Overview

overview

7

Static

static

3

main.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1159s
  • max time network
    1883s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2023 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    7.4MB

  • MD5

    d3a177beb6aa9728355b53a0883baa9d

  • SHA1

    770ef1eae11f12a0f9631dca423ee7f5e64e05a8

  • SHA256

    2aabd95f2f4f3ef64dd471ff3d6b5ae12b754cab185bd52475801640faf4ef90

  • SHA512

    b72b47de8b88b8cc5e0b70384ac8c157e703da31b91b84f3804e4d9695b97103ef0b72c2ee6d9aa4633970f1897ebc4d1854e59e490cbbf8029a276506adf4fc

  • SSDEEP

    196608:rGcC24FMIZETKwjPePdrQJnrlQBNOqAYPL:RXQETKwvJnqOqAK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:392
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /7
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1144

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140.dll
    Filesize

    106KB

    MD5

    4585a96cc4eef6aafd5e27ea09147dc6

    SHA1

    489cfff1b19abbec98fda26ac8958005e88dd0cb

    SHA256

    a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

    SHA512

    d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140.dll
    Filesize

    106KB

    MD5

    4585a96cc4eef6aafd5e27ea09147dc6

    SHA1

    489cfff1b19abbec98fda26ac8958005e88dd0cb

    SHA256

    a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

    SHA512

    d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\base_library.zip
    Filesize

    1.8MB

    MD5

    e17ce7183e682de459eec1a5ac9cbbff

    SHA1

    722968ca6eb123730ebc30ff2d498f9a5dad4cc1

    SHA256

    ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d

    SHA512

    fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\python311.dll
    Filesize

    5.5MB

    MD5

    5a5dd7cad8028097842b0afef45bfbcf

    SHA1

    e247a2e460687c607253949c52ae2801ff35dc4a

    SHA256

    a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

    SHA512

    e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\ucrtbase.dll
    Filesize

    994KB

    MD5

    8e7680a8d07c3c4159241d31caaf369c

    SHA1

    62fe2d4ae788ee3d19e041d81696555a6262f575

    SHA256

    36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

    SHA512

    9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\ucrtbase.dll
    Filesize

    994KB

    MD5

    8e7680a8d07c3c4159241d31caaf369c

    SHA1

    62fe2d4ae788ee3d19e041d81696555a6262f575

    SHA256

    36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

    SHA512

    9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

    Download Submit

  • memory/1144-193-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-192-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-194-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-199-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-198-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-200-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-203-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-202-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-201-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-204-0x000001FC23250000-0x000001FC23251000-memory.dmp

    Filesize

    4KB

    Download