Overview

overview

7

Static

static

3

sex.rar

windows7-x64

3

sex.rar

windows10-2004-x64

7

Analysis

  • max time kernel
    299s
  • max time network
    272s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sex.rar

  • Size

    7.4MB

  • MD5

    1fcbff8a4c10c0dc08057bd02da7f4be

  • SHA1

    1f1dba408fd1950263cc1d5c73a9a4309ba733f1

  • SHA256

    cb56ff95575e84814538f65f7afb7e3f3c76569bcf7c3d583ea6700d64c51fa1

  • SHA512

    218c09d0067c027fc6bfccfb1ed66989082c588f1da7c558565e53ff45f0b2d3695a82f4ef17da4f5527e0891d0cab903069c4a1ef8989175724e892d985dacb

  • SSDEEP

    196608:Syg3U3WcCZZYU3Fu7WRGD7aaUUnTzhYDplBJ:QwrU1NRGD0UTzh03n

Score
7/10
pyinstaller

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Detects Pyinstaller 3 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sex.rar
    1⤵
    • Modifies registry class
    PID:3952
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2696
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:872
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap20869:64:7zEvent17698
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1980
    • C:\Users\Admin\Desktop\sex.exe
      "C:\Users\Admin\Desktop\sex.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1460
      • C:\Users\Admin\Desktop\sex.exe
        "C:\Users\Admin\Desktop\sex.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4808
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\VCRUNTIME140.dll
      Filesize

      96KB

      MD5

      f12681a472b9dd04a812e16096514974

      SHA1

      6fd102eb3e0b0e6eef08118d71f28702d1a9067c

      SHA256

      d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

      SHA512

      7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\VCRUNTIME140.dll
      Filesize

      96KB

      MD5

      f12681a472b9dd04a812e16096514974

      SHA1

      6fd102eb3e0b0e6eef08118d71f28702d1a9067c

      SHA256

      d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

      SHA512

      7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_bz2.pyd
      Filesize

      81KB

      MD5

      4101128e19134a4733028cfaafc2f3bb

      SHA1

      66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

      SHA256

      5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

      SHA512

      4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_bz2.pyd
      Filesize

      81KB

      MD5

      4101128e19134a4733028cfaafc2f3bb

      SHA1

      66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

      SHA256

      5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

      SHA512

      4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_ctypes.pyd
      Filesize

      120KB

      MD5

      6a9ca97c039d9bbb7abf40b53c851198

      SHA1

      01bcbd134a76ccd4f3badb5f4056abedcff60734

      SHA256

      e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

      SHA512

      dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_ctypes.pyd
      Filesize

      120KB

      MD5

      6a9ca97c039d9bbb7abf40b53c851198

      SHA1

      01bcbd134a76ccd4f3badb5f4056abedcff60734

      SHA256

      e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

      SHA512

      dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_lzma.pyd
      Filesize

      154KB

      MD5

      337b0e65a856568778e25660f77bc80a

      SHA1

      4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

      SHA256

      613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

      SHA512

      19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_lzma.pyd
      Filesize

      154KB

      MD5

      337b0e65a856568778e25660f77bc80a

      SHA1

      4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

      SHA256

      613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

      SHA512

      19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_queue.pyd
      Filesize

      30KB

      MD5

      ff8300999335c939fcce94f2e7f039c0

      SHA1

      4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

      SHA256

      2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

      SHA512

      f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\_queue.pyd
      Filesize

      30KB

      MD5

      ff8300999335c939fcce94f2e7f039c0

      SHA1

      4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

      SHA256

      2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

      SHA512

      f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\base_library.zip
      Filesize

      1.7MB

      MD5

      334e5d6e591eccd91d2121194db22815

      SHA1

      821d70c44dc7f25a784e9938d74e75a3471e1ad0

      SHA256

      9e830533f6e67b84d9dbc502db38a6f25d3c984f1a6a195a50f838d48d5b3ba5

      SHA512

      bac4a1283745e5eb4db953227bbf00831c8a0c3c831f5889e0d0630841e59c8ad96c3386ce3ad48300f4754fde188212edc79b78c9c98f76bca21987c1c05866

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\libffi-8.dll
      Filesize

      34KB

      MD5

      32d36d2b0719db2b739af803c5e1c2f5

      SHA1

      023c4f1159a2a05420f68daf939b9ac2b04ab082

      SHA256

      128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

      SHA512

      a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\libffi-8.dll
      Filesize

      34KB

      MD5

      32d36d2b0719db2b739af803c5e1c2f5

      SHA1

      023c4f1159a2a05420f68daf939b9ac2b04ab082

      SHA256

      128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

      SHA512

      a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\python311.dll
      Filesize

      5.5MB

      MD5

      9a24c8c35e4ac4b1597124c1dcbebe0f

      SHA1

      f59782a4923a30118b97e01a7f8db69b92d8382a

      SHA256

      a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

      SHA512

      9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\python311.dll
      Filesize

      5.5MB

      MD5

      9a24c8c35e4ac4b1597124c1dcbebe0f

      SHA1

      f59782a4923a30118b97e01a7f8db69b92d8382a

      SHA256

      a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

      SHA512

      9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\ucrtbase.dll
      Filesize

      992KB

      MD5

      0e0bac3d1dcc1833eae4e3e4cf83c4ef

      SHA1

      4189f4459c54e69c6d3155a82524bda7549a75a6

      SHA256

      8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

      SHA512

      a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI14602\ucrtbase.dll
      Filesize

      992KB

      MD5

      0e0bac3d1dcc1833eae4e3e4cf83c4ef

      SHA1

      4189f4459c54e69c6d3155a82524bda7549a75a6

      SHA256

      8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

      SHA512

      a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

      Download Submit

    • C:\Users\Admin\Desktop\sex.exe
      Filesize

      7.6MB

      MD5

      8e6a16feb3b484f5c1bab77f4bec3518

      SHA1

      d1ed6f8b396909bd7c808f91543d5b4527879bb1

      SHA256

      d441f388b4bb6dd51a8b75a8108cdf43081e4a5c10fccf44627de7927d05824e

      SHA512

      41baafc87afe9130ab24602c28e4ca9d7c74f7ff1e24f79ed1e2fe1f2a38a5cb20bbd3e41217f0c561a198290af8c5821813fd504b91bdca20997eb940b7b931

      Download Submit

    • C:\Users\Admin\Desktop\sex.exe
      Filesize

      7.6MB

      MD5

      8e6a16feb3b484f5c1bab77f4bec3518

      SHA1

      d1ed6f8b396909bd7c808f91543d5b4527879bb1

      SHA256

      d441f388b4bb6dd51a8b75a8108cdf43081e4a5c10fccf44627de7927d05824e

      SHA512

      41baafc87afe9130ab24602c28e4ca9d7c74f7ff1e24f79ed1e2fe1f2a38a5cb20bbd3e41217f0c561a198290af8c5821813fd504b91bdca20997eb940b7b931

      Download Submit

    • C:\Users\Admin\Desktop\sex.exe
      Filesize

      7.6MB

      MD5

      8e6a16feb3b484f5c1bab77f4bec3518

      SHA1

      d1ed6f8b396909bd7c808f91543d5b4527879bb1

      SHA256

      d441f388b4bb6dd51a8b75a8108cdf43081e4a5c10fccf44627de7927d05824e

      SHA512

      41baafc87afe9130ab24602c28e4ca9d7c74f7ff1e24f79ed1e2fe1f2a38a5cb20bbd3e41217f0c561a198290af8c5821813fd504b91bdca20997eb940b7b931

      Download Submit

    • C:\Users\Admin\Desktop\sex.rar
      Filesize

      7.4MB

      MD5

      1fcbff8a4c10c0dc08057bd02da7f4be

      SHA1

      1f1dba408fd1950263cc1d5c73a9a4309ba733f1

      SHA256

      cb56ff95575e84814538f65f7afb7e3f3c76569bcf7c3d583ea6700d64c51fa1

      SHA512

      218c09d0067c027fc6bfccfb1ed66989082c588f1da7c558565e53ff45f0b2d3695a82f4ef17da4f5527e0891d0cab903069c4a1ef8989175724e892d985dacb

      Download Submit

    • memory/920-80-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-79-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-78-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-84-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-85-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-86-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-87-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-88-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-89-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/920-90-0x0000027D12A40000-0x0000027D12A41000-memory.dmp

      Filesize

      4KB

      Download