f03613095e4cf23971ed20c6c9ab165eac664483bd7efbbd0a14cff38eb19e58

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2023 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VIM.exe
Size

7.5MB
MD5

916cd1d85afda3837f833f83b2c53b05
SHA1

5e91d3f43a6d573d6096a0927e9e97e7cfef66f6
SHA256

f03613095e4cf23971ed20c6c9ab165eac664483bd7efbbd0a14cff38eb19e58
SHA512

6b3464f7ba8d03b583ab09111eeb4a971e36a664cb3b249f245601e7663d90a39b1427b27e8c83aad26b614e2376142f386c580f33dd1e3c0e92c340647b3fdf
SSDEEP

196608:BKU8EkuA3uWJysVYvsONtdIQLOMIdiwmnoxs3JbU+:k9EYeWJ8taL/d2oxI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

VIM.exe

pid process

4960 VIM.exe
4960 VIM.exe
4960 VIM.exe
Suspicious use of WriteProcessMemory 2 IoCs

Processes:

VIM.exe

description pid process target process

PID 2596 wrote to memory of 4960 2596 VIM.exe VIM.exe
PID 2596 wrote to memory of 4960 2596 VIM.exe VIM.exe

pid	process
4960	VIM.exe
4960	VIM.exe
4960	VIM.exe

description	pid	process	target process
PID 2596 wrote to memory of 4960	2596	VIM.exe	VIM.exe
PID 2596 wrote to memory of 4960	2596	VIM.exe	VIM.exe

C:\Users\Admin\AppData\Local\Temp\VIM.exe
"C:\Users\Admin\AppData\Local\Temp\VIM.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\VIM.exe
"C:\Users\Admin\AppData\Local\Temp\VIM.exe"
2⤵
- Loads dropped DLL
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25962\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25962\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25962\python37.dll

Filesize
3.6MB

MD5
c4e99d7375888d873d2478769a8d844c

SHA1
881e42ad9b7da068ee7a6d133484f9d39519ca7e

SHA256
12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

SHA512
a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25962\python37.dll

Filesize
3.6MB

MD5
c4e99d7375888d873d2478769a8d844c

SHA1
881e42ad9b7da068ee7a6d133484f9d39519ca7e

SHA256
12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

SHA512
a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25962\ucrtbase.dll

Filesize
983KB

MD5
e3cbcb26ee85737e70ce55d498fcaa38

SHA1
8dcdcf5e8d9b621a149163cc3f12d01fde1ef4ac

SHA256
8ab85c80c5d9ad3618fd86aa45a878bb5a5d7e449528c317a8239c33876c75b5

SHA512
eb85a84f0d7e4f65ab67869e56b68f8da72a570b9b2fd0ee28e9d3ea9a80b4d35352261213b0e26d9d7592e750a0870e7b62df69e948bc060b0bfe6cea9fb12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25962\ucrtbase.dll

Filesize
983KB

MD5
e3cbcb26ee85737e70ce55d498fcaa38

SHA1
8dcdcf5e8d9b621a149163cc3f12d01fde1ef4ac

SHA256
8ab85c80c5d9ad3618fd86aa45a878bb5a5d7e449528c317a8239c33876c75b5

SHA512
eb85a84f0d7e4f65ab67869e56b68f8da72a570b9b2fd0ee28e9d3ea9a80b4d35352261213b0e26d9d7592e750a0870e7b62df69e948bc060b0bfe6cea9fb12d

Download Submit
memory/4960-132-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads