0b1f4fb88c6990884ed0bac5c1bd4843df3ba73728f96febe533935b54c16179

Analysis

max time kernel
39s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Helium 0.31/Helium.exe
Size

36.7MB
MD5

bb345f19d8f44acaa01e384a038ee071
SHA1

888fd0a1cd2d46696d517f166bc10ab0cc76a4dd
SHA256

0fb92f8ae827f978a189b8aa782472631be42f82298cedbee965f85e9d3bbf79
SHA512

2a3558181b2590cb7381202f648cad596158343042caea2bdead2a9703fc0779b4cba64ebcd21e3130af9e2091fdc957bafac510cecee8520deebddebbfddb1d
SSDEEP

786432:/zWUobyFiErUGOHzeMKVxzx5cfKc/wgKqVwvMzLvW9b2Z7ZuSYQkRpuj:7rRFiELOHzDCd5cFwVKrbc29LrS

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Helium.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Helium.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Helium.exe

Loads dropped DLL 59 IoCs

pid	Process
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000023189-317.dat	themida
behavioral1/files/0x0006000000023189-318.dat	themida
behavioral1/memory/1876-328-0x00000000528B0000-0x00000000534AF000-memory.dmp	themida
behavioral1/memory/1876-351-0x00000000528B0000-0x00000000534AF000-memory.dmp	themida
behavioral1/memory/1876-360-0x00000000528B0000-0x00000000534AF000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Helium.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe
1876	Helium.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1876	1016	Helium.exe	87
PID 1016 wrote to memory of 1876	1016	Helium.exe	87
PID 1876 wrote to memory of 4908	1876	Helium.exe	90
PID 1876 wrote to memory of 4908	1876	Helium.exe	90
PID 1876 wrote to memory of 4320	1876	Helium.exe	94
PID 1876 wrote to memory of 4320	1876	Helium.exe	94
PID 1876 wrote to memory of 1064	1876	Helium.exe	96
PID 1876 wrote to memory of 1064	1876	Helium.exe	96
PID 1876 wrote to memory of 3208	1876	Helium.exe	97
PID 1876 wrote to memory of 3208	1876	Helium.exe	97
PID 1876 wrote to memory of 2924	1876	Helium.exe	98
PID 1876 wrote to memory of 2924	1876	Helium.exe	98

C:\Users\Admin\AppData\Local\Temp\Helium 0.31\Helium.exe
"C:\Users\Admin\AppData\Local\Temp\Helium 0.31\Helium.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\Helium 0.31\Helium.exe
  "C:\Users\Admin\AppData\Local\Temp\Helium 0.31\Helium.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title login
    3⤵
    PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_cbc.cp39-win_amd64.pyd

Filesize
12KB

MD5
2bc8a9981e38fe7b8d73e9762504341c

SHA1
1e37aa8dbe536d209a034e21155cafd178e7b30e

SHA256
3de9f3e7ffe67e423ea2dc4bb9a7308be6d208156a6cf2cbb4fd95f6cf336b75

SHA512
ededa1e6287dc0ee39db0207ce2605391c29e43e5cfa67d8ab77992bd7d6599e60fb01af7288c0628b6479798ed7bb1a881dbf701640a662c6279d6d19525d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_cbc.cp39-win_amd64.pyd

Filesize
12KB

MD5
2bc8a9981e38fe7b8d73e9762504341c

SHA1
1e37aa8dbe536d209a034e21155cafd178e7b30e

SHA256
3de9f3e7ffe67e423ea2dc4bb9a7308be6d208156a6cf2cbb4fd95f6cf336b75

SHA512
ededa1e6287dc0ee39db0207ce2605391c29e43e5cfa67d8ab77992bd7d6599e60fb01af7288c0628b6479798ed7bb1a881dbf701640a662c6279d6d19525d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_cfb.cp39-win_amd64.pyd

Filesize
12KB

MD5
bbbfd13aee52e87e34c3a56f733f8b98

SHA1
6bf4016164b9115b5a24e2af5500bb4b168f8c10

SHA256
c1e5b711cabb5baf721eae3f188ac40d285f06e655cefa839f02586a1a857fbb

SHA512
e637e3d069e7ac87e10a19f4c02b2be30834694905780eefdc40292749c2acc169315b3ad2eeb99d6cb67ce04f39728a23aa6fd81e7b6581ba6f3372f9b8d122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_cfb.cp39-win_amd64.pyd

Filesize
12KB

MD5
bbbfd13aee52e87e34c3a56f733f8b98

SHA1
6bf4016164b9115b5a24e2af5500bb4b168f8c10

SHA256
c1e5b711cabb5baf721eae3f188ac40d285f06e655cefa839f02586a1a857fbb

SHA512
e637e3d069e7ac87e10a19f4c02b2be30834694905780eefdc40292749c2acc169315b3ad2eeb99d6cb67ce04f39728a23aa6fd81e7b6581ba6f3372f9b8d122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_ecb.cp39-win_amd64.pyd

Filesize
11KB

MD5
1f62698339d75ea82164853f9d1f1ee9

SHA1
c97ca5a2a3ae9174eb24194cd7fa8d4b01cccbe5

SHA256
f562d909872c7f160a7510ffe498bb0aa3d9a1bf44bce45fcf405e43832cfd8f

SHA512
eac07118cec0430d5990c13c6c71b8443ef85963b29aa38f2fe6a4363c203859cb771662bb70156bc8a030ca75694bd742b0a3dd536ea9ad7121bc4c0aec437e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_ecb.cp39-win_amd64.pyd

Filesize
11KB

MD5
1f62698339d75ea82164853f9d1f1ee9

SHA1
c97ca5a2a3ae9174eb24194cd7fa8d4b01cccbe5

SHA256
f562d909872c7f160a7510ffe498bb0aa3d9a1bf44bce45fcf405e43832cfd8f

SHA512
eac07118cec0430d5990c13c6c71b8443ef85963b29aa38f2fe6a4363c203859cb771662bb70156bc8a030ca75694bd742b0a3dd536ea9ad7121bc4c0aec437e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_ofb.cp39-win_amd64.pyd

Filesize
11KB

MD5
20637c39a407f04e167218e2e94bf619

SHA1
08536d571e43eaa5ff24d3d5ba9825922bfe9c53

SHA256
0149decdb33072619222de80b8a55f554bf816e54fdd2ec436df839a4b7c66c5

SHA512
bc182bda16bd91faf0d02b7c9d5eb846570d14dfbf0a5448eb3c0c5d96830bb7831206b3d520f715c7d918994697296e1e6a87ab3bca545126b555b228626f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\Crypto\Cipher\_raw_ofb.cp39-win_amd64.pyd

Filesize
11KB

MD5
20637c39a407f04e167218e2e94bf619

SHA1
08536d571e43eaa5ff24d3d5ba9825922bfe9c53

SHA256
0149decdb33072619222de80b8a55f554bf816e54fdd2ec436df839a4b7c66c5

SHA512
bc182bda16bd91faf0d02b7c9d5eb846570d14dfbf0a5448eb3c0c5d96830bb7831206b3d520f715c7d918994697296e1e6a87ab3bca545126b555b228626f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\MSVCP140.dll

Filesize
605KB

MD5
0f706cec42ec030ce93bf3a4c8f7c6fb

SHA1
8c7f34f1bc77603ec3e828c42e88fbb3b428977f

SHA256
46ca5d1abe9ae78b78a3ee060f4ad4cb3366a8c36af29e5ad94b50df298e9599

SHA512
009c7e00c87f8857b84c02a1ec7b8ccdabbf6498116940dbf94e1a459b40c40f98badc2948564497871d738fbfac268576e85859cf22e3804e66bc41ae777f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\MSVCP140.dll

Filesize
605KB

MD5
0f706cec42ec030ce93bf3a4c8f7c6fb

SHA1
8c7f34f1bc77603ec3e828c42e88fbb3b428977f

SHA256
46ca5d1abe9ae78b78a3ee060f4ad4cb3366a8c36af29e5ad94b50df298e9599

SHA512
009c7e00c87f8857b84c02a1ec7b8ccdabbf6498116940dbf94e1a459b40c40f98badc2948564497871d738fbfac268576e85859cf22e3804e66bc41ae777f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140_1.dll

Filesize
36KB

MD5
7667b0883de4667ec87c3b75bed84d84

SHA1
e6f6df83e813ed8252614a46a5892c4856df1f58

SHA256
04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d

SHA512
968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140_1.dll

Filesize
36KB

MD5
7667b0883de4667ec87c3b75bed84d84

SHA1
e6f6df83e813ed8252614a46a5892c4856df1f58

SHA256
04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d

SHA512
968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_brotli.cp39-win_amd64.pyd

Filesize
861KB

MD5
2c7528407abfd7c6ef08f7bcf2e88e21

SHA1
ee855c0cde407f9a26a9720419bf91d7f1f283a7

SHA256
093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

SHA512
93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_brotli.cp39-win_amd64.pyd

Filesize
861KB

MD5
2c7528407abfd7c6ef08f7bcf2e88e21

SHA1
ee855c0cde407f9a26a9720419bf91d7f1f283a7

SHA256
093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

SHA512
93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_bz2.pyd

Filesize
84KB

MD5
124678d21d4b747ec6f1e77357393dd6

SHA1
dbfb53c40d68eba436934b01ebe4f8ee925e1f8e

SHA256
9483c4853ca1da3c5b2310dbdd3b835a44df6066620278aa96b2e665c4b4e86b

SHA512
2882779b88ed48af1e27c2bc212ddc7e4187d26a28a90655cef98dd44bc07cc93da5bce2442af26d7825639590b1e2b78bf619d50736d67164726a342be348fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_bz2.pyd

Filesize
84KB

MD5
124678d21d4b747ec6f1e77357393dd6

SHA1
dbfb53c40d68eba436934b01ebe4f8ee925e1f8e

SHA256
9483c4853ca1da3c5b2310dbdd3b835a44df6066620278aa96b2e665c4b4e86b

SHA512
2882779b88ed48af1e27c2bc212ddc7e4187d26a28a90655cef98dd44bc07cc93da5bce2442af26d7825639590b1e2b78bf619d50736d67164726a342be348fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_cffi_backend.cp39-win_amd64.pyd

Filesize
177KB

MD5
ba20b38817bd31b386615e6cf3096940

SHA1
dfd0286bc3d11d779f6b24f4245b5602b1842df0

SHA256
0fffe7a441f2c272a7c6d8cf5eb1adce71fde6f6102bc7c1ceb90e05730c4b07

SHA512
b580c1c26f4ddea3fb7050c83839e9e3ede7659f934928072ae8da53db0c92babc72dbc01130ec931f4ec87e3a3118b6d6c42a4654cd6775e24710517585b275

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_cffi_backend.cp39-win_amd64.pyd

Filesize
177KB

MD5
ba20b38817bd31b386615e6cf3096940

SHA1
dfd0286bc3d11d779f6b24f4245b5602b1842df0

SHA256
0fffe7a441f2c272a7c6d8cf5eb1adce71fde6f6102bc7c1ceb90e05730c4b07

SHA512
b580c1c26f4ddea3fb7050c83839e9e3ede7659f934928072ae8da53db0c92babc72dbc01130ec931f4ec87e3a3118b6d6c42a4654cd6775e24710517585b275

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_ctypes.pyd

Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_ctypes.pyd

Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_hashlib.pyd

Filesize
64KB

MD5
ae32a39887d7516223c1e7ffdc3b6911

SHA1
94b9055c584df9afb291b3917ff3d972b3cd2492

SHA256
7936413bc24307f01b90cac2d2cc19f38264d396c1ab8eda180abba2f77162eb

SHA512
1f17af61c917fe373f0a40f06ce2b42041447f9e314b2f003b9bd62df87c121467d14ce3f8e778d3447c4869bf381c58600c1e11656ebda6139e6196262ae17e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_hashlib.pyd

Filesize
64KB

MD5
ae32a39887d7516223c1e7ffdc3b6911

SHA1
94b9055c584df9afb291b3917ff3d972b3cd2492

SHA256
7936413bc24307f01b90cac2d2cc19f38264d396c1ab8eda180abba2f77162eb

SHA512
1f17af61c917fe373f0a40f06ce2b42041447f9e314b2f003b9bd62df87c121467d14ce3f8e778d3447c4869bf381c58600c1e11656ebda6139e6196262ae17e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_lzma.pyd

Filesize
159KB

MD5
a77c9a75ed7d9f455e896b8fb09b494c

SHA1
c85d30bf602d8671f6f446cdaba98de99793e481

SHA256
4797aaf192eb56b32ca4febd1fad5be9e01a24e42bf6af2d04fcdf74c8d36fa5

SHA512
4d6d93aa0347c49d3f683ee7bc91a3c570c60126c534060654891fad0391321e09b292c9386fb99f6ea2c2eca032889841fce3cab8957bb489760daac6f79e71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_lzma.pyd

Filesize
159KB

MD5
a77c9a75ed7d9f455e896b8fb09b494c

SHA1
c85d30bf602d8671f6f446cdaba98de99793e481

SHA256
4797aaf192eb56b32ca4febd1fad5be9e01a24e42bf6af2d04fcdf74c8d36fa5

SHA512
4d6d93aa0347c49d3f683ee7bc91a3c570c60126c534060654891fad0391321e09b292c9386fb99f6ea2c2eca032889841fce3cab8957bb489760daac6f79e71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_pytransform.dll

Filesize
4.7MB

MD5
6483495a26079e18e695337a7bede36c

SHA1
118feb85f90c28505c76d510ab6474ad4dfa7c71

SHA256
91d395d73c514e107d43129ff6f00c7c4437752a956fe107bc96fa683476c0ae

SHA512
f030fa625861537718418e41dba7bfdc8793aec8cdea2c42301249fa02980557a16f31c997665f9a0c420ac0c105e7d507473bbfd6f7aa144fd38a6b1f756cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_pytransform.dll

Filesize
4.7MB

MD5
6483495a26079e18e695337a7bede36c

SHA1
118feb85f90c28505c76d510ab6474ad4dfa7c71

SHA256
91d395d73c514e107d43129ff6f00c7c4437752a956fe107bc96fa683476c0ae

SHA512
f030fa625861537718418e41dba7bfdc8793aec8cdea2c42301249fa02980557a16f31c997665f9a0c420ac0c105e7d507473bbfd6f7aa144fd38a6b1f756cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_queue.pyd

Filesize
28KB

MD5
e64538868d97697d62862b52df32d81b

SHA1
2279c5430032ad75338bab3aa28eb554ecd4cd45

SHA256
b0bd6330c525b4c64d036d29a3733582928e089d99909500e8564ae139459c5f

SHA512
8544f5df6d621a5ff2ca26da65b49f57e19c60b4177a678a00a5feb130bf0902f780b707845b5a4dd9f12ddb673b462f77190e71cbe358db385941f0f38e4996

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_queue.pyd

Filesize
28KB

MD5
e64538868d97697d62862b52df32d81b

SHA1
2279c5430032ad75338bab3aa28eb554ecd4cd45

SHA256
b0bd6330c525b4c64d036d29a3733582928e089d99909500e8564ae139459c5f

SHA512
8544f5df6d621a5ff2ca26da65b49f57e19c60b4177a678a00a5feb130bf0902f780b707845b5a4dd9f12ddb673b462f77190e71cbe358db385941f0f38e4996

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_socket.pyd

Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_socket.pyd

Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_ssl.pyd

Filesize
151KB

MD5
6f52439450ad38bf940eef2b662e4234

SHA1
3dea643fac7e10cae16c6976982a626dd59ff64a

SHA256
31c95af04a76d3badbdd3970d9b4c6b9a72278e69d0d850a4710f1d9a01618d7

SHA512
fdd97e04f4a7b1814c2f904029dfb5cdfcd8a125fce884dcd6fdb09fb8a691963192192f22cf4e9d79dd2598cf097a8764aeec7a79e70a9795250c8ef0024474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_ssl.pyd

Filesize
151KB

MD5
6f52439450ad38bf940eef2b662e4234

SHA1
3dea643fac7e10cae16c6976982a626dd59ff64a

SHA256
31c95af04a76d3badbdd3970d9b4c6b9a72278e69d0d850a4710f1d9a01618d7

SHA512
fdd97e04f4a7b1814c2f904029dfb5cdfcd8a125fce884dcd6fdb09fb8a691963192192f22cf4e9d79dd2598cf097a8764aeec7a79e70a9795250c8ef0024474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_uuid.pyd

Filesize
23KB

MD5
4b12242f880989cb909246c19616e82f

SHA1
df1c6459959b040babf21c2ec2ee765ce6103086

SHA256
02e05c2dc07b699fb7e6178526d6f32127e8d9b7aed0720446d186824d4fd1db

SHA512
2b3df39d886981fa123420c256a97ce075a4f7c6728a4f0e15615b9b7f3f0bad6cbbf46c4d417afa25ab8cdf50303a1209677827ed4877494cfac8f6494d263e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_uuid.pyd

Filesize
23KB

MD5
4b12242f880989cb909246c19616e82f

SHA1
df1c6459959b040babf21c2ec2ee765ce6103086

SHA256
02e05c2dc07b699fb7e6178526d6f32127e8d9b7aed0720446d186824d4fd1db

SHA512
2b3df39d886981fa123420c256a97ce075a4f7c6728a4f0e15615b9b7f3f0bad6cbbf46c4d417afa25ab8cdf50303a1209677827ed4877494cfac8f6494d263e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\base_library.zip

Filesize
1013KB

MD5
d0c2a0093ce0d6152838c46b7872defb

SHA1
fd6fa9796a6de12b7f47777a7063897a44d1a206

SHA256
1a1737850d897b1533064eff89f4ffa6de5415926ad7e9e1521e70c5bf97b554

SHA512
1dece254b55fee9c9a2d27bd511ff7a95b3d5634d3ba7cae2c989a3d91961b3312e2c7ce5efe7ab62b0dce63b2011f8c4e3699bc14b0f25d59e1f2afac7c1e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pyexpat.pyd

Filesize
199KB

MD5
801d35409fec61ce6852e3540889c9c7

SHA1
a3c7e44433ebfef5359d12b9ac2f64782ccff3e9

SHA256
ab0814b19fd6b10d2729a907cf449f8a858a42b3f1288fb1c93b62950059295d

SHA512
d1f81469d1407b42c7aa207013c79d393ed8f598c9cf1f9d2bf3419ff82c2cd4817a5360d0af963bfd45d28f8adcedeb54701d56b06f4c0f96daa92dfec755d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pyexpat.pyd

Filesize
199KB

MD5
801d35409fec61ce6852e3540889c9c7

SHA1
a3c7e44433ebfef5359d12b9ac2f64782ccff3e9

SHA256
ab0814b19fd6b10d2729a907cf449f8a858a42b3f1288fb1c93b62950059295d

SHA512
d1f81469d1407b42c7aa207013c79d393ed8f598c9cf1f9d2bf3419ff82c2cd4817a5360d0af963bfd45d28f8adcedeb54701d56b06f4c0f96daa92dfec755d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python3.DLL

Filesize
58KB

MD5
d188e47657686c51615075f56e7bbb92

SHA1
98dbd7e213fb63e851b76da018f5e4ae114b1a0c

SHA256
84cb29052734ec4ad5d0eac8a9156202a2077ee9bd43cabc68e44ee22a74910a

SHA512
96ca8c589ab5db5fde72d35559170e938ce283559b1b964c860629579d6a231e1c1a1952f3d08a8af35d1790228ac8d97140b25b9c96d43f45e3398459ae51bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python3.dll

Filesize
58KB

MD5
d188e47657686c51615075f56e7bbb92

SHA1
98dbd7e213fb63e851b76da018f5e4ae114b1a0c

SHA256
84cb29052734ec4ad5d0eac8a9156202a2077ee9bd43cabc68e44ee22a74910a

SHA512
96ca8c589ab5db5fde72d35559170e938ce283559b1b964c860629579d6a231e1c1a1952f3d08a8af35d1790228ac8d97140b25b9c96d43f45e3398459ae51bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pywin32_system32\pythoncom39.dll

Filesize
654KB

MD5
f81a9fecc26f080a8c78edaf2a46f1e4

SHA1
d0f99829774bce3db8ce03470b20ed4fbc75a055

SHA256
a9cc9c111293f8edf91c439858ff8b97b2197574cd37d9d07bbbd455e09421e6

SHA512
c6ec31dee7c4bf36bb05688955ddeeb239adfefc9140c4f0067f718aa841bf83bc4a19523b609393674358842628f58adbfbc6fe3edef055d20aad9222657a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pywin32_system32\pythoncom39.dll

Filesize
654KB

MD5
f81a9fecc26f080a8c78edaf2a46f1e4

SHA1
d0f99829774bce3db8ce03470b20ed4fbc75a055

SHA256
a9cc9c111293f8edf91c439858ff8b97b2197574cd37d9d07bbbd455e09421e6

SHA512
c6ec31dee7c4bf36bb05688955ddeeb239adfefc9140c4f0067f718aa841bf83bc4a19523b609393674358842628f58adbfbc6fe3edef055d20aad9222657a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pywin32_system32\pywintypes39.dll

Filesize
129KB

MD5
74f0a90fbdd64f0c431cbf55a47eab35

SHA1
ef8711c4d6539ef0fde786976f665cd3bacff901

SHA256
684267ae1acf4a7cc069e511ffd72bbc8d9d071ee23c4a7d98156374dbf87958

SHA512
69cfa5766d376fb4caf23e2adb4fa374eb01ec645e1d1b71f44e264c130eee888e75bc46b99465def162601f487b41917bc245aa2d1f9bd194aa7dff31ebb6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\pywin32_system32\pywintypes39.dll

Filesize
129KB

MD5
74f0a90fbdd64f0c431cbf55a47eab35

SHA1
ef8711c4d6539ef0fde786976f665cd3bacff901

SHA256
684267ae1acf4a7cc069e511ffd72bbc8d9d071ee23c4a7d98156374dbf87958

SHA512
69cfa5766d376fb4caf23e2adb4fa374eb01ec645e1d1b71f44e264c130eee888e75bc46b99465def162601f487b41917bc245aa2d1f9bd194aa7dff31ebb6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\select.pyd

Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\select.pyd

Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\ucrtbase.dll

Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\ucrtbase.dll

Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\unicodedata.pyd

Filesize
1.1MB

MD5
87f3e3cf017614f58c89c087f63a9c95

SHA1
0edc1309e514f8a147d62f7e9561172f3b195cd7

SHA256
ba6606dcdf1db16a1f0ef94c87adf580bb816105d60cf08bc570b17312a849da

SHA512
73f00f44239b2744c37664dbf2b7df9c178a11aa320b9437055901746036003367067f417414382977bf8379df8738c862b69d8d36c6e6aa0b0650833052c85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\unicodedata.pyd

Filesize
1.1MB

MD5
87f3e3cf017614f58c89c087f63a9c95

SHA1
0edc1309e514f8a147d62f7e9561172f3b195cd7

SHA256
ba6606dcdf1db16a1f0ef94c87adf580bb816105d60cf08bc570b17312a849da

SHA512
73f00f44239b2744c37664dbf2b7df9c178a11aa320b9437055901746036003367067f417414382977bf8379df8738c862b69d8d36c6e6aa0b0650833052c85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\win32api.pyd

Filesize
129KB

MD5
2c792ab3c75a897aaf4355532872e48e

SHA1
eb7742196a17fd7e4badaab82bb32d06f9948082

SHA256
e68bf1a0e2f1aafff0558dcb40b8916f971860eeeaf6ccdf726d4bffbadd7d1e

SHA512
31464abd6e64045308727e71e81969175a521c762e2344112403ff5f998ab6e3249d33e9c8e8e46fd1521c9dd700f535e47435b5ba179e98421dc6f35162eda3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\win32api.pyd

Filesize
129KB

MD5
2c792ab3c75a897aaf4355532872e48e

SHA1
eb7742196a17fd7e4badaab82bb32d06f9948082

SHA256
e68bf1a0e2f1aafff0558dcb40b8916f971860eeeaf6ccdf726d4bffbadd7d1e

SHA512
31464abd6e64045308727e71e81969175a521c762e2344112403ff5f998ab6e3249d33e9c8e8e46fd1521c9dd700f535e47435b5ba179e98421dc6f35162eda3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\win32security.pyd

Filesize
134KB

MD5
4726331b0df8bd9850bbd847eab65543

SHA1
c5213dab8174cc7a571e9729f0d1d2ccc7160829

SHA256
acb067821b2f0573244b153bdaad362fa87c89beae919478fa0801f8d2ad4c56

SHA512
9453278f5de1ed9a2f5e2545d6466c271a8f4c3dac350d3ea4961aec84f8d66e5a1fecefb41cdc300ef765bfa180ac6cbf9666ac492c02e54688eefa8f3bcef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\win32security.pyd

Filesize
134KB

MD5
4726331b0df8bd9850bbd847eab65543

SHA1
c5213dab8174cc7a571e9729f0d1d2ccc7160829

SHA256
acb067821b2f0573244b153bdaad362fa87c89beae919478fa0801f8d2ad4c56

SHA512
9453278f5de1ed9a2f5e2545d6466c271a8f4c3dac350d3ea4961aec84f8d66e5a1fecefb41cdc300ef765bfa180ac6cbf9666ac492c02e54688eefa8f3bcef8

Download Submit
memory/1876-328-0x00000000528B0000-0x00000000534AF000-memory.dmp

Filesize
12.0MB

Download
memory/1876-351-0x00000000528B0000-0x00000000534AF000-memory.dmp

Filesize
12.0MB

Download
memory/1876-352-0x000001B397E30000-0x000001B3980F9000-memory.dmp

Filesize
2.8MB

Download
memory/1876-353-0x00007FFBB3900000-0x00007FFBB57AF000-memory.dmp

Filesize
30.7MB

Download
memory/1876-354-0x000001B39E550000-0x000001B39F3CF000-memory.dmp

Filesize
14.5MB

Download
memory/1876-360-0x00000000528B0000-0x00000000534AF000-memory.dmp

Filesize
12.0MB

Download
memory/1876-361-0x000001B397E30000-0x000001B3980F9000-memory.dmp

Filesize
2.8MB

Download
memory/1876-362-0x00007FFBB3900000-0x00007FFBB57AF000-memory.dmp

Filesize
30.7MB

Download
memory/1876-363-0x000001B39E550000-0x000001B39F3CF000-memory.dmp

Filesize
14.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads