b6f7db9ed0aa616590d64a311fbd952deb48940d183fbb3daa6510143f074be4

Analysis

max time kernel
36s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vmt_to_vmat.exe
Size

22.5MB
MD5

97d9bafe18c0935cd180727aeb4a0d3e
SHA1

540e6ac7b17cc84578787c7179e7c8adec7752a0
SHA256

b6f7db9ed0aa616590d64a311fbd952deb48940d183fbb3daa6510143f074be4
SHA512

786c864721b673e4f1c2d9cd502e6301b885f847e3d522f72d6d2086201f095e9d50625d568a5df193b364b5d93aa7484c1971e78da3b4291289efef1573c38d
SSDEEP

393216:2kZXmqyWJOIJ8lbbkr0FeABIZzq8NMELhYBIaeviP8q8DIEBd71tN3ZWDQetg4TJ:7Zk+OnNbkAFeAiO8NdhYGaoiJZEttN3S

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe
3960	vmt_to_vmat.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 3960	3052	vmt_to_vmat.exe	85
PID 3052 wrote to memory of 3960	3052	vmt_to_vmat.exe	85

C:\Users\Admin\AppData\Local\Temp\vmt_to_vmat.exe
"C:\Users\Admin\AppData\Local\Temp\vmt_to_vmat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\vmt_to_vmat.exe
  "C:\Users\Admin\AppData\Local\Temp\vmt_to_vmat.exe"
  2⤵
  - Loads dropped DLL
  PID:3960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30522\PIL\_imaging.cp38-win_amd64.pyd

Filesize
2.5MB

MD5
41320b223a0167be830642a8ad9a50d5

SHA1
e1df2468895477943a53ede6b9390c03eaab5225

SHA256
f1767f7acc0c00bc94069c8c5a66089f803114c68ddef2418cef321449231596

SHA512
7d5a2fd58effe3110fd8323ba0dea6d45d4ac3e766ffb52f9abe408451dbf7c63d5db0ce6262f2e4e7e125b4583871466bba74a639a35a2bd21b67f9a2181af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\PIL\_imaging.cp38-win_amd64.pyd

Filesize
2.5MB

MD5
41320b223a0167be830642a8ad9a50d5

SHA1
e1df2468895477943a53ede6b9390c03eaab5225

SHA256
f1767f7acc0c00bc94069c8c5a66089f803114c68ddef2418cef321449231596

SHA512
7d5a2fd58effe3110fd8323ba0dea6d45d4ac3e766ffb52f9abe408451dbf7c63d5db0ce6262f2e4e7e125b4583871466bba74a639a35a2bd21b67f9a2181af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_bz2.pyd

Filesize
82KB

MD5
ae8f1119691435dab497acf4f74e48a9

SHA1
3d66b25add927a8aab7acb5f10ce80f29db17428

SHA256
ac01e1aa3248a7e956b0999e62a426396bd703aaaae389166934928552c36ba8

SHA512
ece66874a204c1014b71482f0c34b64094f6a3a4385d9cc0e805d247b29d3d9dfe30f292879705e35a40214c9717b983cc8cb5b1af7d3000325042bb3cf17f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_bz2.pyd

Filesize
82KB

MD5
ae8f1119691435dab497acf4f74e48a9

SHA1
3d66b25add927a8aab7acb5f10ce80f29db17428

SHA256
ac01e1aa3248a7e956b0999e62a426396bd703aaaae389166934928552c36ba8

SHA512
ece66874a204c1014b71482f0c34b64094f6a3a4385d9cc0e805d247b29d3d9dfe30f292879705e35a40214c9717b983cc8cb5b1af7d3000325042bb3cf17f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_ctypes.pyd

Filesize
121KB

MD5
b8a2aa0b18b076f3138d4b6af625b1a8

SHA1
965f046846293af33401c7c0d56dd1423698f08a

SHA256
ddd2e07bd447e46bf8682953e08a52ef3dec2a16b73016a210ac88196964623c

SHA512
0b75f59db170ab74ccb5d82187171000b5a607524449576ecfc8c708e3dfc501ddec5bcb82153f20e928d6c46a7109ebf59fc32d904fe1307a280ce6f1c6bf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_ctypes.pyd

Filesize
121KB

MD5
b8a2aa0b18b076f3138d4b6af625b1a8

SHA1
965f046846293af33401c7c0d56dd1423698f08a

SHA256
ddd2e07bd447e46bf8682953e08a52ef3dec2a16b73016a210ac88196964623c

SHA512
0b75f59db170ab74ccb5d82187171000b5a607524449576ecfc8c708e3dfc501ddec5bcb82153f20e928d6c46a7109ebf59fc32d904fe1307a280ce6f1c6bf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_lzma.pyd

Filesize
246KB

MD5
496778a3b05ad610daad34b752a5fcdf

SHA1
21ad508f2faab85f2304a8e0fdb687611459c653

SHA256
be5a20ea62c97abeaf1cb0c2522f4737d71701f7e1220d92470c0eeb8a99d427

SHA512
3bb10d09a61e84b4b2d19644899021cb8e91418693a11cdc0ca0aa1b861631e11101e9a9feb4ff6883f223294296f6c3634b12206b3ee6a37b37cb761078d122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_lzma.pyd

Filesize
246KB

MD5
496778a3b05ad610daad34b752a5fcdf

SHA1
21ad508f2faab85f2304a8e0fdb687611459c653

SHA256
be5a20ea62c97abeaf1cb0c2522f4737d71701f7e1220d92470c0eeb8a99d427

SHA512
3bb10d09a61e84b4b2d19644899021cb8e91418693a11cdc0ca0aa1b861631e11101e9a9feb4ff6883f223294296f6c3634b12206b3ee6a37b37cb761078d122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_socket.pyd

Filesize
77KB

MD5
fca96fe528ff7c8a688da45a1667576f

SHA1
3346925f3c5ec51ef9ffbc57b9630663942bdbc4

SHA256
6fb731502320840ea36d2c8194c8de2371d275eb2c2fdffa1a5e62f5bcfc84ea

SHA512
cd3e1ea2590052bd8b0db8f230cddbcf248886acd18f17508fadd64701633646967395aa22c5891ace08b5149ac6dd0543f042ece3a5a6bb2315c4bcaca4d423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\_socket.pyd

Filesize
77KB

MD5
fca96fe528ff7c8a688da45a1667576f

SHA1
3346925f3c5ec51ef9ffbc57b9630663942bdbc4

SHA256
6fb731502320840ea36d2c8194c8de2371d275eb2c2fdffa1a5e62f5bcfc84ea

SHA512
cd3e1ea2590052bd8b0db8f230cddbcf248886acd18f17508fadd64701633646967395aa22c5891ace08b5149ac6dd0543f042ece3a5a6bb2315c4bcaca4d423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\base_library.zip

Filesize
763KB

MD5
b3a63dd1bff5b4b6ad8c9922ae4cd36d

SHA1
0d560a50a9415867160194379cbc4bc2f8d323b7

SHA256
d7bbf462f17c7ff52c2206493d403f8c7d87baaaa8339dd75afa619f34091d5e

SHA512
e2fee565dc1bd1e161a3a5c06f1ffccaa8d219f237ee886f1680b4e6e472cae714c5870912509947586352317317af75ae4c2f06e120dbdea1dba2d816314ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\pyexpat.pyd

Filesize
185KB

MD5
dab91e7a53db63c3547be59aac9a7235

SHA1
a394e8853408c1e08fe469094f7b7f36219eaa30

SHA256
98a911d413f591dfab048c882019be56e7f7f5ada34e7c5e61300ed70c81bf3a

SHA512
e26470c365af757c29e03571575566c7820f7b1cc21bccece9b55901dd949c82b4cf190bf61c3df7d9e5b9be203c5ebef7480c9bfcf18238b5f8451762c621f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\pyexpat.pyd

Filesize
185KB

MD5
dab91e7a53db63c3547be59aac9a7235

SHA1
a394e8853408c1e08fe469094f7b7f36219eaa30

SHA256
98a911d413f591dfab048c882019be56e7f7f5ada34e7c5e61300ed70c81bf3a

SHA512
e26470c365af757c29e03571575566c7820f7b1cc21bccece9b55901dd949c82b4cf190bf61c3df7d9e5b9be203c5ebef7480c9bfcf18238b5f8451762c621f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\python38.dll

Filesize
4.0MB

MD5
147281c6864c61225284fc29dd189f37

SHA1
f9affa883855c85f339ac697e4f2942dd06a3a2e

SHA256
c5d4495bb879cc52a5076e1f366f330aa006d1e7e34c6b640a98378746244099

SHA512
ec5d36cda7689f6f9889ff0fdf2d946704c930a030d7254b901db78c4591a3f4fde0fe75a841ae91c2f0881edaf75b36d04e81e3d8605b81df4bc9195a09d056

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\python38.dll

Filesize
4.0MB

MD5
147281c6864c61225284fc29dd189f37

SHA1
f9affa883855c85f339ac697e4f2942dd06a3a2e

SHA256
c5d4495bb879cc52a5076e1f366f330aa006d1e7e34c6b640a98378746244099

SHA512
ec5d36cda7689f6f9889ff0fdf2d946704c930a030d7254b901db78c4591a3f4fde0fe75a841ae91c2f0881edaf75b36d04e81e3d8605b81df4bc9195a09d056

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\select.pyd

Filesize
26KB

MD5
3bff7c4ca394c523c25de029461ce32a

SHA1
15e2e1bff65fdf400ef54358079bb25a29faedaa

SHA256
306b8d12b77a8d6b6d06c6120331584af14f8deb97d5aed799a4779413052bc1

SHA512
2ce6d85dd23882b8a0ed00e0d2f4cc70f1c2871172e5f4e39d3bcf68ad0f69a528b227f14e02fc28467bc232619cbbf4feead778818a926716604e86285e69a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\select.pyd

Filesize
26KB

MD5
3bff7c4ca394c523c25de029461ce32a

SHA1
15e2e1bff65fdf400ef54358079bb25a29faedaa

SHA256
306b8d12b77a8d6b6d06c6120331584af14f8deb97d5aed799a4779413052bc1

SHA512
2ce6d85dd23882b8a0ed00e0d2f4cc70f1c2871172e5f4e39d3bcf68ad0f69a528b227f14e02fc28467bc232619cbbf4feead778818a926716604e86285e69a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30522\vmt_to_vmat.exe.manifest

Filesize
1KB

MD5
98139070303c32c0bd3ba4afee07d9f3

SHA1
c16c443eae9aa71881f967fc4cf8b34b5dcd257d

SHA256
334d2f9626630de8ba841c84b6e31784810bdf9fdcbbe8d7f9b6b0bac4d2076b

SHA512
a626ab74eab65dc7abe5987b626ea6f376fc530838e86e4f698f99445098f1bdda128619edefd1032a93ab7bb264704adb9b191af706aa7c00ce64d796e53ffc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads