05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
Size

5.6MB
MD5

8d95f6e8a659090e9798770d3380f6f5
SHA1

91e3f490be594c7162b9551da1477d24ef0ddfee
SHA256

05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4
SHA512

c10686928ef66f3d9576859b13f0a29da0b1a169985d9deb299d423c639a9e477b6e7d402f0ba60012cc97744e1e742dd814431311df9a51643c3eab4c91e966
SSDEEP

98304:kQk+yHQcNibw8SPLeTtSQo5onggYpdBs8R8YT6v/T5V0JyzsNd98dR+s/NGQyZLi:kQ/ywc0MHLKyJgYpx+r4yhjMghbD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2908	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2908	2952	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe	83
PID 2952 wrote to memory of 2908	2952	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe	83
PID 2952 wrote to memory of 2908	2952	05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe	83

C:\Users\Admin\AppData\Local\Temp\05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
"C:\Users\Admin\AppData\Local\Temp\05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe
  "C:\Users\Admin\AppData\Local\Temp\05fc6f1a57299a516777fd347a052451ae987b71d0812538cb5abf1b7eba1ec4.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29522\MSVCR100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\MSVCR100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\Zdcjlhb1.35.exe.manifest

Filesize
703B

MD5
27f2e8995a11add9d2fc422091b09c12

SHA1
9f3973c6a9fe7d29295bce1fbf4015f114fa778f

SHA256
8263f289aae776f59909370412a5c8d9599151cc4b9d659c5c1bae16526a6582

SHA512
ab8d934ce00acb15580e6a35edba210f1b28bc99e46fd8b9cab8e9fb8975f78931ae40064fed9a63955d9e122e11fc46aae182c4dbb3009c4315acd1260690c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_bz2.pyd

Filesize
52KB

MD5
fb47d434edb65e28d9a05381f646dc01

SHA1
d64f38c378625a21917a54c6e5c1d76430ccc679

SHA256
2e0cdab46bf899f8a433d57643d909c3883f95e32ca37817bf4f9e72d84a5a5f

SHA512
448824d83f22c4343353e900666d095d89698ae6f80278a29b6061163313e9e53060568241682fb18df430c5f1214836c4cf0b66c8ab2cd08cbd60f527ff7c66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_bz2.pyd

Filesize
52KB

MD5
fb47d434edb65e28d9a05381f646dc01

SHA1
d64f38c378625a21917a54c6e5c1d76430ccc679

SHA256
2e0cdab46bf899f8a433d57643d909c3883f95e32ca37817bf4f9e72d84a5a5f

SHA512
448824d83f22c4343353e900666d095d89698ae6f80278a29b6061163313e9e53060568241682fb18df430c5f1214836c4cf0b66c8ab2cd08cbd60f527ff7c66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_ctypes.pyd

Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_ctypes.pyd

Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_hashlib.pyd

Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_hashlib.pyd

Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_socket.pyd

Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_socket.pyd

Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_ssl.pyd

Filesize
1.3MB

MD5
12b5156dd0e8de73b6c96dc61729cbbd

SHA1
126903ac9e8447d52745782a14cd95818c048a53

SHA256
7a622e57f85120cefe38f473e57b7363c8afc551a35a6e4a4677b05f5d43881b

SHA512
1c2db35190861237259f1761c4c24becaae1c3a525ebb70dd9e68b1be5b16edeb3d1ebad6e710b0880448cf4f6f4c72a37926d584fc034956a91e1600ef3f335

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\_ssl.pyd

Filesize
1.3MB

MD5
12b5156dd0e8de73b6c96dc61729cbbd

SHA1
126903ac9e8447d52745782a14cd95818c048a53

SHA256
7a622e57f85120cefe38f473e57b7363c8afc551a35a6e4a4677b05f5d43881b

SHA512
1c2db35190861237259f1761c4c24becaae1c3a525ebb70dd9e68b1be5b16edeb3d1ebad6e710b0880448cf4f6f4c72a37926d584fc034956a91e1600ef3f335

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\base_library.zip

Filesize
717KB

MD5
f92ae53b5ddcba2ee0db5b0f1bfe218c

SHA1
cae243425369249c2d1883b7b5fb15f832c34867

SHA256
a43830fb41c4519bbb79d24c1cf908b724ddae675fdd74bc95aab4c9764a994e

SHA512
87eaa4cb2d5e89746e546f6b15bd3a83ad45e8d3227058f08fc6a17090a8d41fabc1a8a3b029be7f8074360402e413128053bef55b977ea74909a8a385905d79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\python34.dll

Filesize
2.6MB

MD5
1c42752374ea75c6a35d17adc6537b2a

SHA1
454aaa6855b4e3efbd82d226c57fbf693784abb5

SHA256
60605200cb112501b776ca566c4b01c1c2c6ebb65efd87b084191945a7d6a406

SHA512
b3b7433584e5c2cf25bdcd0d682e06cd7c00ca01cd7d3aa48373f984b0af4849521f1f3dec513edf8405ba28bd61d19110b77216444ac113a7d61db1eb37606e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\python34.dll

Filesize
2.6MB

MD5
1c42752374ea75c6a35d17adc6537b2a

SHA1
454aaa6855b4e3efbd82d226c57fbf693784abb5

SHA256
60605200cb112501b776ca566c4b01c1c2c6ebb65efd87b084191945a7d6a406

SHA512
b3b7433584e5c2cf25bdcd0d682e06cd7c00ca01cd7d3aa48373f984b0af4849521f1f3dec513edf8405ba28bd61d19110b77216444ac113a7d61db1eb37606e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\select.pyd

Filesize
9KB

MD5
02fe0fa69127b978dd8b59ba23db5206

SHA1
add138744a45e836edf526e74effe6813b40fd7f

SHA256
064f0873914f0cf6d91248b61b64a462f98bd470ba83570b9b82fe39b6f243a4

SHA512
badbadb107270ae2e526fce1b2f56d78a8fb2fd497f03a8485b7be712cf44ac5275b1f4413b02a4e589ea883f0697446e1fc9dc7c3eab320796395645a4452ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\select.pyd

Filesize
9KB

MD5
02fe0fa69127b978dd8b59ba23db5206

SHA1
add138744a45e836edf526e74effe6813b40fd7f

SHA256
064f0873914f0cf6d91248b61b64a462f98bd470ba83570b9b82fe39b6f243a4

SHA512
badbadb107270ae2e526fce1b2f56d78a8fb2fd497f03a8485b7be712cf44ac5275b1f4413b02a4e589ea883f0697446e1fc9dc7c3eab320796395645a4452ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\unicodedata.pyd

Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29522\unicodedata.pyd

Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
memory/2908-40-0x0000000002610000-0x0000000002700000-memory.dmp

Filesize
960KB

Download
memory/2908-39-0x00000000007D0000-0x00000000007DB000-memory.dmp

Filesize
44KB

Download
memory/2908-38-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-41-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-42-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-43-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-68-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-44-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-48-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2908-47-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-37-0x00000000007A0000-0x00000000007B2000-memory.dmp

Filesize
72KB

Download
memory/2908-36-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2908-67-0x00000000006C0000-0x0000000000730000-memory.dmp

Filesize
448KB

Download
memory/2908-35-0x00000000006C0000-0x0000000000730000-memory.dmp

Filesize
448KB

Download
memory/2908-33-0x00000000006C0000-0x0000000000730000-memory.dmp

Filesize
448KB

Download
memory/2952-13-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-7-0x0000000002820000-0x0000000002910000-memory.dmp

Filesize
960KB

Download
memory/2952-15-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/2952-12-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-11-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-10-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-6-0x0000000000810000-0x0000000000880000-memory.dmp

Filesize
448KB

Download
memory/2952-9-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-8-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-14-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-4-0x0000000000D00000-0x0000000000D12000-memory.dmp

Filesize
72KB

Download
memory/2952-5-0x0000000000D20000-0x0000000000D2B000-memory.dmp

Filesize
44KB

Download
memory/2952-3-0x0000000002980000-0x0000000002B23000-memory.dmp

Filesize
1.6MB

Download
memory/2952-2-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2952-1-0x0000000000810000-0x0000000000880000-memory.dmp

Filesize
448KB

Download
memory/2952-34-0x0000000000810000-0x0000000000880000-memory.dmp

Filesize
448KB

Download
memory/2952-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2952-75-0x0000000000810000-0x0000000000880000-memory.dmp

Filesize
448KB

Download
memory/2952-76-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads