ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lazagne.exe
Size

6.3MB
MD5

68d3bf2c363144ec6874ab360fdda00a
SHA1

fa2f281fd4009100b2293e120997bfd7feb10c16
SHA256

ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56
SHA512

a99497da071bce5feed5d319a8b54bcf8cf13d33744765eb9fcd984f196fdb9745a3959fdc50c488fd2556aba35c1c9d984188d1e611e8b1e84961116237737d
SSDEEP

196608:MG4YKWwsbycm/iAjf+UAYt+sIqXrgiQZGHluk6s:cYBwSdm6AIsf3QZAlJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe
1456	lazagne.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 1456	2568	lazagne.exe	87
PID 2568 wrote to memory of 1456	2568	lazagne.exe	87

C:\Users\Admin\AppData\Local\Temp\lazagne.exe
"C:\Users\Admin\AppData\Local\Temp\lazagne.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\lazagne.exe
  "C:\Users\Admin\AppData\Local\Temp\lazagne.exe"
  2⤵
  - Loads dropped DLL
  PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25682\_ctypes.pyd

Filesize
119KB

MD5
77be51b28c575526d749e2a91f3a4a83

SHA1
6a3a1b24696f5e82813eb5ae633fb4a3543d0543

SHA256
6f450435edb2b78504f166044aa45e87cd19670789dfacdb1074db7f934ab2a6

SHA512
2fb131ed48ac08e51c485d8ce5f16c09c7aa7d3ababb02b01198cc5ece15c33f161af25b7ed3130ee63676dedc0ffb06c40eeb2a6c8654d89ba3539a5242cf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_elementtree.pyd

Filesize
183KB

MD5
c97bf92a8086849b9ad36dfffe33081e

SHA1
7889a9f095ccd2fc84752479516ed32a5f50838d

SHA256
425341f9b08a8d1683a9d88dcd820acfe9e88612d4666cf9d2421315a592e74e

SHA512
55989fe0c8bf06fb2057754c0939ef22931ceba288c0066b01f307172aaff5a29aa866d20d645585226a9c5f8b1c64aedc76627f7ab700f786cb27ad85d864eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_hashlib.pyd

Filesize
1.6MB

MD5
ae415df4a7c5e23857092c0c10bd7d8f

SHA1
ee6793e2eebb0e11e520933f4d233d8818d7c066

SHA256
4c5af12ecd203ea45e2aec5ce9b4b862636a3b9a6057ce0d5d8cce0ee37ec3a9

SHA512
6d1666e387eba3a1e12d98d971f58adbd05d8d7fa5b4ed5240fbe0343c342ad36d4547d705b84acbae66d2a6013bb4484fd33bf74567ff81420297cbdc6677ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_multiprocessing.pyd

Filesize
34KB

MD5
d29f54fe961ff0be2b4d1b75b18ee229

SHA1
eb0e10454ba5ebd35422dcfd15f5e718acb015d3

SHA256
d384e6a309c41031921fac5358b99a37e4768681d882de3e66d20179bde623cf

SHA512
5bfcc3187fa0cf9a997dd35b91a831ab6aefb960564f1a1479ba28252085eaac167e91502b512d7e396630076e666535b593e0ec86efbffe5c0e516aa9283442

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_socket.pyd

Filesize
49KB

MD5
f9b160a08dacc271b8b7ad1516d88330

SHA1
762698430bbfe5b5d52756b969fe7a757ce07a33

SHA256
7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511

SHA512
5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_sqlite3.pyd

Filesize
62KB

MD5
cee4e6d863e08f9db01735f9fec8e9b1

SHA1
6cc4e503227c6d07749ed2bdf79a5878d3ad2def

SHA256
43092954458ad5d6e6cd2c8fd5d917d09a66e8976b0ba3225cda48d60465e179

SHA512
62e2530e8f42b5512474d95bd40a36e8ccf5f9da7213386bbcefb6096f82cd6940309cde42cf77b0bd371308e797e5b7a4b6e4c7db7e12d9e00277c6f8f0e040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\_ssl.pyd

Filesize
2.0MB

MD5
16bbb7e72d190e6712d923dbc854a45f

SHA1
2913c4d3b9f0c708845252e863518d9bdaea5aac

SHA256
a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322

SHA512
906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\bz2.pyd

Filesize
90KB

MD5
a1950d15ae7fadd5b203639f3965f690

SHA1
dd09dfee5577feca2ce25d9cc5091933ca580adb

SHA256
baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed

SHA512
b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\lazagne.exe.manifest

Filesize
1012B

MD5
dbcdc3116767f0b87dfbb68d4ffc4f9c

SHA1
2734ca39f9fd5456eac65457bb24d83b29bdcac0

SHA256
4127ecf092bc603470ef5ad84159c45bc15d341cdfb95ff314b7792bbe471930

SHA512
d47096b3b2d0d5970221a310ce6a3dfeff43e134635362e1d8c662f2eee1de96b7c832a5b701837823649535e7deeea5bcac97e95073920519b3703488d4b1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\pyexpat.pyd

Filesize
182KB

MD5
a5087ebbe3f55657e588b6c3d33b05b5

SHA1
66cb6592d0c7c33b4089906ca1fd8d1f60b9c9cb

SHA256
a2fd7ffced225de673f815374903500921baa1ff2b13a5de1dc35b53e457b964

SHA512
ff9c394b5516dc828da580f8a5d2cbed77e957cad568628ed801a0e5c5f7b8873fa7a5a3a5234d61c86eea95a87720bfdb17aebab706ce1a76097d2f0330abe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\python27.dll

Filesize
3.3MB

MD5
3ae2bfd1f3810e1f8e63d12b6640d305

SHA1
0eaa9f0c96fa24ab837c736e6540a0be72ed83d2

SHA256
43e8c9b6c1403b4622de9c9bff75542803a674909d44aba26cf11828fd0a5ed0

SHA512
002af9c02f59b1001060c9451e59ff617d6bac002c4e0553d61edbae1c55e59da9d04ed3b0075b93ab7f8c6da43e7ac2b9664464a07d073a5a32c7d601dc16e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\python27.dll

Filesize
3.3MB

MD5
3ae2bfd1f3810e1f8e63d12b6640d305

SHA1
0eaa9f0c96fa24ab837c736e6540a0be72ed83d2

SHA256
43e8c9b6c1403b4622de9c9bff75542803a674909d44aba26cf11828fd0a5ed0

SHA512
002af9c02f59b1001060c9451e59ff617d6bac002c4e0553d61edbae1c55e59da9d04ed3b0075b93ab7f8c6da43e7ac2b9664464a07d073a5a32c7d601dc16e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25682\sqlite3.dll

Filesize
784KB

MD5
6243adf7ebc3e698197c7161c219d172

SHA1
dabf82e0359066bc92bd9dd44800927d21595b85

SHA256
9bdab17d9ee7c7ed2bd7cf06e2342a4661ab1cc43c0d6cdac708c7e13c329561

SHA512
37c0a1b94471aace82973ee9ebff5d371df1e501399c0784194abce48e403107db7738437b9079aacde0241714b24704c274f978cd89b01d61fa343a3410bcc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_ctypes.pyd

Filesize
119KB

MD5
77be51b28c575526d749e2a91f3a4a83

SHA1
6a3a1b24696f5e82813eb5ae633fb4a3543d0543

SHA256
6f450435edb2b78504f166044aa45e87cd19670789dfacdb1074db7f934ab2a6

SHA512
2fb131ed48ac08e51c485d8ce5f16c09c7aa7d3ababb02b01198cc5ece15c33f161af25b7ed3130ee63676dedc0ffb06c40eeb2a6c8654d89ba3539a5242cf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_elementtree.pyd

Filesize
183KB

MD5
c97bf92a8086849b9ad36dfffe33081e

SHA1
7889a9f095ccd2fc84752479516ed32a5f50838d

SHA256
425341f9b08a8d1683a9d88dcd820acfe9e88612d4666cf9d2421315a592e74e

SHA512
55989fe0c8bf06fb2057754c0939ef22931ceba288c0066b01f307172aaff5a29aa866d20d645585226a9c5f8b1c64aedc76627f7ab700f786cb27ad85d864eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_hashlib.pyd

Filesize
1.6MB

MD5
ae415df4a7c5e23857092c0c10bd7d8f

SHA1
ee6793e2eebb0e11e520933f4d233d8818d7c066

SHA256
4c5af12ecd203ea45e2aec5ce9b4b862636a3b9a6057ce0d5d8cce0ee37ec3a9

SHA512
6d1666e387eba3a1e12d98d971f58adbd05d8d7fa5b4ed5240fbe0343c342ad36d4547d705b84acbae66d2a6013bb4484fd33bf74567ff81420297cbdc6677ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_multiprocessing.pyd

Filesize
34KB

MD5
d29f54fe961ff0be2b4d1b75b18ee229

SHA1
eb0e10454ba5ebd35422dcfd15f5e718acb015d3

SHA256
d384e6a309c41031921fac5358b99a37e4768681d882de3e66d20179bde623cf

SHA512
5bfcc3187fa0cf9a997dd35b91a831ab6aefb960564f1a1479ba28252085eaac167e91502b512d7e396630076e666535b593e0ec86efbffe5c0e516aa9283442

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_socket.pyd

Filesize
49KB

MD5
f9b160a08dacc271b8b7ad1516d88330

SHA1
762698430bbfe5b5d52756b969fe7a757ce07a33

SHA256
7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511

SHA512
5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_sqlite3.pyd

Filesize
62KB

MD5
cee4e6d863e08f9db01735f9fec8e9b1

SHA1
6cc4e503227c6d07749ed2bdf79a5878d3ad2def

SHA256
43092954458ad5d6e6cd2c8fd5d917d09a66e8976b0ba3225cda48d60465e179

SHA512
62e2530e8f42b5512474d95bd40a36e8ccf5f9da7213386bbcefb6096f82cd6940309cde42cf77b0bd371308e797e5b7a4b6e4c7db7e12d9e00277c6f8f0e040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\_ssl.pyd

Filesize
2.0MB

MD5
16bbb7e72d190e6712d923dbc854a45f

SHA1
2913c4d3b9f0c708845252e863518d9bdaea5aac

SHA256
a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322

SHA512
906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\bz2.pyd

Filesize
90KB

MD5
a1950d15ae7fadd5b203639f3965f690

SHA1
dd09dfee5577feca2ce25d9cc5091933ca580adb

SHA256
baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed

SHA512
b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\pyexpat.pyd

Filesize
182KB

MD5
a5087ebbe3f55657e588b6c3d33b05b5

SHA1
66cb6592d0c7c33b4089906ca1fd8d1f60b9c9cb

SHA256
a2fd7ffced225de673f815374903500921baa1ff2b13a5de1dc35b53e457b964

SHA512
ff9c394b5516dc828da580f8a5d2cbed77e957cad568628ed801a0e5c5f7b8873fa7a5a3a5234d61c86eea95a87720bfdb17aebab706ce1a76097d2f0330abe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25~1\sqlite3.dll

Filesize
784KB

MD5
6243adf7ebc3e698197c7161c219d172

SHA1
dabf82e0359066bc92bd9dd44800927d21595b85

SHA256
9bdab17d9ee7c7ed2bd7cf06e2342a4661ab1cc43c0d6cdac708c7e13c329561

SHA512
37c0a1b94471aace82973ee9ebff5d371df1e501399c0784194abce48e403107db7738437b9079aacde0241714b24704c274f978cd89b01d61fa343a3410bcc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads