d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
21-09-2023 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
Size

6.5MB
MD5

db411e5e0890c365dc9454995134c668
SHA1

ff5e555d3a64ae7b022ecbfe02f91683688d1bc0
SHA256

d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421
SHA512

e6cee0139ba4dd93d421670a83d34efa138c9a00fd6475b255fe81de23da9c897b52021b3ad36e196b285a92ed72fcaef1d6f3f3d8accbdb13bf08a3c852b6ec
SSDEEP

196608:CYaOjdQmRJ8dA6l7aycBIGpEyUXIZVcsxL:DdQusl29bcs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe

pid	process
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
2800	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe

description	pid	process	target process
PID 1612 wrote to memory of 2800	1612	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
PID 1612 wrote to memory of 2800	1612	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
PID 1612 wrote to memory of 2800	1612	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe	d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe

C:\Users\Admin\AppData\Local\Temp\d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
"C:\Users\Admin\AppData\Local\Temp\d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612

C:\Users\Admin\AppData\Local\Temp\d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe
"C:\Users\Admin\AppData\Local\Temp\d6bfcbbc6323c19d77f1c929b2cbc3720392b11f7bf88b81759bdf0b54fe2421.exe"
2⤵
- Loads dropped DLL
PID:2800

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-file-l1-2-0.dll
Filesize
20KB

MD5
95fc810f959d96c61f6f9253127bff71

SHA1
8fc9c9734c403b0b84bc179959981aa091c17099

SHA256
5fb473086e44333037e8d1caf6b8d28de65456dd857ae5b8b4e19c8ade503805

SHA512
349cf1abe86cf719e3133dfeaac49653178c06749745263bb166ee05b3d68011d673027976869a5d6b2982f789e826867dd5436965a95d0a5165bea151db28a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
03a206acd8506a98e0739ce47e01b953

SHA1
e31aadf5311edb2ec94a1ed6626530e113dfae4f

SHA256
17c5b3baa666e84ee40672322bd7d7e358d245e1654bd002c4a3e69b6506d9f6

SHA512
affffe086058ffea5bfe7b4cf6aca351ec85e314b3e8be5d47e3b9ca59c3460561a0c9ccba0f1464dc4586d6c9eb6595fb7515ca7b3347283162d9e8206688df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
20KB

MD5
b27eeb752278d9b29bcb85b9e21dffce

SHA1
cd4e423db7965af1977ccd9af15c6c57875fab7c

SHA256
1a9353d63287fccea1c4c25477e53b0e7ab3486a041126889394095e72de2cfc

SHA512
91c0edf007f28a62c291174bf8c8d16db8f9e250976994ca608186aec668d4febe9dccb5fd8cfecdaf6323eebb20652696223ab6e458938a9a26533585a3e4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-timezone-l1-1-0.dll
Filesize
20KB

MD5
f1c33921470337eda023dee2bba77806

SHA1
f5141609be944e521631cb9c8c81f809e6f0942a

SHA256
7821beadeab01bb8ab3712b896b092786d85e7a220ef35149092db431895871b

SHA512
d3131b9a011083b469ce05a3b4241e7b366ced42240ea429fbbe3770ee9073c532aee2fa8c206e6b579d26dbb838efd5ab84d4dfa8b4ed106bc9b42dc05c35e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\python310.dll
Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16122\ucrtbase.dll
Filesize
1.1MB

MD5
56c350293b27d61410f9d212f6f4b8f3

SHA1
4b11908f434e2eb1b253d0023660381b349eb09a

SHA256
b30c5de351714e033b9e835158f008c96f17e492a85bfb1bddb3424d286b59fc

SHA512
3281e85a741e73f134289b5cae5304b5f236117d605b98987a25251ea4cc1bc37718765485892f0163c4496f5ebd2290e23989573aea84f1537441dd33cb711b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-file-l1-2-0.dll
Filesize
20KB

MD5
95fc810f959d96c61f6f9253127bff71

SHA1
8fc9c9734c403b0b84bc179959981aa091c17099

SHA256
5fb473086e44333037e8d1caf6b8d28de65456dd857ae5b8b4e19c8ade503805

SHA512
349cf1abe86cf719e3133dfeaac49653178c06749745263bb166ee05b3d68011d673027976869a5d6b2982f789e826867dd5436965a95d0a5165bea151db28a6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
03a206acd8506a98e0739ce47e01b953

SHA1
e31aadf5311edb2ec94a1ed6626530e113dfae4f

SHA256
17c5b3baa666e84ee40672322bd7d7e358d245e1654bd002c4a3e69b6506d9f6

SHA512
affffe086058ffea5bfe7b4cf6aca351ec85e314b3e8be5d47e3b9ca59c3460561a0c9ccba0f1464dc4586d6c9eb6595fb7515ca7b3347283162d9e8206688df

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
20KB

MD5
b27eeb752278d9b29bcb85b9e21dffce

SHA1
cd4e423db7965af1977ccd9af15c6c57875fab7c

SHA256
1a9353d63287fccea1c4c25477e53b0e7ab3486a041126889394095e72de2cfc

SHA512
91c0edf007f28a62c291174bf8c8d16db8f9e250976994ca608186aec668d4febe9dccb5fd8cfecdaf6323eebb20652696223ab6e458938a9a26533585a3e4a8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\api-ms-win-core-timezone-l1-1-0.dll
Filesize
20KB

MD5
f1c33921470337eda023dee2bba77806

SHA1
f5141609be944e521631cb9c8c81f809e6f0942a

SHA256
7821beadeab01bb8ab3712b896b092786d85e7a220ef35149092db431895871b

SHA512
d3131b9a011083b469ce05a3b4241e7b366ced42240ea429fbbe3770ee9073c532aee2fa8c206e6b579d26dbb838efd5ab84d4dfa8b4ed106bc9b42dc05c35e3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\python310.dll
Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16122\ucrtbase.dll
Filesize
1.1MB

MD5
56c350293b27d61410f9d212f6f4b8f3

SHA1
4b11908f434e2eb1b253d0023660381b349eb09a

SHA256
b30c5de351714e033b9e835158f008c96f17e492a85bfb1bddb3424d286b59fc

SHA512
3281e85a741e73f134289b5cae5304b5f236117d605b98987a25251ea4cc1bc37718765485892f0163c4496f5ebd2290e23989573aea84f1537441dd33cb711b

Download Submit