f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe
Size

14.3MB
MD5

f4d93e26dace2ea7bcfb45d66c2a6937
SHA1

089fc70d8cc963dcd79dc624ffbdaa4f4c6caa26
SHA256

f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a
SHA512

882895434ba6eb134b6e0dd414806344b021b7c51e7d473ee5f993abfb8ed6edb377c8598bfbb6232f8149f88a66891801c5b8ec92dcbb6a01b45cc35de1edb9
SSDEEP

393216:WygO0ij4xKBDxfMC5kGG/pq0n+ktzk8sAeRq9l8/TyuHZTVT0LRbo8+KOeyZ+wkt:1/4+e6qn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4788	mac_addr_checker.exe

Loads dropped DLL 9 IoCs

pid	Process
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe
4788	mac_addr_checker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	4788	mac_addr_checker.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 4788	868	f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe	81
PID 868 wrote to memory of 4788	868	f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe	81
PID 868 wrote to memory of 4788	868	f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe	81

C:\Users\Admin\AppData\Local\Temp\f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe
"C:\Users\Admin\AppData\Local\Temp\f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\mac_addr_checker.exe
  "C:\Users\Admin\AppData\Local\Temp\f4c435d0925a69a3216c4994253aa4c798cd5db303417798fa264ff88fe4dc5a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_decimal.pyd

Filesize
213KB

MD5
fce502598ad33496fa820d33cbee825c

SHA1
832e37ffc16c5ce574b610079f241db86ef3d941

SHA256
36530d8dff39fe28339561d2013381d09e279b52ab0e81563814aee8538c9adc

SHA512
384be94538bca84899ca8e54e6f41ed8162ec739da2636b7f6f6199f1cb8eb3d8fc8314eec4ce8a323ad285e8c1b66e13f88354e6414457de9743e96869c5305

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_elementtree.pyd

Filesize
168KB

MD5
852c502bbe6dce2e1152c2f226e2f6d6

SHA1
dbbe05c009ee38d00d9fe586595f7072bcd4fac5

SHA256
4ff8e50e6f17e54b8c957d7b71d1daef7a7b3708d9a2608a3cb9ef99309169a9

SHA512
6040a91ce6650538c93eab3fe54a37f03828204cc24e115c3b82cb8b239bf442bf2585736b7a1d5ba6fe881a0da33a5944342671291f30538d24b446e5f7d372

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_hashlib.pyd

Filesize
23KB

MD5
80944095f0b5bace4363e98a106d3b5a

SHA1
692d040720f330280107df60635f7fad6e1f0109

SHA256
74a06afe0d81d6be4ddc01f2dae988ccf6437f4a838904621939f633ff417149

SHA512
b5a8292a4132926ee57494b96ccf52d1a397c1f26d42dde84eeb041b1f3cf790c314dec6cece5b40dcc004f21dc7f24e96cea6f69b08a7b36b81ba2e7d85b939

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\main.pyd

Filesize
228KB

MD5
9e12ab55b43e3c70132ea80b92b8f9da

SHA1
fea03da82b2036e3a73aa5f878b26bde911fe7e2

SHA256
e4a44b64906d6da20038e4c947008528c7cb4025ba74d2e776197d73f9656769

SHA512
79a7ea0e1fe662d8ce3bdb26d330b8c2f4bf3689dc8909af6d590d3074b4dee500c7b659c4779f369e24c5c44624d20b5badb7edcb1f22b9e93271d08648290d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pyexpat.pyd

Filesize
165KB

MD5
5fc616125358e0c1985193dd3447c9fe

SHA1
3a566db721f23f4b3ba379206968a8c4ab2d4c3f

SHA256
c4491db84d9a761c9c5e71d6ace171c852c85fa3af76103ae2bdb4e3f0ca63d6

SHA512
f96e0e625b9726e7b32de6427ddfd8280f6b83507eef94df90fecfeed908d9e2aa2cf424fa9cedf802ebd90912289bccb345c7389ea89661ce914a9f4be3cf36

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\VCRUNTIME140.dll

Filesize
74KB

MD5
2305c1e67383717da41c5bbc9c037da7

SHA1
156c29f712355e390d363e7df06211b5604a1d47

SHA256
833c31c5310de499d791e94d686d101eac8cc04240071de2b9d0ca37892c3f72

SHA512
5acde9b47bc8e5f854efef4bcfa48acab993291f4359afa3e37e5e755d51e39a69c2aa133a19259c59b65ae33f614bbf00d93c36e6943cb68fa3c364cae62335

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\_decimal.pyd

Filesize
213KB

MD5
fce502598ad33496fa820d33cbee825c

SHA1
832e37ffc16c5ce574b610079f241db86ef3d941

SHA256
36530d8dff39fe28339561d2013381d09e279b52ab0e81563814aee8538c9adc

SHA512
384be94538bca84899ca8e54e6f41ed8162ec739da2636b7f6f6199f1cb8eb3d8fc8314eec4ce8a323ad285e8c1b66e13f88354e6414457de9743e96869c5305

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\_elementtree.pyd

Filesize
168KB

MD5
852c502bbe6dce2e1152c2f226e2f6d6

SHA1
dbbe05c009ee38d00d9fe586595f7072bcd4fac5

SHA256
4ff8e50e6f17e54b8c957d7b71d1daef7a7b3708d9a2608a3cb9ef99309169a9

SHA512
6040a91ce6650538c93eab3fe54a37f03828204cc24e115c3b82cb8b239bf442bf2585736b7a1d5ba6fe881a0da33a5944342671291f30538d24b446e5f7d372

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\_hashlib.pyd

Filesize
23KB

MD5
80944095f0b5bace4363e98a106d3b5a

SHA1
692d040720f330280107df60635f7fad6e1f0109

SHA256
74a06afe0d81d6be4ddc01f2dae988ccf6437f4a838904621939f633ff417149

SHA512
b5a8292a4132926ee57494b96ccf52d1a397c1f26d42dde84eeb041b1f3cf790c314dec6cece5b40dcc004f21dc7f24e96cea6f69b08a7b36b81ba2e7d85b939

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\_hashlib.pyd

Filesize
23KB

MD5
80944095f0b5bace4363e98a106d3b5a

SHA1
692d040720f330280107df60635f7fad6e1f0109

SHA256
74a06afe0d81d6be4ddc01f2dae988ccf6437f4a838904621939f633ff417149

SHA512
b5a8292a4132926ee57494b96ccf52d1a397c1f26d42dde84eeb041b1f3cf790c314dec6cece5b40dcc004f21dc7f24e96cea6f69b08a7b36b81ba2e7d85b939

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\_hashlib.pyd

Filesize
23KB

MD5
80944095f0b5bace4363e98a106d3b5a

SHA1
692d040720f330280107df60635f7fad6e1f0109

SHA256
74a06afe0d81d6be4ddc01f2dae988ccf6437f4a838904621939f633ff417149

SHA512
b5a8292a4132926ee57494b96ccf52d1a397c1f26d42dde84eeb041b1f3cf790c314dec6cece5b40dcc004f21dc7f24e96cea6f69b08a7b36b81ba2e7d85b939

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\mac_addr_checker.exe

Filesize
8.9MB

MD5
a77e7f40b7a834225cc81cf230c84d57

SHA1
69ed940eda6749889bd21280b5cfa052ac1c6f69

SHA256
eadf470edb135560a42cd15fc79c1e0ffa464fd648ea93f342dca02b26c57abf

SHA512
051a131bfc8242b710fadf0c596c360495bbb2289136831fa3540546f2cd8351b7f367357185e8a6edf02fe553c258a4bdd5c2c839c4f22a1a3206e5285192f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\mac_addr_checker.exe

Filesize
8.9MB

MD5
a77e7f40b7a834225cc81cf230c84d57

SHA1
69ed940eda6749889bd21280b5cfa052ac1c6f69

SHA256
eadf470edb135560a42cd15fc79c1e0ffa464fd648ea93f342dca02b26c57abf

SHA512
051a131bfc8242b710fadf0c596c360495bbb2289136831fa3540546f2cd8351b7f367357185e8a6edf02fe553c258a4bdd5c2c839c4f22a1a3206e5285192f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\main.pyd

Filesize
228KB

MD5
9e12ab55b43e3c70132ea80b92b8f9da

SHA1
fea03da82b2036e3a73aa5f878b26bde911fe7e2

SHA256
e4a44b64906d6da20038e4c947008528c7cb4025ba74d2e776197d73f9656769

SHA512
79a7ea0e1fe662d8ce3bdb26d330b8c2f4bf3689dc8909af6d590d3074b4dee500c7b659c4779f369e24c5c44624d20b5badb7edcb1f22b9e93271d08648290d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\pyexpat.pyd

Filesize
165KB

MD5
5fc616125358e0c1985193dd3447c9fe

SHA1
3a566db721f23f4b3ba379206968a8c4ab2d4c3f

SHA256
c4491db84d9a761c9c5e71d6ace171c852c85fa3af76103ae2bdb4e3f0ca63d6

SHA512
f96e0e625b9726e7b32de6427ddfd8280f6b83507eef94df90fecfeed908d9e2aa2cf424fa9cedf802ebd90912289bccb345c7389ea89661ce914a9f4be3cf36

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\python37.dll

Filesize
3.4MB

MD5
9b74db83b719823d7a971b0de948d5c8

SHA1
8a1e50562fa680317af391a4f8225422d99871e9

SHA256
6375eafdeb4900125d67503751bb07022ccc2310a5da026dc051ea76661f1c68

SHA512
12e89b5050bf5d93e4f2b7bc8bff9cd312ee10ec8cb601de52af72c0bdc040abec47a7e99b6a07887922ea7c53e820b0cb5c984e0c4a9169ac43556968fb67b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\python37.dll

Filesize
3.4MB

MD5
9b74db83b719823d7a971b0de948d5c8

SHA1
8a1e50562fa680317af391a4f8225422d99871e9

SHA256
6375eafdeb4900125d67503751bb07022ccc2310a5da026dc051ea76661f1c68

SHA512
12e89b5050bf5d93e4f2b7bc8bff9cd312ee10ec8cb601de52af72c0bdc040abec47a7e99b6a07887922ea7c53e820b0cb5c984e0c4a9169ac43556968fb67b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_868_133371724655537752\vcruntime140.dll

Filesize
74KB

MD5
2305c1e67383717da41c5bbc9c037da7

SHA1
156c29f712355e390d363e7df06211b5604a1d47

SHA256
833c31c5310de499d791e94d686d101eac8cc04240071de2b9d0ca37892c3f72

SHA512
5acde9b47bc8e5f854efef4bcfa48acab993291f4359afa3e37e5e755d51e39a69c2aa133a19259c59b65ae33f614bbf00d93c36e6943cb68fa3c364cae62335

Download Submit