bbf38b1880ee037302435376852431fa870f18b0fec8662a9d7739d1087381db

Analysis

max time kernel
24s
max time network
28s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-03-2023 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa682ef8adea6576fcbdd35c69c7be47.exe
Size

15.2MB
MD5

aa682ef8adea6576fcbdd35c69c7be47
SHA1

36c772e7b51f2d77b7ba9215d191b1b01c7887be
SHA256

76d973c062232bdb6b91edff08abe9c679ecca79f70f7b342f5ecd71f6211824
SHA512

198a73090be9651cff508fedabdd9f2963405f9df6b36705141157a1587122390021411bc7ead6447590490499bc0d6023dcfebfbfe2ca3d8aef2896fd4343e4
SSDEEP

393216:iuia5HFFqZsR641Y4YpvbYoady6H5jGbF:bHFb6411kUPi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

aa682ef8adea6576fcbdd35c69c7be47.exe

pid process

1736 aa682ef8adea6576fcbdd35c69c7be47.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

aa682ef8adea6576fcbdd35c69c7be47.exeaa682ef8adea6576fcbdd35c69c7be47.exe

pid process

1636 aa682ef8adea6576fcbdd35c69c7be47.exe
1736 aa682ef8adea6576fcbdd35c69c7be47.exe

pid	process
1736	aa682ef8adea6576fcbdd35c69c7be47.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

aa682ef8adea6576fcbdd35c69c7be47.exeaa682ef8adea6576fcbdd35c69c7be47.exe

pid	process
1636	aa682ef8adea6576fcbdd35c69c7be47.exe
1636	aa682ef8adea6576fcbdd35c69c7be47.exe
1636	aa682ef8adea6576fcbdd35c69c7be47.exe
1636	aa682ef8adea6576fcbdd35c69c7be47.exe
1736	aa682ef8adea6576fcbdd35c69c7be47.exe
1736	aa682ef8adea6576fcbdd35c69c7be47.exe
1736	aa682ef8adea6576fcbdd35c69c7be47.exe
1736	aa682ef8adea6576fcbdd35c69c7be47.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

aa682ef8adea6576fcbdd35c69c7be47.exe

description	pid	process	target process
PID 1636 wrote to memory of 1736	1636	aa682ef8adea6576fcbdd35c69c7be47.exe	aa682ef8adea6576fcbdd35c69c7be47.exe
PID 1636 wrote to memory of 1736	1636	aa682ef8adea6576fcbdd35c69c7be47.exe	aa682ef8adea6576fcbdd35c69c7be47.exe
PID 1636 wrote to memory of 1736	1636	aa682ef8adea6576fcbdd35c69c7be47.exe	aa682ef8adea6576fcbdd35c69c7be47.exe

C:\Users\Admin\AppData\Local\Temp\aa682ef8adea6576fcbdd35c69c7be47.exe
"C:\Users\Admin\AppData\Local\Temp\aa682ef8adea6576fcbdd35c69c7be47.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1636

C:\Users\Admin\AppData\Local\Temp\aa682ef8adea6576fcbdd35c69c7be47.exe
"C:\Users\Admin\AppData\Local\Temp\aa682ef8adea6576fcbdd35c69c7be47.exe"
2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1736

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16362\python311.dll
Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16362\python311.dll
Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
memory/1636-85-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1636-73-0x000000013FDC0000-0x0000000140315000-memory.dmp

Filesize
5.3MB

Download
memory/1636-83-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1636-84-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1636-54-0x00000000004D0000-0x00000000004F2000-memory.dmp

Filesize
136KB

Download
memory/1636-86-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1636-74-0x0000000001DE0000-0x0000000001E48000-memory.dmp

Filesize
416KB

Download
memory/1636-63-0x0000000001CA0000-0x0000000001CCD000-memory.dmp

Filesize
180KB

Download
memory/1736-165-0x0000000001C40000-0x0000000001C62000-memory.dmp

Filesize
136KB

Download
memory/1736-184-0x000000013FDC0000-0x0000000140315000-memory.dmp

Filesize
5.3MB

Download
memory/1736-185-0x0000000001E10000-0x0000000001E78000-memory.dmp

Filesize
416KB

Download
memory/1736-194-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/1736-195-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download