66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d

Analysis

max time kernel
127s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
Size

5.2MB
MD5

d72ed5091e361ea92ee2f39cb98ae828
SHA1

3012e791c8d75c4a15991c82731efd4e2356986f
SHA256

66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d
SHA512

99a06a6e174a4ae9a06a9ec653f8478e5a2130ab7a1ef41982cc852fa8eacd4fe7d723998704464913f18bc6b59039c57abc1629fbc57dd4cf0b4624990d9c2b
SSDEEP

98304:wqCWMGzK5OcpiAlqk05Yox/RuSvjJ6QNrJ2ToaqADQZG4PRQxTdTKlnwOg3W52Mj:CU4OOiOg5umFrJso8QXoIp50n

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2440	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2440	748	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe	82
PID 748 wrote to memory of 2440	748	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe	82
PID 748 wrote to memory of 2440	748	66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe	82

C:\Users\Admin\AppData\Local\Temp\66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
"C:\Users\Admin\AppData\Local\Temp\66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Users\Admin\AppData\Local\Temp\66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe
  "C:\Users\Admin\AppData\Local\Temp\66c187c0d97d1036815128b1cbf66d5b1c237a6eb318331515f1b0c0b895092d.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7482\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ctypes.pyd

Filesize
99KB

MD5
09d8aa5fbc3e89cc2cf5af0a80bf8560

SHA1
b7532cb5b895605ea82b8b9ac1083a2029ac78c7

SHA256
336a02ad74b24ff0626d07808ce5b59f77f6af7d91c5d8d78fa436d85df9ece4

SHA512
689f69bd840123922f07d07e7b7302a6289510a191b03c6911c89617fd9764cad43a3728df9a1c5d0e75bb0b96efa0148b118366158340eefd1e06cdc13d01a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_ctypes.pyd

Filesize
99KB

MD5
09d8aa5fbc3e89cc2cf5af0a80bf8560

SHA1
b7532cb5b895605ea82b8b9ac1083a2029ac78c7

SHA256
336a02ad74b24ff0626d07808ce5b59f77f6af7d91c5d8d78fa436d85df9ece4

SHA512
689f69bd840123922f07d07e7b7302a6289510a191b03c6911c89617fd9764cad43a3728df9a1c5d0e75bb0b96efa0148b118366158340eefd1e06cdc13d01a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_socket.pyd

Filesize
60KB

MD5
2de782add9328a32bb5ab1620418a829

SHA1
11af2256b2f109b49b7a32a2d8a8f0ebb2f11e5f

SHA256
60851e107e816198fe9bad353071302762aac1174de508b7e19c677f0e7d5f9e

SHA512
a723d01350de9d9425a7de9152e3f8e292192dc4dac4d207cd49ad6c69d761163599a4b134a9cd9690de4099be023f8a65620869e4f339966369c7cce2e62ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\_socket.pyd

Filesize
60KB

MD5
2de782add9328a32bb5ab1620418a829

SHA1
11af2256b2f109b49b7a32a2d8a8f0ebb2f11e5f

SHA256
60851e107e816198fe9bad353071302762aac1174de508b7e19c677f0e7d5f9e

SHA512
a723d01350de9d9425a7de9152e3f8e292192dc4dac4d207cd49ad6c69d761163599a4b134a9cd9690de4099be023f8a65620869e4f339966369c7cce2e62ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\base_library.zip

Filesize
767KB

MD5
8c14e9ba03e03be60dd790279cc4f747

SHA1
f902b7180162a2718097b3fa6f4eb5713f281927

SHA256
70413c525ec18ae969d0669e0a9c0437874793f14956fc6f56f7813c5b91d3e7

SHA512
138f9994f376ce13169efceee33f7e7482720e3aaabef944f6eacc7822dd237adea87f6e3de929fd6e6397bfa94ebc8ba934da3fd96d1cac739ba1e4138aa201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\python36.dll

Filesize
3.1MB

MD5
e4313b13d3b2a0cebdcc417f5f7b7644

SHA1
8c31a8986bf0c1f5e573109a22056036620c8fdd

SHA256
1005847cbd6771df9dd81e6cd5a40686cd6454bd644fc93347e3e56e668a464b

SHA512
6f123627e4ab2fcf46098794b6254aab10185102b5133576cb3b02cc18161afea8889b6b2fbdb5a9207189d21aa5cde1fe8ee454bff01ea6dabf042943ab4833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\python36.dll

Filesize
3.1MB

MD5
e4313b13d3b2a0cebdcc417f5f7b7644

SHA1
8c31a8986bf0c1f5e573109a22056036620c8fdd

SHA256
1005847cbd6771df9dd81e6cd5a40686cd6454bd644fc93347e3e56e668a464b

SHA512
6f123627e4ab2fcf46098794b6254aab10185102b5133576cb3b02cc18161afea8889b6b2fbdb5a9207189d21aa5cde1fe8ee454bff01ea6dabf042943ab4833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\select.pyd

Filesize
22KB

MD5
51b67fb606b06d8a9168714ce951466f

SHA1
8ba0b7c2d3f33707d09e52644fdc072b95053503

SHA256
d59eb6a329e0574f638f585cc32b6a3678b36ca8a1958e281f115e93113df05a

SHA512
7ffda907f91ed7d5ab070bec28bd95e61136576b0348e1eacd4a9762da1447a9f946f7d6681cdba29aa621fdf4dc91e5d03d584179a4db8a30233dccb7e002ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\select.pyd

Filesize
22KB

MD5
51b67fb606b06d8a9168714ce951466f

SHA1
8ba0b7c2d3f33707d09e52644fdc072b95053503

SHA256
d59eb6a329e0574f638f585cc32b6a3678b36ca8a1958e281f115e93113df05a

SHA512
7ffda907f91ed7d5ab070bec28bd95e61136576b0348e1eacd4a9762da1447a9f946f7d6681cdba29aa621fdf4dc91e5d03d584179a4db8a30233dccb7e002ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\ucrtbase.dll

Filesize
880KB

MD5
5b55e9a1360a6c52cc988da6804d6ca2

SHA1
ab36f680029c672b885d52ae376b80b4752f5f80

SHA256
ab2bbec93fa2af707d9c55b3db442dde6561d1799e53e74c7f6345252989798c

SHA512
b7b3116bad981464155d1c8b0a0db0793661f73ffa20d1e37e52f3a3785635afe1b803e65d657213adfe2d6a972e84da10050f31522e8acce27b65f2a8bc4261

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7482\ucrtbase.dll

Filesize
880KB

MD5
5b55e9a1360a6c52cc988da6804d6ca2

SHA1
ab36f680029c672b885d52ae376b80b4752f5f80

SHA256
ab2bbec93fa2af707d9c55b3db442dde6561d1799e53e74c7f6345252989798c

SHA512
b7b3116bad981464155d1c8b0a0db0793661f73ffa20d1e37e52f3a3785635afe1b803e65d657213adfe2d6a972e84da10050f31522e8acce27b65f2a8bc4261

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads