Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
19-10-2023 03:09
Behavioral task
behavioral1
Sample
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe
Resource
win10v2004-20230915-en
General
-
Target
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe
-
Size
10.6MB
-
MD5
9ee33e15e5a747754ad277f737b867ef
-
SHA1
352871e3b72980dc93413de0d4ead295ae79947c
-
SHA256
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33
-
SHA512
bef4c633cfc73696787711cd7b3ad85d9845a19d156af053da4fe1ec4999f93e63283947c60fd66aeb4cf7b6d5aed5210d0a59b9dffa037a1960f8c0808c61c0
-
SSDEEP
196608:imY0aVhUJqS7B2DONbU2pHOLfbDfyGw21X5Sp6GemDMPwFUXIZVPWqJYPGkhMb:PY0aVyJz7B2D4RqbDfDTpfaMPgNJXb
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exepid process 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe 2624 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exedescription pid process target process PID 1728 wrote to memory of 2624 1728 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe PID 1728 wrote to memory of 2624 1728 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe PID 1728 wrote to memory of 2624 1728 ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe"C:\Users\Admin\AppData\Local\Temp\ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe"C:\Users\Admin\AppData\Local\Temp\ac46fa072174602ef7f2360dad9f2e870263685dc5353adc5906bcc48d74fa33.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-file-l1-2-0.dllFilesize
18KB
MD59d8413744097196f92327f632a85acee
SHA1dfc07f5e5a0634dd1f15fdc9ff9731748fbff919
SHA2566878d8168d5cc159efe58f14e5ba10310d99b53ab8495521e54c966994dac50b
SHA512a8f6e9ee1c5d65f68b8b20d406d3e666c186e15cb3b92575257b5637fe7dd5ac7d75e9ad51c839ba4490512f68f6b48822fc9edd316dd7625d3627d3b975fb2a
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-file-l2-1-0.dllFilesize
18KB
MD5361c6bcfcea263749419b0fbed7a0ce8
SHA103db13108ce9d5fc01cecf3199619ffbccbd855a
SHA256b74aefd6fa638be3f415165c8109121a2093597421101abc312ee7ffa1130278
SHA512aa8b585000cc65f9841b938e4523d91d8f6db650e0b4bb11efd740c27309bf81cdb77f05d0beda2489bf26f4fbc6d02c93ce3b64946502e2c044eea89696cc76
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-localization-l1-2-0.dllFilesize
21KB
MD5b402ed77d6f31d825bda175dbc0c4f92
SHA11f2a4b8753b3aae225feac5487cc0011b73c0eb7
SHA2566ed17fb3ca5156b39fbc1ef7d1eefa95e739857607de4cd8d41cecfcd1350705
SHA512ec04013139f3fd9dbf22b92121d82b2eb97e136f8619790cde2d0b660280e838962f9006d3e4c3a359627b017f2b6ade7edff3bbc26e559c3de37540585602d9
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-processthreads-l1-1-1.dllFilesize
19KB
MD53d872be898581f00d0310d7ab9abaf2b
SHA1420e0ab98bb748723130de414f0ffed117ef3f7e
SHA2564de821884cbef4182b29d8c33cfe13e43e130ad58ee1281679e8d40a2edcb8ea
SHA51235cfb9888a5f4299403a0d9c57f0ba79e3625431a9acc5e04ae2ae101b3dc521a0dcff5d4a1bf508b25dbf05dd432f6987d860ff494d15538ed95673a8b7376b
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-timezone-l1-1-0.dllFilesize
18KB
MD56c180c8de3ecf27de7a5812ff055737e
SHA13aad20b71bb374bb2c5f7431a1b75b60956a01fd
SHA256630466fd77ac7009c947a8370a0d0c20652169824c54ddcb8c05e8df45e23197
SHA512e4aa79eb2b6b3be9b545e8cb8b43cd6052036dc5cce7077be40441b9942931b30d76c475d550a178d4e94c9c366cabc852f500e482b7fdcd361fc2a08e41c00e
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\python311.dllFilesize
5.5MB
MD5e2bd5ae53427f193b42d64b8e9bf1943
SHA17c317aad8e2b24c08d3b8b3fba16dd537411727f
SHA256c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
SHA512ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
-
C:\Users\Admin\AppData\Local\Temp\_MEI17282\ucrtbase.dllFilesize
1.1MB
MD556c350293b27d61410f9d212f6f4b8f3
SHA14b11908f434e2eb1b253d0023660381b349eb09a
SHA256b30c5de351714e033b9e835158f008c96f17e492a85bfb1bddb3424d286b59fc
SHA5123281e85a741e73f134289b5cae5304b5f236117d605b98987a25251ea4cc1bc37718765485892f0163c4496f5ebd2290e23989573aea84f1537441dd33cb711b
-
\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-file-l1-2-0.dllFilesize
18KB
MD59d8413744097196f92327f632a85acee
SHA1dfc07f5e5a0634dd1f15fdc9ff9731748fbff919
SHA2566878d8168d5cc159efe58f14e5ba10310d99b53ab8495521e54c966994dac50b
SHA512a8f6e9ee1c5d65f68b8b20d406d3e666c186e15cb3b92575257b5637fe7dd5ac7d75e9ad51c839ba4490512f68f6b48822fc9edd316dd7625d3627d3b975fb2a
-
\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-file-l2-1-0.dllFilesize
18KB
MD5361c6bcfcea263749419b0fbed7a0ce8
SHA103db13108ce9d5fc01cecf3199619ffbccbd855a
SHA256b74aefd6fa638be3f415165c8109121a2093597421101abc312ee7ffa1130278
SHA512aa8b585000cc65f9841b938e4523d91d8f6db650e0b4bb11efd740c27309bf81cdb77f05d0beda2489bf26f4fbc6d02c93ce3b64946502e2c044eea89696cc76
-
\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-localization-l1-2-0.dllFilesize
21KB
MD5b402ed77d6f31d825bda175dbc0c4f92
SHA11f2a4b8753b3aae225feac5487cc0011b73c0eb7
SHA2566ed17fb3ca5156b39fbc1ef7d1eefa95e739857607de4cd8d41cecfcd1350705
SHA512ec04013139f3fd9dbf22b92121d82b2eb97e136f8619790cde2d0b660280e838962f9006d3e4c3a359627b017f2b6ade7edff3bbc26e559c3de37540585602d9
-
\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-processthreads-l1-1-1.dllFilesize
19KB
MD53d872be898581f00d0310d7ab9abaf2b
SHA1420e0ab98bb748723130de414f0ffed117ef3f7e
SHA2564de821884cbef4182b29d8c33cfe13e43e130ad58ee1281679e8d40a2edcb8ea
SHA51235cfb9888a5f4299403a0d9c57f0ba79e3625431a9acc5e04ae2ae101b3dc521a0dcff5d4a1bf508b25dbf05dd432f6987d860ff494d15538ed95673a8b7376b
-
\Users\Admin\AppData\Local\Temp\_MEI17282\api-ms-win-core-timezone-l1-1-0.dllFilesize
18KB
MD56c180c8de3ecf27de7a5812ff055737e
SHA13aad20b71bb374bb2c5f7431a1b75b60956a01fd
SHA256630466fd77ac7009c947a8370a0d0c20652169824c54ddcb8c05e8df45e23197
SHA512e4aa79eb2b6b3be9b545e8cb8b43cd6052036dc5cce7077be40441b9942931b30d76c475d550a178d4e94c9c366cabc852f500e482b7fdcd361fc2a08e41c00e
-
\Users\Admin\AppData\Local\Temp\_MEI17282\python311.dllFilesize
5.5MB
MD5e2bd5ae53427f193b42d64b8e9bf1943
SHA17c317aad8e2b24c08d3b8b3fba16dd537411727f
SHA256c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
SHA512ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
-
\Users\Admin\AppData\Local\Temp\_MEI17282\ucrtbase.dllFilesize
1.1MB
MD556c350293b27d61410f9d212f6f4b8f3
SHA14b11908f434e2eb1b253d0023660381b349eb09a
SHA256b30c5de351714e033b9e835158f008c96f17e492a85bfb1bddb3424d286b59fc
SHA5123281e85a741e73f134289b5cae5304b5f236117d605b98987a25251ea4cc1bc37718765485892f0163c4496f5ebd2290e23989573aea84f1537441dd33cb711b