7ed894e650fb53f7cba80ed1847fda639a102d7630fd73edee6a4812b5f79b3f

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tunnel_ssh2.exe
Size

7.7MB
MD5

0b2773a29c0cc6b80f63f1a6a7b67d00
SHA1

169bdfee62ba134fc7c1c65afaba4c90ba003eec
SHA256

7ed894e650fb53f7cba80ed1847fda639a102d7630fd73edee6a4812b5f79b3f
SHA512

375d13e68ab765272456cfb0a948f98577494c2c70ecec7d0aae870beb22389c87afd50ec7fe48708d5bbe380ee1f0158ee09df3649ea4c8452803dc364fa335
SSDEEP

196608:yewv8SUdQmRrdA6ly8Qnf2ODjMnGydSdmyFfmGrwOBWZA:0lUdQOl6F3MnG3dmUOGrwCs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
976	tunnel_ssh2.exe
976	tunnel_ssh2.exe
976	tunnel_ssh2.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 976	2608	tunnel_ssh2.exe	86
PID 2608 wrote to memory of 976	2608	tunnel_ssh2.exe	86

C:\Users\Admin\AppData\Local\Temp\tunnel_ssh2.exe
"C:\Users\Admin\AppData\Local\Temp\tunnel_ssh2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Users\Admin\AppData\Local\Temp\tunnel_ssh2.exe
  "C:\Users\Admin\AppData\Local\Temp\tunnel_ssh2.exe"
  2⤵
  - Loads dropped DLL
  PID:976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26082\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\base_library.zip

Filesize
1.7MB

MD5
3ea69d78a7aa9244c2eae0eec291d457

SHA1
11d09841b5db27ddce72a3a8a5c075d115c717e1

SHA256
0a82a8a51040809dee10af0084d9f0d500195204aeeca1843e6e6249c77c1db3

SHA512
926ef6a32acae0722ac2b9cc0f3c0c1996a64f1ea3797d5d60f76992f128a584623943f3daa445d8ed948987772e1af39de5d278903d637660298a27bef3b69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\ucrtbase.dll

Filesize
983KB

MD5
bfc39414668264275f77188d54a36a48

SHA1
de45fdf2d9543a3d6eda428e1aca07f406ad2649

SHA256
a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

SHA512
657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26082\ucrtbase.dll

Filesize
983KB

MD5
bfc39414668264275f77188d54a36a48

SHA1
de45fdf2d9543a3d6eda428e1aca07f406ad2649

SHA256
a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

SHA512
657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads