d59c130ae5d55bbb7bba20f4835de1cee53fe7f0e0bc197dfb1180379b5cec88

Analysis

max time kernel
30s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows-v0.0.9-alpha-x86_64.exe
Size

6.9MB
MD5

ebada582d5a0d31b3d494d5690f1e696
SHA1

c313674a9b04b5e365eef6d7511e9c43cc5b66d2
SHA256

d59c130ae5d55bbb7bba20f4835de1cee53fe7f0e0bc197dfb1180379b5cec88
SHA512

1c3878b9d1b4d68cb14d9b6378a16e53d3fd6a04347f8859a855731f7947005418559be2806f89d80855c6cd103d64601a046a1722ab914742fa4e27d5f015b1
SSDEEP

196608:cmvJC6t9onJ5hrZEK3e9tGPqKVSEQTbIh3q0K:fC6t9c5hlEK/PNsn3bZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe
2868	Windows-v0.0.9-alpha-x86_64.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2868	Windows-v0.0.9-alpha-x86_64.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2868	4164	Windows-v0.0.9-alpha-x86_64.exe	87
PID 4164 wrote to memory of 2868	4164	Windows-v0.0.9-alpha-x86_64.exe	87

C:\Users\Admin\AppData\Local\Temp\Windows-v0.0.9-alpha-x86_64.exe
"C:\Users\Admin\AppData\Local\Temp\Windows-v0.0.9-alpha-x86_64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Users\Admin\AppData\Local\Temp\Windows-v0.0.9-alpha-x86_64.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows-v0.0.9-alpha-x86_64.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41642\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_ctypes.pyd

Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_ctypes.pyd

Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_queue.pyd

Filesize
27KB

MD5
c0a70188685e44e73576e3cd63fc1f68

SHA1
36f88ca5c1dda929b932d656368515e851aeb175

SHA256
e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a

SHA512
b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_queue.pyd

Filesize
27KB

MD5
c0a70188685e44e73576e3cd63fc1f68

SHA1
36f88ca5c1dda929b932d656368515e851aeb175

SHA256
e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a

SHA512
b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_ssl.pyd

Filesize
118KB

MD5
5a393bb4f3ae499541356e57a766eb6a

SHA1
908f68f4ea1a754fd31edb662332cf0df238cf9a

SHA256
b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047

SHA512
958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\_ssl.pyd

Filesize
118KB

MD5
5a393bb4f3ae499541356e57a766eb6a

SHA1
908f68f4ea1a754fd31edb662332cf0df238cf9a

SHA256
b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047

SHA512
958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\charset_normalizer\md.cp37-win_amd64.pyd

Filesize
10KB

MD5
042509475fe82802c700dfd2ffd1fbc7

SHA1
bc6f90c0e091f00725a6413163fc0e0f16f001b5

SHA256
fa41b0d6f3214df107c6a16d6ece4a1b18d94433de5c0696edabe5f230c0dd11

SHA512
93fcd7908743c1704ae4db75f7694ba69bd19c1a65c717e1c70b136771d12eb8375120bc4e9b60ddfa3a1dcb33fe2dcfb8aa0675b6761f4e4dbdc5aa353ebbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\charset_normalizer\md.cp37-win_amd64.pyd

Filesize
10KB

MD5
042509475fe82802c700dfd2ffd1fbc7

SHA1
bc6f90c0e091f00725a6413163fc0e0f16f001b5

SHA256
fa41b0d6f3214df107c6a16d6ece4a1b18d94433de5c0696edabe5f230c0dd11

SHA512
93fcd7908743c1704ae4db75f7694ba69bd19c1a65c717e1c70b136771d12eb8375120bc4e9b60ddfa3a1dcb33fe2dcfb8aa0675b6761f4e4dbdc5aa353ebbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\charset_normalizer\md__mypyc.cp37-win_amd64.pyd

Filesize
113KB

MD5
07f998fc69b22aa1cdf90057e7befcd5

SHA1
a3c96008670b783ee7fb72dacdf73a3181f817b5

SHA256
b7dbca6a206842c66241f82dbaf731ea4a5d26393d4cdb95b228fa7d33eee484

SHA512
933a41a2ea7770e1914c6762ac64ea009f03f011e3089bfa8c666e5debbfea1ca9ad107bc3b8ee847cda68d14d2791c4772f5dd31d5481ad4cabd57268f81a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\charset_normalizer\md__mypyc.cp37-win_amd64.pyd

Filesize
113KB

MD5
07f998fc69b22aa1cdf90057e7befcd5

SHA1
a3c96008670b783ee7fb72dacdf73a3181f817b5

SHA256
b7dbca6a206842c66241f82dbaf731ea4a5d26393d4cdb95b228fa7d33eee484

SHA512
933a41a2ea7770e1914c6762ac64ea009f03f011e3089bfa8c666e5debbfea1ca9ad107bc3b8ee847cda68d14d2791c4772f5dd31d5481ad4cabd57268f81a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\libssl-1_1.dll

Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\libssl-1_1.dll

Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\ucrtbase.dll

Filesize
987KB

MD5
3b5b13888061a7379bd10e8ee8f0eaf6

SHA1
5af9568201bb7cc4ca105fde2d742de483417236

SHA256
e2d2a704bc81ccaf331df3ab713cde0faccf3ebcd01ac54a7b375a1c0881e15b

SHA512
1b67f048b91480698918e7cce49e80e759e9404a2aa67b33aff458ab2c35a94a3618d237c05a90915af559ecce7dd449019d9f4947852e51a6374b58911a942e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\ucrtbase.dll

Filesize
987KB

MD5
3b5b13888061a7379bd10e8ee8f0eaf6

SHA1
5af9568201bb7cc4ca105fde2d742de483417236

SHA256
e2d2a704bc81ccaf331df3ab713cde0faccf3ebcd01ac54a7b375a1c0881e15b

SHA512
1b67f048b91480698918e7cce49e80e759e9404a2aa67b33aff458ab2c35a94a3618d237c05a90915af559ecce7dd449019d9f4947852e51a6374b58911a942e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\unicodedata.pyd

Filesize
1.0MB

MD5
4d3d8e16e98558ff9dac8fc7061e2759

SHA1
c918ab67b580f955b6361f9900930da38cec7c91

SHA256
016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095

SHA512
0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41642\unicodedata.pyd

Filesize
1.0MB

MD5
4d3d8e16e98558ff9dac8fc7061e2759

SHA1
c918ab67b580f955b6361f9900930da38cec7c91

SHA256
016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095

SHA512
0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads