c4d2c9d1c36f9018c72d3703c2d1c775df4700d9a2d8b49130a278a5629dd104

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uninstall_office.exe
Size

10.4MB
MD5

79f8a67b461bf58b19dc15e558debf83
SHA1

8b7065b9282a6c2e6ed25d9bbfc17e2cc33c188d
SHA256

c4d2c9d1c36f9018c72d3703c2d1c775df4700d9a2d8b49130a278a5629dd104
SHA512

fc186e9683043ff0ab1635cf05c4082747e577cf39e4d9c1bfe1d4859d371b31b7b394f4309f26ae3b5725188d7d8e0d0e5ef219389c0fc2266ab5344c049343
SSDEEP

196608:CAXv8SUdQmRrdA6ly8Qnf2ODjMnGydSdmyFEoFhnfQQJYSkrwOBWZA:NlUdQOl6F3MnG3dmUEwBfQQe1rwCs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2824	uninstall_office.exe
2824	uninstall_office.exe
2824	uninstall_office.exe
2824	uninstall_office.exe
2824	uninstall_office.exe
2824	uninstall_office.exe
2824	uninstall_office.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2824	2144	uninstall_office.exe	29
PID 2144 wrote to memory of 2824	2144	uninstall_office.exe	29
PID 2144 wrote to memory of 2824	2144	uninstall_office.exe	29

C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe
"C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe
  "C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe"
  2⤵
  - Loads dropped DLL
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll

Filesize
8KB

MD5
ab9489a3ed8d1378dac3baed43b38e02

SHA1
1b07993e530b77771cdf47047b98799481fb4e89

SHA256
c63923e2de5058f09d7cbbcf017669b1f8d092d0f1d6480e3e8c8dfb6b98d2a3

SHA512
2e14443bec6b9248680c8deff01f4c234273a2d5ab3f80219994041b149bedbebb9948dc8245e52b31c70e4ae9ece8135ddf9e008321cafa15e48d741271f0a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll

Filesize
8KB

MD5
8dde6f70cb9fbecac1133021f5c83043

SHA1
44fe0ae6d28ec94dca87f64ca36901ebc4512194

SHA256
2f1e75ea5a9fbae866e6c845e40d9f4cb0c1a72b847f3475478896cdb6fb3fb7

SHA512
43f607c0421077dbade38eb09a6d6ebfba686caf61b9922b3996524a9139dee6e434b3f75886581da6f3d9e1e5d4369078281ec891496f802e5e7fa04637001d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll

Filesize
11KB

MD5
2f30bfa1d9c8b7b54ffd066e9c673492

SHA1
affd011054b9f13bd9ffe1c31ef13caf782fae48

SHA256
70a70e2044581f416e1ef0713aa1c7ecaddc7027b68a7e53092f6489a5c1d8c9

SHA512
b4566712dc4e27182ed25705f1b93b6c7036fcaf42f0c3745038e99b4706e5800191ef98b166b1dd2d792f7257302c943313f8f2b14afda9fed225f43d9a8773

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
9KB

MD5
2fa11a8d349abc3789cde0cc4bae8d29

SHA1
9852d8d8c850dc1ad43741738371e624aaee7f72

SHA256
3c55e28bad11d8ebca5c4f27f758955357dfc505e0611e1f50166561cdee18cb

SHA512
87cac9929c705a5b2960083f5cce6edf833bb127406e348183a414d5b4ba2dc086f857e57d2a172c936f267dd56bfb781ec96e8aad199c7a5417e9263c12f02d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
9KB

MD5
186490538ab77ab3d26672a3c9fbb35e

SHA1
6f835a7c01e8117c9869c8125b1d798edbe167ad

SHA256
e6ec92481166d58802562c0125d6f3e0a5f0d97f6f011f23839960bde8dac5d5

SHA512
1820f25f597229525658ec2ba60f4e7d7fd8a015e0597c033335bbe62427e0a2d2ed59d0b244823b3ed31d2ee0dc04307c0708200ad62f9d212aafd2ed255812

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21442\ucrtbase.dll

Filesize
983KB

MD5
bfc39414668264275f77188d54a36a48

SHA1
de45fdf2d9543a3d6eda428e1aca07f406ad2649

SHA256
a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

SHA512
657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll

Filesize
8KB

MD5
ab9489a3ed8d1378dac3baed43b38e02

SHA1
1b07993e530b77771cdf47047b98799481fb4e89

SHA256
c63923e2de5058f09d7cbbcf017669b1f8d092d0f1d6480e3e8c8dfb6b98d2a3

SHA512
2e14443bec6b9248680c8deff01f4c234273a2d5ab3f80219994041b149bedbebb9948dc8245e52b31c70e4ae9ece8135ddf9e008321cafa15e48d741271f0a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll

Filesize
8KB

MD5
8dde6f70cb9fbecac1133021f5c83043

SHA1
44fe0ae6d28ec94dca87f64ca36901ebc4512194

SHA256
2f1e75ea5a9fbae866e6c845e40d9f4cb0c1a72b847f3475478896cdb6fb3fb7

SHA512
43f607c0421077dbade38eb09a6d6ebfba686caf61b9922b3996524a9139dee6e434b3f75886581da6f3d9e1e5d4369078281ec891496f802e5e7fa04637001d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll

Filesize
11KB

MD5
2f30bfa1d9c8b7b54ffd066e9c673492

SHA1
affd011054b9f13bd9ffe1c31ef13caf782fae48

SHA256
70a70e2044581f416e1ef0713aa1c7ecaddc7027b68a7e53092f6489a5c1d8c9

SHA512
b4566712dc4e27182ed25705f1b93b6c7036fcaf42f0c3745038e99b4706e5800191ef98b166b1dd2d792f7257302c943313f8f2b14afda9fed225f43d9a8773

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
9KB

MD5
2fa11a8d349abc3789cde0cc4bae8d29

SHA1
9852d8d8c850dc1ad43741738371e624aaee7f72

SHA256
3c55e28bad11d8ebca5c4f27f758955357dfc505e0611e1f50166561cdee18cb

SHA512
87cac9929c705a5b2960083f5cce6edf833bb127406e348183a414d5b4ba2dc086f857e57d2a172c936f267dd56bfb781ec96e8aad199c7a5417e9263c12f02d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll

Filesize
9KB

MD5
186490538ab77ab3d26672a3c9fbb35e

SHA1
6f835a7c01e8117c9869c8125b1d798edbe167ad

SHA256
e6ec92481166d58802562c0125d6f3e0a5f0d97f6f011f23839960bde8dac5d5

SHA512
1820f25f597229525658ec2ba60f4e7d7fd8a015e0597c033335bbe62427e0a2d2ed59d0b244823b3ed31d2ee0dc04307c0708200ad62f9d212aafd2ed255812

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21442\ucrtbase.dll

Filesize
983KB

MD5
bfc39414668264275f77188d54a36a48

SHA1
de45fdf2d9543a3d6eda428e1aca07f406ad2649

SHA256
a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

SHA512
657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads