fa4b889544cc05775420aeecc3a7881ff2edd6215d73d11b336203415dcd579a

Analysis

max time kernel
80s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2023 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MalwareBytes_420_siz_1_original/LicenseMalwareBytes.exe
Size

7.9MB
MD5

487901443f9e51ad732b1cd856b03c69
SHA1

4b3d2e271666fe17ef7e9db34743babf814abae8
SHA256

2de955cb5926261634ce51565e5cc9fd52ebccd9c3b7f8b5dd1db369cb1f9731
SHA512

72d81ee6a62059eaa0a3ab9f4d0a5e489d039ef263cb8af66840a386d52e8a6c11b3377f247bb50cae3915155cad7699e568642d27174913a4f05ca8df7c5928
SSDEEP

196608:JWCfUgRrs7TpVVuWJysVYvsOgtdIQLOMIdiwoEbPva8Mho:TfDRrG8WJvtaL/dNDvba

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	LicenseMalwareBytes.exe

Loads dropped DLL 16 IoCs

pid	Process
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe
4208	LicenseMalwareBytes.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	4208	LicenseMalwareBytes.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 4208	2292	LicenseMalwareBytes.exe	86
PID 2292 wrote to memory of 4208	2292	LicenseMalwareBytes.exe	86
PID 4208 wrote to memory of 2540	4208	LicenseMalwareBytes.exe	87
PID 4208 wrote to memory of 2540	4208	LicenseMalwareBytes.exe	87
PID 2540 wrote to memory of 1432	2540	cmd.exe	88
PID 2540 wrote to memory of 1432	2540	cmd.exe	88

C:\Users\Admin\AppData\Local\Temp\MalwareBytes_420_siz_1_original\LicenseMalwareBytes.exe
"C:\Users\Admin\AppData\Local\Temp\MalwareBytes_420_siz_1_original\LicenseMalwareBytes.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\MalwareBytes_420_siz_1_original\LicenseMalwareBytes.exe
  "C:\Users\Admin\AppData\Local\Temp\MalwareBytes_420_siz_1_original\LicenseMalwareBytes.exe"
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c gpupdate /force
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Windows\system32\gpupdate.exe
      gpupdate /force
      4⤵
      PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22922\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_bz2.pyd

Filesize
87KB

MD5
92075c2759ac8246953e6fa6323e43fe

SHA1
6818befe630c2656183ea7fe735db159804b7773

SHA256
e7af6119b56ddd47fd0a909710f7163d7ef4822405fc138d24e6ce9de7a5022f

SHA512
7f3a4409859695f53291c96dd487bca2649815bad5f4610c2c6f92777411d39210e293d962573a20dfe73ea15331de7e6c18b017ae1d6f226387eab1fc1f586c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_bz2.pyd

Filesize
87KB

MD5
92075c2759ac8246953e6fa6323e43fe

SHA1
6818befe630c2656183ea7fe735db159804b7773

SHA256
e7af6119b56ddd47fd0a909710f7163d7ef4822405fc138d24e6ce9de7a5022f

SHA512
7f3a4409859695f53291c96dd487bca2649815bad5f4610c2c6f92777411d39210e293d962573a20dfe73ea15331de7e6c18b017ae1d6f226387eab1fc1f586c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_cffi_backend.cp37-win_amd64.pyd

Filesize
176KB

MD5
493dc9668a72fd35d8f744cff85dc42c

SHA1
6b66052d4183058f1be73097d176e62d7c978f46

SHA256
73dfaaa3149a8bfbd2a79f255f39ab7cb7e9d5fb1f0d7ba1b1e7cebf0360580d

SHA512
4d5547e3e45fde52916b4fe1d9b6203ab9fed74c5c48e4d5f97e64c5bf5829061cd97939c44e2101b17262943cc21b5f0eecc0c177405f0450e5b9e09dff75f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_cffi_backend.cp37-win_amd64.pyd

Filesize
176KB

MD5
493dc9668a72fd35d8f744cff85dc42c

SHA1
6b66052d4183058f1be73097d176e62d7c978f46

SHA256
73dfaaa3149a8bfbd2a79f255f39ab7cb7e9d5fb1f0d7ba1b1e7cebf0360580d

SHA512
4d5547e3e45fde52916b4fe1d9b6203ab9fed74c5c48e4d5f97e64c5bf5829061cd97939c44e2101b17262943cc21b5f0eecc0c177405f0450e5b9e09dff75f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_ctypes.pyd

Filesize
131KB

MD5
2787764fe3056f37c79a3fc79e620172

SHA1
a64d1a047ba644d0588dc4288b74925ed72e6ed4

SHA256
41c593c960f3f89b1e1629c6b7bd6171fe306168f816bef02027332a263de117

SHA512
1dc5bb470be558c643a3f68e23423697384bc547b1192cd398dff640e28f7df85563bc87643cdcde9b8b4f880f272e13a673a018ae251e100bd99790f993afa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_ctypes.pyd

Filesize
131KB

MD5
2787764fe3056f37c79a3fc79e620172

SHA1
a64d1a047ba644d0588dc4288b74925ed72e6ed4

SHA256
41c593c960f3f89b1e1629c6b7bd6171fe306168f816bef02027332a263de117

SHA512
1dc5bb470be558c643a3f68e23423697384bc547b1192cd398dff640e28f7df85563bc87643cdcde9b8b4f880f272e13a673a018ae251e100bd99790f993afa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_hashlib.pyd

Filesize
38KB

MD5
7808b500fbfb17c968f10ee6d68461df

SHA1
2a8e54037e7d03d20244fefd8247cf218e1d668f

SHA256
e2701f4e4a7556adab7415e448070289ba4fe047227f48c3a049d7c3154aff0b

SHA512
b4239e792141bcf924f61bfd46033934337079b245f423b34820d36c6599ca35ab06bc525acfff4cafa75e31975fcd0409dedd203377d642fc5dc55ec2c1fa27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_hashlib.pyd

Filesize
38KB

MD5
7808b500fbfb17c968f10ee6d68461df

SHA1
2a8e54037e7d03d20244fefd8247cf218e1d668f

SHA256
e2701f4e4a7556adab7415e448070289ba4fe047227f48c3a049d7c3154aff0b

SHA512
b4239e792141bcf924f61bfd46033934337079b245f423b34820d36c6599ca35ab06bc525acfff4cafa75e31975fcd0409dedd203377d642fc5dc55ec2c1fa27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_lzma.pyd

Filesize
251KB

MD5
ab582419629183e1615b76fc5d2c7704

SHA1
b78ee7e725a417bef50cca47590950e970eae200

SHA256
5a45f7cd517ad396a042bc2767ae73221dc68f934e828a9433249924a371ee5e

SHA512
3f38441dd0b88b486dafaa1e15d07f0ee467a362c1603071a2fa79de770fa061ced25ca790f0d3139f31178c719cc82ac88601262e2a0ca809708dfa3f6f76ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_lzma.pyd

Filesize
251KB

MD5
ab582419629183e1615b76fc5d2c7704

SHA1
b78ee7e725a417bef50cca47590950e970eae200

SHA256
5a45f7cd517ad396a042bc2767ae73221dc68f934e828a9433249924a371ee5e

SHA512
3f38441dd0b88b486dafaa1e15d07f0ee467a362c1603071a2fa79de770fa061ced25ca790f0d3139f31178c719cc82ac88601262e2a0ca809708dfa3f6f76ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_socket.pyd

Filesize
74KB

MD5
10cd16bb63862536570c717ffc453da4

SHA1
b3ef50d7ac4652b5c35f1d86a0130fb43dd5a669

SHA256
e002a1bd6fba44681d557b64d439585dba9820226e1c3da5a62628bbaa930ae3

SHA512
55ee581c4005901661efaf9aad6ea39b2b2e265579539d464d62e4209638567b3b9fdd945d0bed0a1047f977d374a5707a970c621ca289077e2d6c5aeca491b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_socket.pyd

Filesize
74KB

MD5
10cd16bb63862536570c717ffc453da4

SHA1
b3ef50d7ac4652b5c35f1d86a0130fb43dd5a669

SHA256
e002a1bd6fba44681d557b64d439585dba9820226e1c3da5a62628bbaa930ae3

SHA512
55ee581c4005901661efaf9aad6ea39b2b2e265579539d464d62e4209638567b3b9fdd945d0bed0a1047f977d374a5707a970c621ca289077e2d6c5aeca491b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_ssl.pyd

Filesize
121KB

MD5
8b5af5ac31b6bde9023a4adc3e7f0ce1

SHA1
c5d7eaaed9be784227a0854bfb8a983058410a35

SHA256
7040d3712f31b7d11882ce8c907452fa725678b646b900f6868f43ab3e4ddab6

SHA512
499aa2321a2e5492c700513d63cf08fc12d3a430a5e9f5d865279919f6d7b74385b6767bbee63616f84b52d02070b16b2d4c3921163c42864f33e7b5331b1444

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\_ssl.pyd

Filesize
121KB

MD5
8b5af5ac31b6bde9023a4adc3e7f0ce1

SHA1
c5d7eaaed9be784227a0854bfb8a983058410a35

SHA256
7040d3712f31b7d11882ce8c907452fa725678b646b900f6868f43ab3e4ddab6

SHA512
499aa2321a2e5492c700513d63cf08fc12d3a430a5e9f5d865279919f6d7b74385b6767bbee63616f84b52d02070b16b2d4c3921163c42864f33e7b5331b1444

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\base_library.zip

Filesize
763KB

MD5
92cee9d11fcb70644a7c7248e371368c

SHA1
9502bb1d701a900f320db9f7cff46903ce3f548e

SHA256
73ee03e78ad4c1c5014651cf0df3214c789fc0c93779eb6f74922f54e613c6de

SHA512
62343a4d9a8ec7977982a772ff535c89a035c5df4d12485f562215ac2dae3724261fdb9b7f9bf8ddbc1b0c88e1bfec869595fae6e7dc5ac3ddde3f112e65a541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\cryptography\hazmat\bindings\_constant_time.cp37-win_amd64.pyd

Filesize
12KB

MD5
e0e0bdbb2c78a2575675b5ba932fc91e

SHA1
a4d7d12a808744c17c44fac6e2da77314ec08326

SHA256
3b7a10f7560e6cd1416f9536484d7759cd6f02676d718fd200d16929e3d9ce57

SHA512
d3185f05db57f50ae5e2fa927a2d0d71097b6ab097dd58ae31ff212ca83bb3e6b7cbb59d4a6a080e950c662c0b3bf44957575a5af2b2344631fe29d073d58474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\cryptography\hazmat\bindings\_constant_time.cp37-win_amd64.pyd

Filesize
12KB

MD5
e0e0bdbb2c78a2575675b5ba932fc91e

SHA1
a4d7d12a808744c17c44fac6e2da77314ec08326

SHA256
3b7a10f7560e6cd1416f9536484d7759cd6f02676d718fd200d16929e3d9ce57

SHA512
d3185f05db57f50ae5e2fa927a2d0d71097b6ab097dd58ae31ff212ca83bb3e6b7cbb59d4a6a080e950c662c0b3bf44957575a5af2b2344631fe29d073d58474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\cryptography\hazmat\bindings\_openssl.cp37-win_amd64.pyd

Filesize
2.7MB

MD5
4221b37437a3cbd5fb5db0da2567ee59

SHA1
76d980c63c7b74fdbaac00c3aec8d02c40e69c83

SHA256
08cfd7943440990f7c5285bf8693f33d4fdd48df69eb9524e2ff7648c4389e6c

SHA512
3e29302d33e4f71113a2a761fb94cbde8fc60633a751066720161270df5276772d15bc7ac2c376d7a1243c26f820896c579d254b2779d1dea6f8293b4e008241

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\cryptography\hazmat\bindings\_openssl.cp37-win_amd64.pyd

Filesize
2.7MB

MD5
4221b37437a3cbd5fb5db0da2567ee59

SHA1
76d980c63c7b74fdbaac00c3aec8d02c40e69c83

SHA256
08cfd7943440990f7c5285bf8693f33d4fdd48df69eb9524e2ff7648c4389e6c

SHA512
3e29302d33e4f71113a2a761fb94cbde8fc60633a751066720161270df5276772d15bc7ac2c376d7a1243c26f820896c579d254b2779d1dea6f8293b4e008241

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\libssl-1_1.dll

Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\libssl-1_1.dll

Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\python37.dll

Filesize
3.6MB

MD5
c4e99d7375888d873d2478769a8d844c

SHA1
881e42ad9b7da068ee7a6d133484f9d39519ca7e

SHA256
12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

SHA512
a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\python37.dll

Filesize
3.6MB

MD5
c4e99d7375888d873d2478769a8d844c

SHA1
881e42ad9b7da068ee7a6d133484f9d39519ca7e

SHA256
12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

SHA512
a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\select.pyd

Filesize
26KB

MD5
39b7c056bca546778690b9922315f9ff

SHA1
5f62169c8de1f72db601d30b37d157478723859b

SHA256
9514b4c40c35396b1952a8acf805e993a3875b37370f44ef36ed33c7151412ef

SHA512
229538131d83299ea90652818c99972c1ee692c070e7fea9599420c99dd8ae75fb2367e9509aad23984fe0a8d21221a59bd57493b5cd1d6c7391c3c55d714e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\select.pyd

Filesize
26KB

MD5
39b7c056bca546778690b9922315f9ff

SHA1
5f62169c8de1f72db601d30b37d157478723859b

SHA256
9514b4c40c35396b1952a8acf805e993a3875b37370f44ef36ed33c7151412ef

SHA512
229538131d83299ea90652818c99972c1ee692c070e7fea9599420c99dd8ae75fb2367e9509aad23984fe0a8d21221a59bd57493b5cd1d6c7391c3c55d714e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\unicodedata.pyd

Filesize
1.0MB

MD5
d2ab7f9a441bb139feeb0e11eb600371

SHA1
467aeb881fccd4a43a16f319635da81f05279cc6

SHA256
465ab1b24c39a5a5da9415c96740dfdb4d071b25a7a87e275841e1d66a57e88f

SHA512
cf8eaae07c176fab5ca54a3935ec2fd6933e3f2d0ca107bf60f1389f2258865d101685918c7a04802da2a97980747935f1b56b0da3d1db3a1ea282f74db0b6a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22922\unicodedata.pyd

Filesize
1.0MB

MD5
d2ab7f9a441bb139feeb0e11eb600371

SHA1
467aeb881fccd4a43a16f319635da81f05279cc6

SHA256
465ab1b24c39a5a5da9415c96740dfdb4d071b25a7a87e275841e1d66a57e88f

SHA512
cf8eaae07c176fab5ca54a3935ec2fd6933e3f2d0ca107bf60f1389f2258865d101685918c7a04802da2a97980747935f1b56b0da3d1db3a1ea282f74db0b6a0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads