bcb7e28a01097444322fff8999a776fec9bc54ee7df8d42fbc93d3215c74fcb4

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/12/2022, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EXEVERSION.exe
Size

19.7MB
MD5

4110524ac43a752d3b34fb3028803b3e
SHA1

69d2ee0e3a2a0abae86000b6e3219782d6a96636
SHA256

b003978e61dfed6183fa47c2fdb693ac5b6b9a3d8160d98d305ed9abc2ce9130
SHA512

70211497a4e7fd9ad3b945286e1930918260cf555d31688e6b63820a8c3b37be8aafcd6f0419ba7287c04af5d6321822916380b7e12ba69d8d4d6f541e6781e1
SSDEEP

393216:6f0XUUW1FeREWudQusl2lh2p/frAZYCuPJOHQegPmkNtb+7XgfbXQDlcJ:61jeRidQuvQp/MJuxLzXtAXgfTzJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1868	EXEVERSION.exe
1868	EXEVERSION.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	992	AUDIODG.EXE
Token: 33	992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	992	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 1868	740	EXEVERSION.exe	28
PID 740 wrote to memory of 1868	740	EXEVERSION.exe	28
PID 740 wrote to memory of 1868	740	EXEVERSION.exe	28

C:\Users\Admin\AppData\Local\Temp\EXEVERSION.exe
"C:\Users\Admin\AppData\Local\Temp\EXEVERSION.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Users\Admin\AppData\Local\Temp\EXEVERSION.exe
  "C:\Users\Admin\AppData\Local\Temp\EXEVERSION.exe"
  2⤵
  - Loads dropped DLL
  PID:1868

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x584
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7402\python310.dll

Filesize
4.3MB

MD5
54f8267c6c116d7240f8e8cd3b241cd9

SHA1
907b965b6ce502dad59cde70e486eb28c5517b42

SHA256
c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

SHA512
f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7402\ucrtbase.dll

Filesize
1020KB

MD5
2c8fe06966d5085a595ffa3c98fe3098

SHA1
e82945e3e63ffef0974d6dd74f2aef2bf6d0a908

SHA256
de8d08d01291df93821314176381f3d1ae863e6c5584a7f8ea42f0b94b15ef65

SHA512
fb08838983c16082a362b3fc89d5b82e61ae629207c13c3cb76b8a0af557ad95c842ce5197ae458b5af61e5449cbab579f509fa72866308aa6fbd3d751522d0f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\python310.dll

Filesize
4.3MB

MD5
54f8267c6c116d7240f8e8cd3b241cd9

SHA1
907b965b6ce502dad59cde70e486eb28c5517b42

SHA256
c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

SHA512
f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7402\ucrtbase.dll

Filesize
1020KB

MD5
2c8fe06966d5085a595ffa3c98fe3098

SHA1
e82945e3e63ffef0974d6dd74f2aef2bf6d0a908

SHA256
de8d08d01291df93821314176381f3d1ae863e6c5584a7f8ea42f0b94b15ef65

SHA512
fb08838983c16082a362b3fc89d5b82e61ae629207c13c3cb76b8a0af557ad95c842ce5197ae458b5af61e5449cbab579f509fa72866308aa6fbd3d751522d0f

Download Submit
memory/740-54-0x000007FEFB941000-0x000007FEFB943000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads