f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a

Analysis

max time kernel
1s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
Size

9.9MB
MD5

967a211c475579fa4ccbd8c8ce9b03f9
SHA1

8be6abd050aed176d4f9772501acdde3f22ac95f
SHA256

f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a
SHA512

e793194fd87598f6a594e746f279a9b61d82942ba788f9eb37b83c7fe745ae05ec51c6e8f4e579b0700d674bf1556b9893446dca88cc323411114bca5559f7f6
SSDEEP

196608:EYl21W903eV4Q2tpDjIIAcwD/au5p0W8/LQhoANNERPEvvk9LIL:JcW+eGQi9jo/au5qW80hoA/EZk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
60	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 60	4600	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe	69
PID 4600 wrote to memory of 60	4600	f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe	69

C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
"C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
  "C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe"
  2⤵
  - Loads dropped DLL
  PID:60

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll

Filesize
61KB

MD5
aec3d27ce4a1245930c9632356a524f1

SHA1
76c0905c353bc7fe589c1cd018fac35c4e8cac02

SHA256
1d423a2d14e73b0190df89261c336a667111abc1c702f6abfb886a668f7273f5

SHA512
e3ead704735d4f45908242b4b23554127f5dfeb4452f7ef8becdb95c713c2e1b3cc66b077ed0d8620fd11480fa6534faeabd06589a4909b1699c851bb5fadb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll

Filesize
38KB

MD5
8c8fbc0566fe560b9e06ddcc512ddee1

SHA1
00924cec35e03f0d3a0fe70861582e95d9eaafb3

SHA256
d510d4dd14446da84161411360a1102b1b1743673d5ed76861b3dc2c9dfce860

SHA512
6118e0b318bb02f2eec2e69ffc4a94cbb4db5d1d58f0dcb5fdf507907fe16ad1345f0f7b89d9612d95d0ff45044702bde44a44878b40695fdc5a619a2a0f8608

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd

Filesize
40KB

MD5
6cc64b840c67c527d7775471cbefd49e

SHA1
95a54e4120f4341ebc1bebc42b9187d6059fbc53

SHA256
4ad85fbae520672786602c61d87b3e260fe505a01512dfe14e7d5b2408cbff5a

SHA512
218d12a26923336eeed744923a071030ed9d215bd24c3dbabff4c89184b3f53c96f09bf00500fad351cf8c82f557783fb0c7ebefb234a556e988234234cfa4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd

Filesize
13KB

MD5
8823bbfe843a63d31ce5f7c39a9e1f08

SHA1
b8a43ad954415a807422881b3b9c9bc47c0984f2

SHA256
3c14643ec8c30b8047c51d82d30de8b6e54b81608bbce1b154e168e224586b61

SHA512
bf225902638cc68c96215dd9c6507b3275b71256d868cef1e190c18261080978486776071e6a4e24524069495402d5eb9ebc4d81025753ee205e873dc7d72737

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd

Filesize
52KB

MD5
a02f567cb035eb696ec2dbd542709227

SHA1
59e95f9c391936798fdfac0b2b0c791052470b7a

SHA256
712fe3a0b0b2bcc5e6508e4337d36374d1d3268967dd73f3f6580cd30800ca27

SHA512
c11462aedf0726f7592e94f61da8cb210435c93892f4f0cca32b3ffadcb447d238d875fae2bcc9c1b4e627098636398f92f13901cd9af9769a20b40c246a42d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd

Filesize
57KB

MD5
4dbadf16feaed50b0004df1ad9460b57

SHA1
6ba7ee57942f292cbc9a8406907b2288f209b2b4

SHA256
f1e9469ae6b1f1f7a16299bf3b73a5d42eca147dfd17c7a5190739b86fcf4f4c

SHA512
9a6d27e2db19dfbb40032f268f66e9ae436483481af8e71579a0781c0ebf2b3e5de1ebd9e0278c7913e359f1a3cad771dbb76153c3ffde6b8463e8180bee2411

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_decimal.pyd

Filesize
41KB

MD5
2b61da07484c148093a96b621ebf14d1

SHA1
6773117d3f3aabe24c32c3399c4283c285185708

SHA256
d74086ed3e8f5b3db05479a9eb0d2fd2db47f70f694e62d86c2ac9f9fbd7e952

SHA512
e58c0add328485e76b429a220d5c3faa3805a3fd3edd32b06dbcc9b3e19b05091e710ad4ee1dbdca257a55f361d5967a382ea89f50ffc3ad6225bae53c9d016a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_hashlib.pyd

Filesize
17KB

MD5
463ae324959cfa24a13c5765c841699f

SHA1
a2af52d004c37f16103dc903043e5825869cddd8

SHA256
022f43f61061c595663103123e06f102da26efc98f34e3f93bbb7964cde49c01

SHA512
70b42a9f1319b71fedaaa1c65a1a1316077a067d6744422ba7b53ecf4351875dde77be789dfb7543738428fb3dff14a21b99f894a114608aba566f3845c292c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd

Filesize
45KB

MD5
6c287ee0bce94bf7fc7b66e989771ecc

SHA1
7b5a3d812bde410013174164622b86e17ed97880

SHA256
14f13464dd4c8b1cbc7acd103ca270ce23504f420c3f3b54ccf607d94be51fc5

SHA512
0729cedaa67b27aafeb91728cf6b9b52a45992ab508a0d8d4e60bfe703ff1b60e4586e9794d0ca65ebf8c2c43a5f305f69bee052a1e4421fa479fa20d006d366

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd

Filesize
78KB

MD5
012ac5a1fbfdc02bc6e1b8c8909df956

SHA1
9c3e0e88a25d5259d2f7c0e11730a2809426d4db

SHA256
d0d4edb4f7517aa1eff776f8ab8089ff967b2719e6cfd068cbe9b12fecf17f4c

SHA512
6069e8e134d40dc84b9efbbd1413c9360fcd4ab476aed5d9797d54327aae0fa7c0386e358aa793d6b5299195433211d99725d6af52afaf09492066590322bf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_socket.pyd

Filesize
22KB

MD5
a5b2756ba25849d52267eaf51d9ea54d

SHA1
a347a57fbd01648511d43beee45ae7000cf5d140

SHA256
ad2f6978f378423a8daa124502f1a26e1a16d31208d3861887f8133712fc9cb9

SHA512
9cf2a7bf6b7f79e4c2ba2a9125e53beb3552f6f9981256e0dcf624c2e2f8be0c252806d1a8f075b5cfe102939f50ca0de86b3dda9b483ed2e4fd6de9887c77b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_tkinter.pyd

Filesize
33KB

MD5
3b9bbecc3cc9b581484efcf8b0a7172b

SHA1
af81eb9a709af31085e85ce8d3df033dc9eaf961

SHA256
94ee999ad21bf91552f5d4e92f8afaa7a5a419f6d12ce117932087ea7be8b4ad

SHA512
e87c8e851ddea58153352f376eeb71a12075d038adb6d00406fa4976e699bd824472aee4900541a539f6620f5ea38e54abfb4d83e5f3ff1e8bdb45f753142410

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\_tkinter.pyd

Filesize
1KB

MD5
fbfc6607f479d79f4f32ec0ed7e46001

SHA1
9191e6657c7fcf06ecb9a611d372f51062c4a85a

SHA256
424cbedd5b84ff3f369494b4a3052a647a9f6fe318be6a6a8a2d03ed789f637a

SHA512
9893858335f8df8ea06e7a488db3505353ff392ae3cf1675b2629d842939902bac52b09544985bbb09a3107616a34b6ea8f0fed44a2dc75aa5b3718808a0622f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\base_library.zip

Filesize
9KB

MD5
5439d6540a11149fa304248b29eece29

SHA1
388a5322086dfa2559cf7fe65fae9c4af28a9566

SHA256
d1a80a7cbc4ddf7c8d9f55671dbd39cc2f29ff6505cb57883afd8aa6c15ab861

SHA512
4d19b1e0e28e8ab9cc306513146157fad0235508c97ce70d879e97c68d904fdba7c56eb79e7906b5134b598fe2af074fbcb43df800d6feb09f85cd99825e6a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\libcrypto-3.dll

Filesize
20KB

MD5
951253afb4d3a166724d59de4e1c9473

SHA1
efff9a79638113fc198ea93e401f40b4d1c94a95

SHA256
dfb7c47a6825f1e1da4e49ef78eaa494974a2d0eb251e749b4995482273199b6

SHA512
8d3290d41015ce00f0617c767b66ec8eab200167e9a3eb90c95fa8c058e13bbaac1f3858491b777177933762e9134ea86dde55496ff1f70d5ba96dfeb51526ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-8.dll

Filesize
33KB

MD5
494535cd36467edd91163db4ebc315bb

SHA1
28d61b87b1578af45f09774c262e52854b253321

SHA256
219a4235f74bd4fa3c10d36b3b85738ce777f404a5a4ba807ee7c7e59fb3c7bc

SHA512
327f3d0963007d46fa7dcf2827eb0ded5df3b0a995c5bd5b1f7ed5746604b79fa089dbe3372e890f67e8ffbd599452e510f3f89fa7d6008c9d66fb3459e5704d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\python312.dll

Filesize
54KB

MD5
27211f7b397bc37e101a80be4c2fef13

SHA1
b6d1388cb729bebab2f76ff6e5cf506f94c3ad4e

SHA256
38e7bdc02f958eb017323f8f6de03a904ad79fa5b6ff4dd6f09df4e73bdcb132

SHA512
f5b44749fbc21755917d8ede0a7761bb1c4ac5e0437d65d61ae308350ec841ea1507c132b46b5a5435c07d9007d278e2da3e56114057f1c6f65f0103df24ca7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\python312.dll

Filesize
27KB

MD5
526f4b1520a3a8699b40f30efc606424

SHA1
2faf2db0d2a6c7288cda53c5a60a794ffc222756

SHA256
01b5cb2ba2b252dd286519163c1115516a5db84df7e6b84187dbb0e20319e3c0

SHA512
8b29ff333c15d8095a25edad380bb20353eff96baf39683208dd77801916a8c1a1914c3159e218758b210949d8580b3cb879feaaabe5c97012e47893dc75cf8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\select.pyd

Filesize
26KB

MD5
7e75d1286923e2446a95ce411b8f882f

SHA1
29b1650aa0cf05eebab16fc33652509f8e235fda

SHA256
7e97c0aefd1b57384ff06d0801875471ca5bfbfccec12ef31aea03e71a9b0309

SHA512
4dfbbf4f8e4eec6a05018add40f142df4b8896e93d66e9da0f243735e73a59f32d589f9381cb1d427a22567fe79a6248b0e6f86d842802c81e46af8124ec4241

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl86t.dll

Filesize
29KB

MD5
f29a3c1886e7bdb2f4cf9b59eb9eaf8a

SHA1
cd225ed5d697c161ec65e711354c05f54085c3e8

SHA256
9993f04c48a4d73910e6b1172ad7c1a5818aa9184f4adc6ca6ef8d948d1132ba

SHA512
e82e9b9ab8e8a265995d57f3996b54b6c34ead03b3301d03e455619818a43268670b68ccebfab71782a1aae7c02c53f09d81b6eb2f10bbe2e22e5ffc3f05ac80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl86t.dll

Filesize
52KB

MD5
b828747a8c0b215d3d89bf7793b8e777

SHA1
c6fd1aaf87032b50666bcd87b375d7657a33f480

SHA256
21297d645ebdb65b8c2a6a4494b499fe16a37a3dddf39745f0ecca80ff535e9a

SHA512
e995928fed57bf044e6b9ae49ef7034a1c023506f1df91fdcc5289c01cb20eb91f753f77598543e829093db0598a447cdfab3741f8af9df73710ecf16a50e1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\tk86t.dll

Filesize
17KB

MD5
ca630b83d07b335f331e52e3942901bc

SHA1
ac8b3ecc62088e2723984f4093fe6aee3a69b5cc

SHA256
403f62faf17a7b116bad8cb6be20fb1c5b5a8dc75d61ec77fda89485181b77d9

SHA512
6aaf8ea49530e0edd913894c13fd062f1d71b176bdeead0fafa681e331b5a5ca9634ac5555a71ae3b97a538e5b0d0b0d6cc670b0660dfadfb9e46b4523800275

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\tk86t.dll

Filesize
34KB

MD5
c6025d8fff4ffe54fcb39cd4565e90c3

SHA1
c15980dfe598ea5b7623a1c93e36ab99161e3205

SHA256
83c3486dde60d1246cdaff12aeeb629419dd471e15c7b9abc43c27b07d259217

SHA512
7049b00babd52b0c102fb81ba25fa24a89740d41d80a21bd367b6b99d4909f28abdf7864671004f50e89bd4728d2494521d697361db29b6c8d76ffe8aa6d15ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\unicodedata.pyd

Filesize
51KB

MD5
fbe5c2400365c1e2e54faa7b4e6e0a61

SHA1
f0e8df0dd7ee1147b0f91c80ba4029dcd965f534

SHA256
ea87e05d8216cb292970890321c0de7513337376413fd44a10776a084c24885e

SHA512
94e7c5dcb09ef076dcc8e651a479efb254525c7901403e47e2f9e994004b67b33800ea0fe05ac501f7b00fc194f341c2f22199b8a2321ca2ed6265c82acc1019

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\zlib1.dll

Filesize
31KB

MD5
8ba888f4f166d81315ff42401ff86828

SHA1
52860407449decf755f54b0cf9e851004938c96d

SHA256
1a56fe2079eb00c33af084f715e6166006d6e6c6f718efe77b99103c37d29f49

SHA512
37016408f910d27799dd96bc2e83e82eb7a440a481922f23d1a2ec853844ac32e2d1ccebbb54d94b5f6663077c4e662a63cdf6334a47e9e9b05e0a9d3c1ac9e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46002\zlib1.dll

Filesize
46KB

MD5
e3858b0f11258ba3f307b4b44fa1bb8d

SHA1
b0ae2af1d683226cf72510000addbcd7ab88a2c0

SHA256
f58881e58161c7432131e2836df0cd806d66200386558f48dc5f23436f95aadc

SHA512
17495fdd41b4dc4f0391a7c99e1c6229a8991af0e62ed80726c5d82b476e5a0db3f6cf439c971ee56fdfd0e005f274f59b47c90652832cf70a4b085bfac3910b

Download Submit
memory/60-968-0x00007FFA9B3B0000-0x00007FFA9B3DA000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads