cfcb6343919323e8bfca03a429aacf5a3a6e970282b045c029dd1880a98e8155

Analysis

max time kernel
135s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2023 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main_code.exe
Size

5.0MB
MD5

e959d4eab2bc3a03e16a2679afbb6fd1
SHA1

68128c88dbbcec7626607ee280dbca7b3259ece0
SHA256

cfcb6343919323e8bfca03a429aacf5a3a6e970282b045c029dd1880a98e8155
SHA512

78cdf2039e928bf6178ad922988978f2c7b3ffa1e44c12d5c571236a8f4d31f497ac2179ffc50c7b97a1451c25fdce5d7211fde19ed04b343e85a0c421bca99c
SSDEEP

98304:v/8NBwpzoLLJ3TbwaVvrZE0I8LKI8F/Vtt1mIi3pRN8D8cXu6M1Tbb+5x1NL/p0:v/aw9onJ5hrZEce9tGPqK6wTbaLTLh

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 6 IoCs

Processes:

main_code.exe

pid process

3448 main_code.exe
3448 main_code.exe
3448 main_code.exe
3448 main_code.exe
3448 main_code.exe
3448 main_code.exe

pid	process
3448	main_code.exe
3448	main_code.exe
3448	main_code.exe
3448	main_code.exe
3448	main_code.exe
3448	main_code.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

main_code.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\main_code = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI12082\\main_code.exe"	main_code.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

main_code.exe

description pid process

Token: 35 3448 main_code.exe

description	pid	process
Token: 35	3448	main_code.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

main_code.exe

description	pid	process	target process
PID 1208 wrote to memory of 3448	1208	main_code.exe	main_code.exe
PID 1208 wrote to memory of 3448	1208	main_code.exe	main_code.exe

C:\Users\Admin\AppData\Local\Temp\main_code.exe
"C:\Users\Admin\AppData\Local\Temp\main_code.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208

C:\Users\Admin\AppData\Local\Temp\main_code.exe
"C:\Users\Admin\AppData\Local\Temp\main_code.exe"
2⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:3448

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12082\VCRUNTIME140.dll
Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\VCRUNTIME140.dll
Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\_socket.pyd
Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\_socket.pyd
Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\base_library.zip
Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\python37.dll
Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\python37.dll
Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\pywin32_system32\pywintypes37.dll
Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\pywin32_system32\pywintypes37.dll
Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\select.pyd
Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\select.pyd
Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\win32api.pyd
Filesize
136KB

MD5
ba792c828797ab1b1ec5062b12872540

SHA1
15745e8c75c7d46a08a2efc301c6d6f95d3676e9

SHA256
e86a8623f4532645419bd753baf239c77198a51c0663d5441ad6e8b56093f530

SHA512
0e5f02a25789d47a686a18186fd6811e1cecbbc3104b0b3135eea5cc99240c59a3c24a760f8fe77bca8bffa2b4b1e0c305c5f73a28af4f84772a67db00544b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\win32api.pyd
Filesize
136KB

MD5
ba792c828797ab1b1ec5062b12872540

SHA1
15745e8c75c7d46a08a2efc301c6d6f95d3676e9

SHA256
e86a8623f4532645419bd753baf239c77198a51c0663d5441ad6e8b56093f530

SHA512
0e5f02a25789d47a686a18186fd6811e1cecbbc3104b0b3135eea5cc99240c59a3c24a760f8fe77bca8bffa2b4b1e0c305c5f73a28af4f84772a67db00544b82

Download Submit
memory/3448-132-0x0000000000000000-mapping.dmp

Download