371f104b7876b9080c519510879235f36edb6668097de475949b84ab72ee9a9a

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
13-11-2023 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cm.exe
Size

5.9MB
MD5

0e7d5d16e03393605f5f4862f1b9cc37
SHA1

f4250b961bd1c8694a949429f739d9f424283612
SHA256

371f104b7876b9080c519510879235f36edb6668097de475949b84ab72ee9a9a
SHA512

a462bd6c42194093a16dc2819facddc30dbd9352323be5cbdee8cb99c96bcd0497f8450dfba2abe709ed3230c4d9cbc2fcd76080a14a621d2e62ae8be74f1e8c
SSDEEP

98304:+tNFSjtEwRSyjnxMCZ/+QieqNZ8hY/3lPqBur/C91rduEdKHnXLZDuc9ygvCvn8a:A8dS8xMCZ/+qQ8hY/3lPrrK9dKHnlD9n

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe
2700	cm.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2700	2872	cm.exe	29
PID 2872 wrote to memory of 2700	2872	cm.exe	29
PID 2872 wrote to memory of 2700	2872	cm.exe	29
PID 2872 wrote to memory of 2700	2872	cm.exe	29

C:\Users\Admin\AppData\Local\Temp\cm.exe
"C:\Users\Admin\AppData\Local\Temp\cm.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\cm.exe
  "C:\Users\Admin\AppData\Local\Temp\cm.exe"
  2⤵
  - Loads dropped DLL
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._AES.pyd

Filesize
28KB

MD5
8f17e461056e6666f4dc7a3d3fb8279d

SHA1
fe6017e40ff776f4403493e34ecf5f2a7410dfd8

SHA256
b65ae58ebcd07d95d8e6728f85c8a41d65b7847c832dee53343a94dd52ecb090

SHA512
9b738371f8d27c8cff0a97db657014cadb50aa09364573cbb4a7738503f060adf193484c408e524b3d4938d56d98886e5c3b28e39fd3df29654b1c291b674fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._ARC4.pyd

Filesize
8KB

MD5
30dcee745c759790225fa46224453208

SHA1
b815fdc0087d048dbd1b2480dc64754b239d85ab

SHA256
4d73274bf9820bc8532d4a075dbc1bf65d496f92c6db243b3ebbca16865828ac

SHA512
900d289aaeda6bd5c000a66277160ec921ea52cc6c42524a31dbf90599a610d8923df571ac985e1eff23d2e1b657cc4f3c17b71f94d142bec2dccbc2c683213c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._DES.pyd

Filesize
53KB

MD5
d8b9eed927265cfef277f46286d46d34

SHA1
67ee250105721adc0100a71a75b0e46af0e4cc8b

SHA256
821d494d42702e4953adbefd9131568a47fca83d1a9b8f82bbb055537619780c

SHA512
9950ae635b82c3a4233f51231da946e7f8e51d2e7db43c0574c2405fa19029a194fb02403462cd8adbfafec7591b5b68178a211ed5899804712da0455844a7ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._DES3.pyd

Filesize
53KB

MD5
e9b8bd6f206a2bfee546afdf69c71172

SHA1
3bb1ecd584a1650c40b0da044ddfd19e648905b5

SHA256
df97e58c8121f29261a8f35ea9fb1c5cd0512e164725b72bbe3b79a2718ba62e

SHA512
c6dedc7228bc82ee1f35a8b672ac0ab326ab3f93b5294317e2b4b617f8f525e6006ba5e2b5e2bba12c6dea8780295a33dd356a80fa211849ff5c8aa953e19c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Hash._MD4.pyd

Filesize
10KB

MD5
e548eb0740de78d27d7605f721497c10

SHA1
7ed0646e4188b1dc571740d58ae393a3dded9215

SHA256
e5bca4aa5612d95a611bdf26e0f1b9de204784f272aeb365a82062478ed3c878

SHA512
b252592dff6c8827ebaa156acf21a8d63fabaf8dd8838a8b705d49fc356529ce6a66812e523e08a4691add1745cc346071d3199841b66137029c334c0959c83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Util.strxor.pyd

Filesize
7KB

MD5
55dfe7182b15838fff5a80e6762fd038

SHA1
69927d0c0ff4584101ecddfb7c3769a45d8619a4

SHA256
715b26532ed296a81f3d153bc7e504ec4d2885e262516ed1b51f6c46c62c846c

SHA512
e4bfeb6201444d70d94fcd8db780416465f4a84a916c1c74c9c47c0dad627448c7b077ba2cebf51e5cee2e86226d26a9e47ee079c13939aaa6c071b4ef1c2ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\_ctypes.pyd

Filesize
86KB

MD5
c5422db93c5fd74e09db36ddf975da9e

SHA1
023c33abd230ff3a546283da64a782eb9a7d257d

SHA256
96846a901d0d793fb77ff0b6488a904dc675a8d5273a442888d41d9a32bb845b

SHA512
169456c06a7e7c3bd63bfa0c88a90a0bbbf9866f142d103b8c2ca31507fa86e0782d76406b5769defd02323d2df6eaaab42559b9437668d466e370414d96a962

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\_hashlib.pyd

Filesize
889KB

MD5
324761ca06eb9e4350307780959d8ebd

SHA1
e1024324ef747e29bd64ac2074712650eb7ca971

SHA256
afab75a25ca8f87916d2a639d384b8cff9bf3050354594e9564c27fe62ef3e4e

SHA512
1036c66ebabdd2d85566894322a7e16b9212332bba7514836a124b98c9ca6691247bf2302d5af7d67732e65242acd9ddc70da830d483e5b10c154703a6cff914

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\_socket.pyd

Filesize
45KB

MD5
637aabdff24be92e33f3e71367e6e6a5

SHA1
86eb7a6f4806777c463a12f5efb6f789731bd66c

SHA256
c4d4577cb797a7206dafd862bd09264b248fd9324e008dee1783067da85e793e

SHA512
135c5faf5cadc099256b12586b1b300b43bae1d9fb9f40cb713756b143582a146c48009c58d3d367644386fe6101f3035bd3dae2bcec4699cd6f20bdafe60c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\_ssl.pyd

Filesize
1.3MB

MD5
6ba1564cd78ddb62900ff3327c18587c

SHA1
4d9e695e1f2099ca2cde796380d90c4e20cae343

SHA256
6d9abe468b51b13e220d042f160e617e896eddecf7031a14cac2407ed65c7eaf

SHA512
64f3f37170fdb3efb21403396309f69c6939d426fee638cdcb68d56660aa2588fa02084531fce5d775e76ad13113c1435d003333c92dd91ca9c42fc126d61d4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\crackmapexec.exe.manifest

Filesize
1016B

MD5
6f448c406d3093bfc395cedc4ff16a6c

SHA1
df7316085e26e7a753ac50c0adda34e9284c7000

SHA256
e26cec5da0f9e4ebeb7fbc4fa93854a761449b9e32303033ec7e96b47f87192d

SHA512
415dd57761661532e8104c0ee6ebe03c1e37354a8776f180082b56732f34844603c5a030c86a7aca30a5aedc67f3d9e55fa19b289e313719786d2136b027333b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\gevent._semaphore.pyd

Filesize
55KB

MD5
251f5b708d165b377f9fbf0b5004f79d

SHA1
b39fcabe5b98f1641cba69a57774ce6ee1138bc5

SHA256
7d78f2ee6345b07b54af8c44d533851dffe9e81613f6c73f918edece013f14aa

SHA512
45f12dbd26b5c2a93c8defd7a82fc5e720e19047ef821cf82a75276f531db2a2d877526239d1670612c70007fcea91ea9d4a24c34b40f5b69eb2f5f4924e8c82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\greenlet.pyd

Filesize
20KB

MD5
8932d9336ddad70e99074db67e44ce41

SHA1
9c1f6dbec844409371cccbe2988122bbcec37c21

SHA256
a50f01d800a1d3bd2909d5daaf24f34726310995bab633f03f63eceb275c0629

SHA512
8e98e49009b6e3e7f3393d5989fdac00701d6255438b877104851c12750b800864e17f995032833a17bb7a86f6ebfb38ee8bb9fb48d893e84143c8ad019e691e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\python27.dll

Filesize
2.3MB

MD5
ee41af2da8709ea2faa4f1941eb06ac3

SHA1
6626911b47d072c287bcb2fea6df8d824c0c1a0f

SHA256
618fdc50437b021b4efe53b093e078646a050308324493f213cdbb29db08f79b

SHA512
abba8b99a50cd8b9fd977371c94d1c7dc868b51113b1240da90ece47b40f2456d3b09b378c634410169dd329d30218fcd4f02e7a4a8200b3d1ffbac49c4203e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\pywintypes27.dll

Filesize
107KB

MD5
f3ef005e60f838eaaa44529daeeb93ab

SHA1
0f8730caea9f7b16c2e90f6551a90b80b994688f

SHA256
241ecbd87410e9b23339d494f9eca7ddf8083472661989f489fdd7fe0b8776b4

SHA512
8c57d5b6a5b44b26fb943b0d5ddd5d80eeac2488e91f538e361781e727f931717bb3d5a0811ae7c8dd85122e74b08c54c3384fd2fc0db79e0b0e7fbfc8160d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\select.pyd

Filesize
10KB

MD5
5602701b02f8f8cac446ad4e4e05c317

SHA1
34a428b4986799841babd2a2ee255c20df027816

SHA256
d50e9e695c69f54a42ffa043029d12bb228fc1ed199c919749731c15348a6460

SHA512
de69cf845404ba7c3dd8ffa5bdf9df8bfaf144f931a4b6b4b448dd9c4f466586140dfab4aa07aa0da0e57c6be818af407844053ecee07eaf26a5619617d22d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28722\win32api.pyd

Filesize
98KB

MD5
904347cc428ecc1fb6dec20ad6350519

SHA1
1547b616784c39abdaa4699994b2f9ad539180ce

SHA256
ff781837e47a42d7dee3d42854b6d66d73cfbc032c47c9620821b737a82800af

SHA512
cd2612c9fb2b9aa92e504fe1a830b752962b06819356aeeebaaaf53853ebb676d7bc4497fd88ec0be2b32895f6957682c1571914ff657b49261d275bbd2f0204

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._AES.pyd

Filesize
28KB

MD5
8f17e461056e6666f4dc7a3d3fb8279d

SHA1
fe6017e40ff776f4403493e34ecf5f2a7410dfd8

SHA256
b65ae58ebcd07d95d8e6728f85c8a41d65b7847c832dee53343a94dd52ecb090

SHA512
9b738371f8d27c8cff0a97db657014cadb50aa09364573cbb4a7738503f060adf193484c408e524b3d4938d56d98886e5c3b28e39fd3df29654b1c291b674fcc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._ARC4.pyd

Filesize
8KB

MD5
30dcee745c759790225fa46224453208

SHA1
b815fdc0087d048dbd1b2480dc64754b239d85ab

SHA256
4d73274bf9820bc8532d4a075dbc1bf65d496f92c6db243b3ebbca16865828ac

SHA512
900d289aaeda6bd5c000a66277160ec921ea52cc6c42524a31dbf90599a610d8923df571ac985e1eff23d2e1b657cc4f3c17b71f94d142bec2dccbc2c683213c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._DES.pyd

Filesize
53KB

MD5
d8b9eed927265cfef277f46286d46d34

SHA1
67ee250105721adc0100a71a75b0e46af0e4cc8b

SHA256
821d494d42702e4953adbefd9131568a47fca83d1a9b8f82bbb055537619780c

SHA512
9950ae635b82c3a4233f51231da946e7f8e51d2e7db43c0574c2405fa19029a194fb02403462cd8adbfafec7591b5b68178a211ed5899804712da0455844a7ef

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Cipher._DES3.pyd

Filesize
53KB

MD5
e9b8bd6f206a2bfee546afdf69c71172

SHA1
3bb1ecd584a1650c40b0da044ddfd19e648905b5

SHA256
df97e58c8121f29261a8f35ea9fb1c5cd0512e164725b72bbe3b79a2718ba62e

SHA512
c6dedc7228bc82ee1f35a8b672ac0ab326ab3f93b5294317e2b4b617f8f525e6006ba5e2b5e2bba12c6dea8780295a33dd356a80fa211849ff5c8aa953e19c51

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Hash._MD4.pyd

Filesize
10KB

MD5
e548eb0740de78d27d7605f721497c10

SHA1
7ed0646e4188b1dc571740d58ae393a3dded9215

SHA256
e5bca4aa5612d95a611bdf26e0f1b9de204784f272aeb365a82062478ed3c878

SHA512
b252592dff6c8827ebaa156acf21a8d63fabaf8dd8838a8b705d49fc356529ce6a66812e523e08a4691add1745cc346071d3199841b66137029c334c0959c83f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\Crypto.Util.strxor.pyd

Filesize
7KB

MD5
55dfe7182b15838fff5a80e6762fd038

SHA1
69927d0c0ff4584101ecddfb7c3769a45d8619a4

SHA256
715b26532ed296a81f3d153bc7e504ec4d2885e262516ed1b51f6c46c62c846c

SHA512
e4bfeb6201444d70d94fcd8db780416465f4a84a916c1c74c9c47c0dad627448c7b077ba2cebf51e5cee2e86226d26a9e47ee079c13939aaa6c071b4ef1c2ddd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\_ctypes.pyd

Filesize
86KB

MD5
c5422db93c5fd74e09db36ddf975da9e

SHA1
023c33abd230ff3a546283da64a782eb9a7d257d

SHA256
96846a901d0d793fb77ff0b6488a904dc675a8d5273a442888d41d9a32bb845b

SHA512
169456c06a7e7c3bd63bfa0c88a90a0bbbf9866f142d103b8c2ca31507fa86e0782d76406b5769defd02323d2df6eaaab42559b9437668d466e370414d96a962

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\_hashlib.pyd

Filesize
889KB

MD5
324761ca06eb9e4350307780959d8ebd

SHA1
e1024324ef747e29bd64ac2074712650eb7ca971

SHA256
afab75a25ca8f87916d2a639d384b8cff9bf3050354594e9564c27fe62ef3e4e

SHA512
1036c66ebabdd2d85566894322a7e16b9212332bba7514836a124b98c9ca6691247bf2302d5af7d67732e65242acd9ddc70da830d483e5b10c154703a6cff914

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\_socket.pyd

Filesize
45KB

MD5
637aabdff24be92e33f3e71367e6e6a5

SHA1
86eb7a6f4806777c463a12f5efb6f789731bd66c

SHA256
c4d4577cb797a7206dafd862bd09264b248fd9324e008dee1783067da85e793e

SHA512
135c5faf5cadc099256b12586b1b300b43bae1d9fb9f40cb713756b143582a146c48009c58d3d367644386fe6101f3035bd3dae2bcec4699cd6f20bdafe60c14

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\_ssl.pyd

Filesize
1.3MB

MD5
6ba1564cd78ddb62900ff3327c18587c

SHA1
4d9e695e1f2099ca2cde796380d90c4e20cae343

SHA256
6d9abe468b51b13e220d042f160e617e896eddecf7031a14cac2407ed65c7eaf

SHA512
64f3f37170fdb3efb21403396309f69c6939d426fee638cdcb68d56660aa2588fa02084531fce5d775e76ad13113c1435d003333c92dd91ca9c42fc126d61d4a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\gevent._semaphore.pyd

Filesize
55KB

MD5
251f5b708d165b377f9fbf0b5004f79d

SHA1
b39fcabe5b98f1641cba69a57774ce6ee1138bc5

SHA256
7d78f2ee6345b07b54af8c44d533851dffe9e81613f6c73f918edece013f14aa

SHA512
45f12dbd26b5c2a93c8defd7a82fc5e720e19047ef821cf82a75276f531db2a2d877526239d1670612c70007fcea91ea9d4a24c34b40f5b69eb2f5f4924e8c82

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\greenlet.pyd

Filesize
20KB

MD5
8932d9336ddad70e99074db67e44ce41

SHA1
9c1f6dbec844409371cccbe2988122bbcec37c21

SHA256
a50f01d800a1d3bd2909d5daaf24f34726310995bab633f03f63eceb275c0629

SHA512
8e98e49009b6e3e7f3393d5989fdac00701d6255438b877104851c12750b800864e17f995032833a17bb7a86f6ebfb38ee8bb9fb48d893e84143c8ad019e691e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\python27.dll

Filesize
2.3MB

MD5
ee41af2da8709ea2faa4f1941eb06ac3

SHA1
6626911b47d072c287bcb2fea6df8d824c0c1a0f

SHA256
618fdc50437b021b4efe53b093e078646a050308324493f213cdbb29db08f79b

SHA512
abba8b99a50cd8b9fd977371c94d1c7dc868b51113b1240da90ece47b40f2456d3b09b378c634410169dd329d30218fcd4f02e7a4a8200b3d1ffbac49c4203e9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\pywintypes27.dll

Filesize
107KB

MD5
f3ef005e60f838eaaa44529daeeb93ab

SHA1
0f8730caea9f7b16c2e90f6551a90b80b994688f

SHA256
241ecbd87410e9b23339d494f9eca7ddf8083472661989f489fdd7fe0b8776b4

SHA512
8c57d5b6a5b44b26fb943b0d5ddd5d80eeac2488e91f538e361781e727f931717bb3d5a0811ae7c8dd85122e74b08c54c3384fd2fc0db79e0b0e7fbfc8160d20

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\select.pyd

Filesize
10KB

MD5
5602701b02f8f8cac446ad4e4e05c317

SHA1
34a428b4986799841babd2a2ee255c20df027816

SHA256
d50e9e695c69f54a42ffa043029d12bb228fc1ed199c919749731c15348a6460

SHA512
de69cf845404ba7c3dd8ffa5bdf9df8bfaf144f931a4b6b4b448dd9c4f466586140dfab4aa07aa0da0e57c6be818af407844053ecee07eaf26a5619617d22d37

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28722\win32api.pyd

Filesize
98KB

MD5
904347cc428ecc1fb6dec20ad6350519

SHA1
1547b616784c39abdaa4699994b2f9ad539180ce

SHA256
ff781837e47a42d7dee3d42854b6d66d73cfbc032c47c9620821b737a82800af

SHA512
cd2612c9fb2b9aa92e504fe1a830b752962b06819356aeeebaaaf53853ebb676d7bc4497fd88ec0be2b32895f6957682c1571914ff657b49261d275bbd2f0204

Download Submit
memory/2700-46-0x0000000000440000-0x0000000000450000-memory.dmp

Filesize
64KB

Download
memory/2700-61-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/2700-39-0x00000000003E0000-0x00000000003EE000-memory.dmp

Filesize
56KB

Download
memory/2700-55-0x00000000028A0000-0x0000000002983000-memory.dmp

Filesize
908KB

Download
memory/2700-70-0x00000000004A0000-0x00000000004B0000-memory.dmp

Filesize
64KB

Download
memory/2700-71-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2872-87-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads