c6490509b831c01c4f9a922b679afdcf6c6282201b388debd21fb0f97b5523f3

Analysis

max time kernel
14s
max time network
18s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pong.exe
Size

25.1MB
MD5

6dc6564f84008babc69055aeb05f2887
SHA1

8d1edb8c643fa2911e76d32bd8db5592ec4cdda9
SHA256

c6490509b831c01c4f9a922b679afdcf6c6282201b388debd21fb0f97b5523f3
SHA512

b3a6b670026d14060eb6d61ea963d2097206e4c1328bcae6a436f7351dc6a75baf860e64c7d8ebe870a6a86db87b259ce12951e9514ae2d739ddc068674d6168
SSDEEP

786432:vJGLA7yi1UD66666qV+fDpN3aUI7d4nFyyYNB:v0L9iqfEfzCvys

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 58 IoCs

Processes:

Pong.exe

pid	process
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe
2660	Pong.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Pong.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Pong.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Pong.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Pong.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	Pong.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4308 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4308 AUDIODG.EXE
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Pong.exe

pid process

2660 Pong.exe

description	pid	process
Token: 33	4308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4308	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Pong.exePong.exe

description	pid	process	target process
PID 2148 wrote to memory of 2660	2148	Pong.exe	Pong.exe
PID 2148 wrote to memory of 2660	2148	Pong.exe	Pong.exe
PID 2660 wrote to memory of 3988	2660	Pong.exe	cmd.exe
PID 2660 wrote to memory of 3988	2660	Pong.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Pong.exe
"C:\Users\Admin\AppData\Local\Temp\Pong.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Pong.exe
"C:\Users\Admin\AppData\Local\Temp\Pong.exe"
2⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:3988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x368
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4308

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21482\SDL2_image.dll
Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\VCRUNTIME140.dll
Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\_bz2.pyd
Filesize
82KB

MD5
a8a37ba5e81d967433809bf14d34e81d

SHA1
e4d9265449950b5c5a665e8163f7dda2badd5c41

SHA256
50e21ce62f8d9bab92f6a7e9b39a86406c32d2df18408bb52ffb3d245c644c7b

SHA512
b50f4334acb54a6fba776fc77ca07de4940810da4378468b3ca6f35d69c45121ff17e1f9c236752686d2e269bd0b7bce31d16506d3896b9328671049857ed979

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\_ctypes.pyd
Filesize
120KB

MD5
496dcf8821ffc12f476878775999a8f3

SHA1
6b89b8fdd7cd610c08e28c3a14b34f751580cffd

SHA256
b59e103f8ec6c1190ded21eef27bea01579220909c3968eeec37d46d2ed39e80

SHA512
07118f44b83d58f333bc4b853e9be66dffb3f7db8e65e0226975297bf5794ebdaa2c7a51ef84971faf4d4233a68a6b5e9ac02e737d16c0ac19a6cf65fad9443f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\_lzma.pyd
Filesize
155KB

MD5
bc07d7ac5fdc92db1e23395fde3420f2

SHA1
e89479381beeba40992d8eb306850977d3b95806

SHA256
ab822f7e846d4388b6f435d788a028942096ba1344297e0b7005c9d50814981b

SHA512
b6105333bb15e65afea3cf976b3c2a8a4c0ebb09ce9a7898a94c41669e666ccfa7dc14106992502abf62f1deb057e926e1fd3368f2a2817bbf6845eada80803d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\_queue.pyd
Filesize
31KB

MD5
e0cc8c12f0b289ea87c436403bc357c1

SHA1
e342a4a600ef9358b3072041e66f66096fae4da4

SHA256
9517689d7d97816dee9e6c01ffd35844a3af6cde3ff98f3a709d52157b1abe03

SHA512
4d93f23db10e8640cd33e860241e7ea6a533daf64c36c4184844e6cca7b9f4bd41db007164a549e30f5aa9f983345318ff02d72815d51271f38c2e8750df4d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\_socket.pyd
Filesize
77KB

MD5
290dbf92268aebde8b9507b157bef602

SHA1
bea7221d7abbbc48840b46a19049217b27d3d13a

SHA256
e05c5342d55cb452e88e041061faba492d6dd9268a7f67614a8143540aca2bfe

SHA512
9ae02b75e722a736b2d76cec9c456d20f341327f55245fa6c5f78200be47cc5885cb73dc3e42e302c6f251922ba7b997c6d032b12a4a988f39bc03719f21d1a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\base_library.zip
Filesize
1.7MB

MD5
913d33c98fb537faec57b2f8e9ad94b7

SHA1
3697a3860be9fc16f3612a9e9e10ec3509671409

SHA256
e6bc2eb11949bc0c943ac012ddf21ea318fae8cda8c4cdecdfe0df7b33d6c3b1

SHA512
79e0b4d833f5bbf6e19cb8df1bcb1e1c02f59acf44e3e72a31ea2c2e301d113b62e16ac59532b946f43c79519713f9b3b9afd9fedd3a89eece0410144b9d8a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\libffi-8.dll
Filesize
37KB

MD5
d86a9d75380fab7640bb950aeb05e50e

SHA1
1c61aaf9022cd1f09a959f7b2a65fb1372d187d7

SHA256
68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b

SHA512
18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\libpng16-16.dll
Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pyexpat.pyd
Filesize
194KB

MD5
c5c1ca1b3641772e661f85ef0166fd6c

SHA1
759a34eca7efa25321a76788fb7df74cfac9ee59

SHA256
3d81d06311a8a15967533491783ea9c7fc88d594f40eee64076723cebdd58928

SHA512
4f0d2a6f15ebeeb4f9151827bd0c2120f3ca17e07fca4d7661beece70fdcf1a0e4c4ff5300251f2550451f98ea0fdbf45e8903225b7d0cb8da2851cdf62cb8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\SDL2.dll
Filesize
2.3MB

MD5
e1245eddc5483db7c08b23dba748d2bd

SHA1
13e74d061b2cd4a4aad84ceef4f9c6163c9f24ad

SHA256
3936d436b711264fe648ef2fefb39a6d308cd1e160732ed4b08a1d755b07dc41

SHA512
2c68493809a7c40e659146415bbdf6cbac87294b2ce679e41e90106667e148f6f05f8f9c97d58045bc954028f2bd83bd1a3a4580db499ef1bbaac5336b29efcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\base.cp311-win_amd64.pyd
Filesize
30KB

MD5
b8c84b22aef2db6e15655e725224353d

SHA1
49f217ea5ff064744b99d2261e5ba19620e860dd

SHA256
82fc5696c243518d618a2547167114e723b61b2a1167c05734fc6e84c352c8c4

SHA512
9854ff3cdf99f8881a21aed963190ebedae16d13730deba26beda75e28af19815a6c44ca9d97526645c820fa6da27bac7b2bb65ee3169ec55c1bebc43dcc3226

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\bufferproxy.cp311-win_amd64.pyd
Filesize
18KB

MD5
a46562b97a6185ddfd118e86a23f9b1f

SHA1
8fe8b99e25b7e817af25c169becda7c40bdc606c

SHA256
648f904f08c829e341f8a153652868fa4400dea3d4ae7d4cf1a76b53e9842500

SHA512
742d72a1b93cc9674c9558f1911ad25c1acbbb971a8c634d39efbd5cce42968b8d3e90fb07a588704b11e7afac7613fe8f69c4b1c724c70c95818c3e2b8fc574

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\color.cp311-win_amd64.pyd
Filesize
34KB

MD5
07caa0cea90ccff9795e71c45a77c55f

SHA1
1450ed807dfd9eadaf653a5251e2f9f0dc7c5fd0

SHA256
f2e03407f276e64f1ca48f986757bd0364c0a7053364786a3754d49b032d56fb

SHA512
d1e9187b868021da8b953452238ac79acf8c53b921144ec1484ad4f36c868ebda8ba2a43de5060a43958ac98e703c251403ad5706e18044e0f3ae923f2a11314

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\constants.cp311-win_amd64.pyd
Filesize
49KB

MD5
35b95b706bc6baf9159cb9ee574dca44

SHA1
b14fa9099fa66d6e763788db1e4b0d3a83437041

SHA256
f78542639a0cf5b3f70f91cfb71e5c609553c3c38b0f1515a713c7b34caae3d6

SHA512
8e2e400dde88991937bbe6319bf18ca2ca8e826acdb0fc8d0bcaf26b3397351a7fe6a99401e4c4cb36affb1b17270126ed0a40c03ff5bfb3313cbc9c064ac6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\display.cp311-win_amd64.pyd
Filesize
43KB

MD5
4d7ca6f92721b45c2bf009ba01239a24

SHA1
8afd2c0e5f4719067a0461529ea6f478eb4e3813

SHA256
674c0d07bfa03fbe30b621887db404cf98ebc51bcfd3159e5fb1cc372adb04c8

SHA512
0c91cac5b41f6c93f132b3d4b4677f96ec70457899d408431c4c240f6d3a39dffdefa0cf8756c3bc4cc11ed05314c3037d594ece855944c1bbc6438801c7e634

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\draw.cp311-win_amd64.pyd
Filesize
48KB

MD5
4dfe3be92308b9be925efe85b7b301fb

SHA1
7849002d02375b656c44154990d4cf2e9e0d22a5

SHA256
2d0f79e9e088dd433c13c6a0b6ba2caf3c0428cf17a699bde15359da11219462

SHA512
5261bbe73db0abaa9571a030af2e532710704c0de4bd8ad5e3ced47b2748194fcb149a79b0e1ab3c3162d127d8e8ff781fa91ebe19fa557d1f1cd7353b44cda0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\event.cp311-win_amd64.pyd
Filesize
42KB

MD5
8cf3b6ee9bf737f9ca5025c97b33d9c8

SHA1
c18214ea5ff46e03058d16b8f7142e66f2b7136c

SHA256
fa88497529e7004eb269634ecedd59947418cfea8f0beafbde43cd4f99255217

SHA512
d761aa6a3d547378dc7c03918d1f1a595d9c901bdc7a6ee0b821ff7b99c1fdbc602e8525b88f06bf8e0999a651104d4d29054ccfdc76f32d271f350189d86b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\image.cp311-win_amd64.pyd
Filesize
29KB

MD5
6e9e0809ede45bb922ce999f4f6a577f

SHA1
ec1db28c7a4719462fe4d57e59a9ba92fd7dd813

SHA256
5112dc16ce5e7cd7234bb90d83dcb9c5fcabfd014c227a450f6a5517661c3d48

SHA512
822404c5f4865978f245393c87c35a9bda48f2c7336dde7839616438e976103aa9c400a38304ed22d6af23d89aab6bca110cbb538e1251b6e845bb935819e297

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\imageext.cp311-win_amd64.pyd
Filesize
17KB

MD5
34df782d022bb5ce9ebac4d0906bf573

SHA1
078c6915559439187bb528fbc19c89a0aef6dad9

SHA256
f681e435ecd3b1b53e442c63a82fa23619ca043814b90e2a3723e9f642892308

SHA512
475cbe2585b5ac939e174b353d1d3d8d034875ac04c3d17d6769c462258a51f9e1e608a09014fd1f545c6fb52b8ce1aa1aaaedffa375644659979b1bffab70b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\joystick.cp311-win_amd64.pyd
Filesize
20KB

MD5
99ba1436515cf90e471ff4de8a837ce6

SHA1
45c5cb362ff259dd86b2e2ee2536ed2392b11f0a

SHA256
421b5da80638812f4faa01e92ae5bd471a06e3193be631d272e59ddcc90ff17d

SHA512
cd6765624d652836568ffa9f90124172f92f49107eacf44c87d61aa766ea45e9d7cf81c4f699985339e1132f95a04e7d2b0990b1e49dbb5699fda2907e56da07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\key.cp311-win_amd64.pyd
Filesize
20KB

MD5
be88af51a619838c35383a8aa4a41df7

SHA1
8ff922a1f796209294548fa0968325513736b4b5

SHA256
375f1b3e9a4d75c63985145d3b1f79d38503bb66bf12fa11e0df12ccb0f4d502

SHA512
1ce3bdcbc5927f29cd1c50c6b5179793942bf0bb825bf96e9b8faf40277c008ff08acec7aee1f596933a813a367b750da9daa871cf731945f3ed1e363cf7854d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\math.cp311-win_amd64.pyd
Filesize
74KB

MD5
152b9e1c7817705e9154975e945186e9

SHA1
3087cd28674d755209b9d871e34810f9670eb18b

SHA256
1fc24b42772b0065e062513b7e4fd426cb05278de5b2d4f1627c45d253742580

SHA512
f76d16828839c15d7baafaa94c1cef5942898b91acb8406fbdb5cc0a5ec26e3c73bc089dc322aca9db61935f0d81e16c7f7d26d23296f127cfea4084b4fbf8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\mouse.cp311-win_amd64.pyd
Filesize
19KB

MD5
729c77f6392667dc47f13c3b610040d2

SHA1
4ff492918ba575f21795c81d859d66cc4dc0183f

SHA256
8cb2579a5f11d187dd08f5eeb0790388fe8d87280ac90e16e2acb77c171b7990

SHA512
1591526aa72c97471f31c4c5dfe08ce272cd1ca80882b0cb3dab71bc9387287e12fd7af88d80df3fba0a02f65e95108cb5695e73ad2a2989a9ba12ebc4030c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\rect.cp311-win_amd64.pyd
Filesize
43KB

MD5
03c572132e1007f2d384191be528f407

SHA1
ef4bdd979b4d2c9cac8a3e60aa2197bf30742829

SHA256
378876fa0964428834fff5bb4be5f31811d41eb1cc834968b6c8ad49cb06e07e

SHA512
8dfb8c73e5423703fadbf1e9fae1d6be6ec1b46412001bab928ac4bc6bc7ea07a15a4b4ef311418ba67decefd4ff161a7362a0ae9dad6fd8bd7d4265281ed074

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\rwobject.cp311-win_amd64.pyd
Filesize
19KB

MD5
dad0e0ca5f7e1cc86fe7f64e2829c90a

SHA1
032b0171bb4b4b8436dda7884aacb775de71e70c

SHA256
290f915d449ef54a9cc29d8179fbcce839cadf257c3a1fd9312f615845c085d2

SHA512
078b52e75f2ae126598e122fec465a73dc749c5fc8116bea0320150d9f38dd66bbf23a90060ed285e2a13d95f904c06489abd6e1ffdbca5e9a0191f4b4b0a1d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\surface.cp311-win_amd64.pyd
Filesize
233KB

MD5
ddef44b1f5412d5cb03a7e756918606a

SHA1
c90073ad7e66d9e8768edea9ae021554138764f2

SHA256
323afe0979baf169726121d312b413210b4c8c4a9ebf598dc82e6d5cf74e53d4

SHA512
1c376853f242f0524f972ecbf16943f667d22393f8c5dfa5fa1b6c4ce98b4e252738965619a44763e710c09a788ddbde7c7940edce04507e0af9041540596142

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\surflock.cp311-win_amd64.pyd
Filesize
13KB

MD5
738355ae41e50ceab14e21ce573aa755

SHA1
81c160034484acb3d2f6e4f443edd89cf62b5fe2

SHA256
f9391934995794b674e55eacf30cc13dbc66ac274b90192f713913be75693a49

SHA512
a7eb31cd302c8b7d1099a3af2327a84fe9f5bdb433f942aa5fe5d60011ac3c919bb5987c9e4440f8208bf2153ed5b3acad197b6af8d2c1653fa144583c933000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\time.cp311-win_amd64.pyd
Filesize
18KB

MD5
bb7a917ee7332f43f023cefa3497af80

SHA1
b764120bb141beaaf045bdf65e356c341bca7757

SHA256
fd56068be5af3f1e2d6b3b0ae0b9b9b14b964438e7d97b9a5a8459c0ebf252c3

SHA512
e67a8820a9d5c7e04ce0e51f81bd44ae3b7bdc50a37f1493bf92163995aed71eb15e7b5bbbae4683bfc3c7734b2c4cc263a4ba8ed82a008c89544bcde441b0f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\python311.dll
Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\select.pyd
Filesize
29KB

MD5
4ac28414a1d101e94198ae0ac3bd1eb8

SHA1
718fbf58ab92a2be2efdb84d26e4d37eb50ef825

SHA256
b5d4d5b6da675376bd3b2824d9cda957b55fe3d8596d5675381922ef0e64a0f5

SHA512
2ac15e6a178c69115065be9d52c60f8ad63c2a8749af0b43634fc56c20220afb9d2e71ebed76305d7b0dcf86895ed5cdfb7d744c3be49122286b63b5ebce20c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21482\zlib1.dll
Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\SDL2_image.dll
Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\VCRUNTIME140.dll
Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\_bz2.pyd
Filesize
82KB

MD5
a8a37ba5e81d967433809bf14d34e81d

SHA1
e4d9265449950b5c5a665e8163f7dda2badd5c41

SHA256
50e21ce62f8d9bab92f6a7e9b39a86406c32d2df18408bb52ffb3d245c644c7b

SHA512
b50f4334acb54a6fba776fc77ca07de4940810da4378468b3ca6f35d69c45121ff17e1f9c236752686d2e269bd0b7bce31d16506d3896b9328671049857ed979

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\_ctypes.pyd
Filesize
120KB

MD5
496dcf8821ffc12f476878775999a8f3

SHA1
6b89b8fdd7cd610c08e28c3a14b34f751580cffd

SHA256
b59e103f8ec6c1190ded21eef27bea01579220909c3968eeec37d46d2ed39e80

SHA512
07118f44b83d58f333bc4b853e9be66dffb3f7db8e65e0226975297bf5794ebdaa2c7a51ef84971faf4d4233a68a6b5e9ac02e737d16c0ac19a6cf65fad9443f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\_lzma.pyd
Filesize
155KB

MD5
bc07d7ac5fdc92db1e23395fde3420f2

SHA1
e89479381beeba40992d8eb306850977d3b95806

SHA256
ab822f7e846d4388b6f435d788a028942096ba1344297e0b7005c9d50814981b

SHA512
b6105333bb15e65afea3cf976b3c2a8a4c0ebb09ce9a7898a94c41669e666ccfa7dc14106992502abf62f1deb057e926e1fd3368f2a2817bbf6845eada80803d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\_queue.pyd
Filesize
31KB

MD5
e0cc8c12f0b289ea87c436403bc357c1

SHA1
e342a4a600ef9358b3072041e66f66096fae4da4

SHA256
9517689d7d97816dee9e6c01ffd35844a3af6cde3ff98f3a709d52157b1abe03

SHA512
4d93f23db10e8640cd33e860241e7ea6a533daf64c36c4184844e6cca7b9f4bd41db007164a549e30f5aa9f983345318ff02d72815d51271f38c2e8750df4d77

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\_socket.pyd
Filesize
77KB

MD5
290dbf92268aebde8b9507b157bef602

SHA1
bea7221d7abbbc48840b46a19049217b27d3d13a

SHA256
e05c5342d55cb452e88e041061faba492d6dd9268a7f67614a8143540aca2bfe

SHA512
9ae02b75e722a736b2d76cec9c456d20f341327f55245fa6c5f78200be47cc5885cb73dc3e42e302c6f251922ba7b997c6d032b12a4a988f39bc03719f21d1a5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\libffi-8.dll
Filesize
37KB

MD5
d86a9d75380fab7640bb950aeb05e50e

SHA1
1c61aaf9022cd1f09a959f7b2a65fb1372d187d7

SHA256
68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b

SHA512
18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\libpng16-16.dll
Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pyexpat.pyd
Filesize
194KB

MD5
c5c1ca1b3641772e661f85ef0166fd6c

SHA1
759a34eca7efa25321a76788fb7df74cfac9ee59

SHA256
3d81d06311a8a15967533491783ea9c7fc88d594f40eee64076723cebdd58928

SHA512
4f0d2a6f15ebeeb4f9151827bd0c2120f3ca17e07fca4d7661beece70fdcf1a0e4c4ff5300251f2550451f98ea0fdbf45e8903225b7d0cb8da2851cdf62cb8d0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\SDL2.dll
Filesize
2.3MB

MD5
e1245eddc5483db7c08b23dba748d2bd

SHA1
13e74d061b2cd4a4aad84ceef4f9c6163c9f24ad

SHA256
3936d436b711264fe648ef2fefb39a6d308cd1e160732ed4b08a1d755b07dc41

SHA512
2c68493809a7c40e659146415bbdf6cbac87294b2ce679e41e90106667e148f6f05f8f9c97d58045bc954028f2bd83bd1a3a4580db499ef1bbaac5336b29efcd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\base.cp311-win_amd64.pyd
Filesize
30KB

MD5
b8c84b22aef2db6e15655e725224353d

SHA1
49f217ea5ff064744b99d2261e5ba19620e860dd

SHA256
82fc5696c243518d618a2547167114e723b61b2a1167c05734fc6e84c352c8c4

SHA512
9854ff3cdf99f8881a21aed963190ebedae16d13730deba26beda75e28af19815a6c44ca9d97526645c820fa6da27bac7b2bb65ee3169ec55c1bebc43dcc3226

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\bufferproxy.cp311-win_amd64.pyd
Filesize
18KB

MD5
a46562b97a6185ddfd118e86a23f9b1f

SHA1
8fe8b99e25b7e817af25c169becda7c40bdc606c

SHA256
648f904f08c829e341f8a153652868fa4400dea3d4ae7d4cf1a76b53e9842500

SHA512
742d72a1b93cc9674c9558f1911ad25c1acbbb971a8c634d39efbd5cce42968b8d3e90fb07a588704b11e7afac7613fe8f69c4b1c724c70c95818c3e2b8fc574

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\color.cp311-win_amd64.pyd
Filesize
34KB

MD5
07caa0cea90ccff9795e71c45a77c55f

SHA1
1450ed807dfd9eadaf653a5251e2f9f0dc7c5fd0

SHA256
f2e03407f276e64f1ca48f986757bd0364c0a7053364786a3754d49b032d56fb

SHA512
d1e9187b868021da8b953452238ac79acf8c53b921144ec1484ad4f36c868ebda8ba2a43de5060a43958ac98e703c251403ad5706e18044e0f3ae923f2a11314

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\constants.cp311-win_amd64.pyd
Filesize
49KB

MD5
35b95b706bc6baf9159cb9ee574dca44

SHA1
b14fa9099fa66d6e763788db1e4b0d3a83437041

SHA256
f78542639a0cf5b3f70f91cfb71e5c609553c3c38b0f1515a713c7b34caae3d6

SHA512
8e2e400dde88991937bbe6319bf18ca2ca8e826acdb0fc8d0bcaf26b3397351a7fe6a99401e4c4cb36affb1b17270126ed0a40c03ff5bfb3313cbc9c064ac6b8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\display.cp311-win_amd64.pyd
Filesize
43KB

MD5
4d7ca6f92721b45c2bf009ba01239a24

SHA1
8afd2c0e5f4719067a0461529ea6f478eb4e3813

SHA256
674c0d07bfa03fbe30b621887db404cf98ebc51bcfd3159e5fb1cc372adb04c8

SHA512
0c91cac5b41f6c93f132b3d4b4677f96ec70457899d408431c4c240f6d3a39dffdefa0cf8756c3bc4cc11ed05314c3037d594ece855944c1bbc6438801c7e634

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\draw.cp311-win_amd64.pyd
Filesize
48KB

MD5
4dfe3be92308b9be925efe85b7b301fb

SHA1
7849002d02375b656c44154990d4cf2e9e0d22a5

SHA256
2d0f79e9e088dd433c13c6a0b6ba2caf3c0428cf17a699bde15359da11219462

SHA512
5261bbe73db0abaa9571a030af2e532710704c0de4bd8ad5e3ced47b2748194fcb149a79b0e1ab3c3162d127d8e8ff781fa91ebe19fa557d1f1cd7353b44cda0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\event.cp311-win_amd64.pyd
Filesize
42KB

MD5
8cf3b6ee9bf737f9ca5025c97b33d9c8

SHA1
c18214ea5ff46e03058d16b8f7142e66f2b7136c

SHA256
fa88497529e7004eb269634ecedd59947418cfea8f0beafbde43cd4f99255217

SHA512
d761aa6a3d547378dc7c03918d1f1a595d9c901bdc7a6ee0b821ff7b99c1fdbc602e8525b88f06bf8e0999a651104d4d29054ccfdc76f32d271f350189d86b6b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\image.cp311-win_amd64.pyd
Filesize
29KB

MD5
6e9e0809ede45bb922ce999f4f6a577f

SHA1
ec1db28c7a4719462fe4d57e59a9ba92fd7dd813

SHA256
5112dc16ce5e7cd7234bb90d83dcb9c5fcabfd014c227a450f6a5517661c3d48

SHA512
822404c5f4865978f245393c87c35a9bda48f2c7336dde7839616438e976103aa9c400a38304ed22d6af23d89aab6bca110cbb538e1251b6e845bb935819e297

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\imageext.cp311-win_amd64.pyd
Filesize
17KB

MD5
34df782d022bb5ce9ebac4d0906bf573

SHA1
078c6915559439187bb528fbc19c89a0aef6dad9

SHA256
f681e435ecd3b1b53e442c63a82fa23619ca043814b90e2a3723e9f642892308

SHA512
475cbe2585b5ac939e174b353d1d3d8d034875ac04c3d17d6769c462258a51f9e1e608a09014fd1f545c6fb52b8ce1aa1aaaedffa375644659979b1bffab70b1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\joystick.cp311-win_amd64.pyd
Filesize
20KB

MD5
99ba1436515cf90e471ff4de8a837ce6

SHA1
45c5cb362ff259dd86b2e2ee2536ed2392b11f0a

SHA256
421b5da80638812f4faa01e92ae5bd471a06e3193be631d272e59ddcc90ff17d

SHA512
cd6765624d652836568ffa9f90124172f92f49107eacf44c87d61aa766ea45e9d7cf81c4f699985339e1132f95a04e7d2b0990b1e49dbb5699fda2907e56da07

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\key.cp311-win_amd64.pyd
Filesize
20KB

MD5
be88af51a619838c35383a8aa4a41df7

SHA1
8ff922a1f796209294548fa0968325513736b4b5

SHA256
375f1b3e9a4d75c63985145d3b1f79d38503bb66bf12fa11e0df12ccb0f4d502

SHA512
1ce3bdcbc5927f29cd1c50c6b5179793942bf0bb825bf96e9b8faf40277c008ff08acec7aee1f596933a813a367b750da9daa871cf731945f3ed1e363cf7854d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\math.cp311-win_amd64.pyd
Filesize
74KB

MD5
152b9e1c7817705e9154975e945186e9

SHA1
3087cd28674d755209b9d871e34810f9670eb18b

SHA256
1fc24b42772b0065e062513b7e4fd426cb05278de5b2d4f1627c45d253742580

SHA512
f76d16828839c15d7baafaa94c1cef5942898b91acb8406fbdb5cc0a5ec26e3c73bc089dc322aca9db61935f0d81e16c7f7d26d23296f127cfea4084b4fbf8fd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\mouse.cp311-win_amd64.pyd
Filesize
19KB

MD5
729c77f6392667dc47f13c3b610040d2

SHA1
4ff492918ba575f21795c81d859d66cc4dc0183f

SHA256
8cb2579a5f11d187dd08f5eeb0790388fe8d87280ac90e16e2acb77c171b7990

SHA512
1591526aa72c97471f31c4c5dfe08ce272cd1ca80882b0cb3dab71bc9387287e12fd7af88d80df3fba0a02f65e95108cb5695e73ad2a2989a9ba12ebc4030c32

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\rect.cp311-win_amd64.pyd
Filesize
43KB

MD5
03c572132e1007f2d384191be528f407

SHA1
ef4bdd979b4d2c9cac8a3e60aa2197bf30742829

SHA256
378876fa0964428834fff5bb4be5f31811d41eb1cc834968b6c8ad49cb06e07e

SHA512
8dfb8c73e5423703fadbf1e9fae1d6be6ec1b46412001bab928ac4bc6bc7ea07a15a4b4ef311418ba67decefd4ff161a7362a0ae9dad6fd8bd7d4265281ed074

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\rwobject.cp311-win_amd64.pyd
Filesize
19KB

MD5
dad0e0ca5f7e1cc86fe7f64e2829c90a

SHA1
032b0171bb4b4b8436dda7884aacb775de71e70c

SHA256
290f915d449ef54a9cc29d8179fbcce839cadf257c3a1fd9312f615845c085d2

SHA512
078b52e75f2ae126598e122fec465a73dc749c5fc8116bea0320150d9f38dd66bbf23a90060ed285e2a13d95f904c06489abd6e1ffdbca5e9a0191f4b4b0a1d3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\surface.cp311-win_amd64.pyd
Filesize
233KB

MD5
ddef44b1f5412d5cb03a7e756918606a

SHA1
c90073ad7e66d9e8768edea9ae021554138764f2

SHA256
323afe0979baf169726121d312b413210b4c8c4a9ebf598dc82e6d5cf74e53d4

SHA512
1c376853f242f0524f972ecbf16943f667d22393f8c5dfa5fa1b6c4ce98b4e252738965619a44763e710c09a788ddbde7c7940edce04507e0af9041540596142

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\pygame\surflock.cp311-win_amd64.pyd
Filesize
13KB

MD5
738355ae41e50ceab14e21ce573aa755

SHA1
81c160034484acb3d2f6e4f443edd89cf62b5fe2

SHA256
f9391934995794b674e55eacf30cc13dbc66ac274b90192f713913be75693a49

SHA512
a7eb31cd302c8b7d1099a3af2327a84fe9f5bdb433f942aa5fe5d60011ac3c919bb5987c9e4440f8208bf2153ed5b3acad197b6af8d2c1653fa144583c933000

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\python311.dll
Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\select.pyd
Filesize
29KB

MD5
4ac28414a1d101e94198ae0ac3bd1eb8

SHA1
718fbf58ab92a2be2efdb84d26e4d37eb50ef825

SHA256
b5d4d5b6da675376bd3b2824d9cda957b55fe3d8596d5675381922ef0e64a0f5

SHA512
2ac15e6a178c69115065be9d52c60f8ad63c2a8749af0b43634fc56c20220afb9d2e71ebed76305d7b0dcf86895ed5cdfb7d744c3be49122286b63b5ebce20c2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21482\zlib1.dll
Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
memory/2660-274-0x00007FFEB38D0000-0x00007FFEB3B2F000-memory.dmp

Filesize
2.4MB

Download
memory/2660-276-0x0000000068B40000-0x0000000068B7C000-memory.dmp

Filesize
240KB

Download
memory/2660-277-0x0000000062E80000-0x0000000062EA4000-memory.dmp

Filesize
144KB

Download
memory/2660-275-0x000000006A880000-0x000000006A8A7000-memory.dmp

Filesize
156KB

Download
memory/2660-278-0x00007FFEB30A0000-0x00007FFEB3222000-memory.dmp

Filesize
1.5MB

Download
memory/2660-279-0x00007FFEB7380000-0x00007FFEB73D1000-memory.dmp

Filesize
324KB

Download
memory/2660-280-0x000000006ED80000-0x0000000070C08000-memory.dmp

Filesize
30.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads