36f3aaf317524707323939e539c0c6c868b4

SHA256
553f00dd2de7236ef8e7e2dbd3eac4dfd3f48ac0c9e8821c8ca54e20f0636b42

SHA512
2ce54faa80bfe4744ae3e0e613e83eaf6e715f6ae993c6a0c67784f321cd7328f1fdae7859b5f5a1f5b02382e065c32d7499179eb3169c0a68b600c1e661b60f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\_socket.pyd
Filesize
47KB

MD5
4f0bde7485ec7ed25dd226e894235c9c

SHA1
0bea6bb40326e7c86d3fea6fc56426fb1800c005

SHA256
f6da37e0b4ea834e0de96948a91e433f1b8636700bb33b8ce23cba0e6e33a92f

SHA512
9aceb8dfa3b48cb98f15a7afe5ee3276e9a0252bd2dfc2552823a6831be705c3bca684f8e0b81568b2d9754f4751627fbcee4cfeb3a673cffcf35801164b716b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\_ssl.pyd
Filesize
1.4MB

MD5
640a6f204c534cb19424a6bc39b24cbb

SHA1
528fe9891035861859730082212fd415eda85a77

SHA256
dd347a101531698592dbfda32d618ff045e5e5f8c9603286c820ab6bbbfb4e0a

SHA512
4b6588288d750e0885f44de80557d95859b362f6245e46a4209a9416508cc40de15e6c3f941d2a550b9e4db2f0e486caf06cd687e76e23a2f532c0de4572ae98

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\msvcr90.dll
Filesize
638KB

MD5
11d49148a302de4104ded6a92b78b0ed

SHA1
fd58a091b39ed52611ade20a782ef58ac33012af

SHA256
ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0

SHA512
fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7802\python27.dll
Filesize
2.5MB

MD5
d8d7b21ad1b48a3488fcceb737484540

SHA1
4ac846c6fb21c26658aa8713ff9a803e7db6a2f5

SHA256
2d9202baa383f6bacb52b696cd0d546a38bb972a332309a21197e6a2e1c77912

SHA512
7f170c29144433b57b808ffaf97eb008044efeebd83b2460792707eac49f8d0f0e9ca4ec8383256e2a633028891d1e88a4c5b613341a4eba5d46b154517cc8cd

Download Submit
memory/1004-54-0x0000000000000000-mapping.dmp

Download
memory/1004-57-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download