60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e

Analysis

max time kernel
144s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
Size

7.8MB
MD5

f392250a1a506027f840e0a6d5df68cb
SHA1

ce8c0f8478c7080d60fe096cea5915733db855b8
SHA256

60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e
SHA512

18a30a7be1ec7e277d49c9232f61aa7022d4c908455c85efebb9dc1b3107563058da6df0328086e102b6ba9fcda8c99f2a1bc99e0e8dc6d306f6183c967eecb6
SSDEEP

196608:N+OurcpM6YbIqhrnKnLObT6jYSPZ0yHJ8phNzpegf4uIuR50:Nb5pVYbIqhrKn6IfLMNzDwL6e

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2700	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 2700	4576	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe	87
PID 4576 wrote to memory of 2700	4576	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe	87
PID 4576 wrote to memory of 2700	4576	60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe	87

C:\Users\Admin\AppData\Local\Temp\60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
"C:\Users\Admin\AppData\Local\Temp\60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Users\Admin\AppData\Local\Temp\60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe
  "C:\Users\Admin\AppData\Local\Temp\60c6d9f3faf8c4c3b1b7f972851176feaa024b1146eb2ad1ef7a486942181e2e.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45762\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_bz2.pyd

Filesize
54KB

MD5
5dc7a42b5a4fc4171f2e31159f6f3846

SHA1
bd0427b9280bf260d1d02a1a1683a257b3a2ad71

SHA256
a43922cdd64c4d2e359152ec1f238fcbcee7d2af630888d2bc576e90c83a148e

SHA512
ded126e2912acb2924608af87de6cb857f7daa8cccf5304fe1e87516beed4aa12f5f5d3f21675ec0e6d1deab82ed51a9048740385a156d84342a204276d0f576

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_bz2.pyd

Filesize
76KB

MD5
be5a46cc5988ea81cf184a8d642ee268

SHA1
f93ebed180d072c899ce452e057666ba9ee05360

SHA256
fcb85db49557a6879f32d8337962defd9447117a0d051abc03c1e65c3d46a715

SHA512
7275c6d07a4b9a7bedf2295745727793846b5909b27bb4dcb1b1a8eabcfb4d7255b9b2b018e332924f7f21f875027fe779048dd76c0555d6edb436719d4dc32c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_ctypes.pyd

Filesize
100KB

MD5
a16f470d30984e246b3a46c840f58b7f

SHA1
91250423bb9f2ff2605429ca2f6340a98c37649a

SHA256
d0a6d8690846de6645d8874a6f6fe8fdab5c1cdc612ab45ca2bcf23b7eef154b

SHA512
110a884eff8a739f4389eae08b15167e957cf0b45e668a698907b0d82db12e2bcf24e86b4015b103a7a819e95b823017f4855b605b7f29adf93077d1a8de6ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_hashlib.pyd

Filesize
76KB

MD5
4137775cc082d56aacf8b1d5fa8cb414

SHA1
7367883a4b4a1c5fef586243913e7fd0b3f66c7a

SHA256
d9fe9da1e3fb4c5149a5a00b0ef409e55f4c04c3590446172a11e51602e31d5b

SHA512
f7bbb8343a8adf35725c14fe2659804ed78164027d81107d061fa6a27e0fe39e91b0fabdd458af47f81eb59a880423d36fcbd75883344b77d8719234b2914dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_hashlib.pyd

Filesize
187KB

MD5
47f02c192e2391adfd49840d364ce265

SHA1
f884b2c58ac00acff5c1e2c1f7aa706c07b8ab9f

SHA256
82ff5d661b818fdf86f256c7cb99abe2ddc879635f32f663241ca12d9c6c0ef9

SHA512
24c4a8d4e3d719804c4c38681533e849dfafb42a3f1c21b51dc2800cdfbefb9640fdff170db8162def4b6b95076802dd7e5dda3191806c604adb3106983fc209

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_lzma.pyd

Filesize
133KB

MD5
3778ac7d42412accd255a0202b322353

SHA1
135bee233043bf8cc12807e9e59e2488500e0f58

SHA256
b43b2f8d48831455854685493a13454cdc1f2ee56865b7484ce0f8a8173bd501

SHA512
036f3c19056b4ad709d29548b86942b61888c1b9fba303cf57703e99ffb43ede3cf30f2f884f31d8252d6787394653b468e5effbe4b7dda5f95dbedfae5239e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_lzma.pyd

Filesize
179KB

MD5
ce7ab0346774c1e0e61ab909917901a2

SHA1
69a203e5e411c9595fe18b7195702ec651ff4cf5

SHA256
42b1b6dce588650689cff0caa0d7af7147c5dce5fe0b8c2ce772d001b6616d07

SHA512
ea4d924582dbd0550ed9a8fd4c5f87f5ad96b97c446bcf5cbbb7dd938aafebc173cf56138cd39c87a5185a79876c3cc7898489428c0c1895b948881a5f8f9ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_socket.pyd

Filesize
62KB

MD5
faf98549fc9628e0c075df0ad08bc55c

SHA1
d50db12060a1fe2e9cf4fc719677ebdfce10048a

SHA256
4094df5353182f0466fcf14846e599bde35974f0ee5c74ff94ae32211bb79e5b

SHA512
9d1603c09da13e0bb70d065ee754a331a0115a84da1dc79b762ad69fe8c755239737fd04071495d55aad18cf9708d1964a5d6b91cd7055f320ce9ce6e52f024c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_ssl.pyd

Filesize
110KB

MD5
b03da1fe5f8bbe898131bbf7ed7e5029

SHA1
505a7b47b6435a36a9a7c76604a5fd6ccf418a76

SHA256
ba3bf8bf47f5fc319533cb75c92823364a58800649bc81ddfe81c8f772f19aec

SHA512
defdf51c22aa8b4f4f225b5639b74b0b969468b2beb9f219c5241583a8240ae0e9b8d35e71e4ecc0efad116f927bca61d001ccc134a189f349aa84cb4527c31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_ssl.pyd

Filesize
109KB

MD5
cecfd51d0760de07123f6df0f86fe1d9

SHA1
1de15d988609eaf2d3ec7bbfd4ff0c27ec30be25

SHA256
e94927f64906d31d718ae12e036c3ca711406a5044c831eb1fbacc10c7e2d235

SHA512
e08ff159dc888ec2233a0735142cb0108eaeafb270bbb1b4454e73329a17d6979b36dc5060496fb28c0537f47c65d4cb13092b5c55922dd078d8aece7f6a45ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\_tkinter.pyd

Filesize
52KB

MD5
8f87b9d2d20b49b9b128fb61cc3b9fbd

SHA1
17c55be980fa127bd7bd910e5e0493b3f0fc2610

SHA256
3b4efbc696d694717f1aacb81164d0a2bd3fb9c47742daae48c543892006b226

SHA512
50283b6f92acd574e4ae97366645a7b844f9f25492c307282ef5ef249da33f5f047fe9638701ec9afc6ca7d17d5a01f0a2eadee69a836f195a4ec9b3c317df4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\base_library.zip

Filesize
265KB

MD5
aab8b8f6c91f853315f900470c030231

SHA1
bdbf3717d01fb562666e8a0a6a254d81260933dd

SHA256
41e07197feb8a7e612a0c7c44af64442ad585e783a17594afeed38f93a0e3723

SHA512
b59b45c40faa4aeb3a9144ba5372125dcfbe277c5201e9abaccc88060adb881efe8e82c54faf102b730dcf8aa70c9d55b8a63498e9b37c08f0013964f944db34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\python36.dll

Filesize
226KB

MD5
27aa82b4835a69cd4a018014196692e9

SHA1
665ffeb9977b470adc21a769e365971328611a06

SHA256
95735421d73c438d0815310ede36e986f36c4360cf20410b3758f8a222ae6acb

SHA512
e2157e3b400c53549ebcb1b86ca06ac5541d8ecd58453c6fc8c5a79671ae347024db2d0b3c777d6028be99799ce1eb8094817d061bb0aea68bc9edb0ad386fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\python36.dll

Filesize
195KB

MD5
a0712d5cfabae9398719bb5488faf64d

SHA1
d1789b50fae956b956a0b55457ab7dbd9997fb42

SHA256
7b35bbcfb7e82fb2749349c5d19cc3f115cc845613f89ccb75e6434b411a2045

SHA512
0889c5c1b88b1b4eedcd386a5547394e841c043c2e3d4674d7576a157916ddc97c189ed5adf79f887e33f587a2253ade5edf76d2a026913a68b7c6572103f0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\select.pyd

Filesize
23KB

MD5
bda10646fa5b6e94b7bdc3fad9108aaf

SHA1
1f4924d1e045180058a4d2279b171b7c724acdb0

SHA256
6c72bd02609b55c3adba1964185ab73bdc62438132f23cf726c874989f6e8691

SHA512
4b741ef5a63d7d0ffbf457e85b7298f638c55279bfcde6b2fe8bdfd4396bc166b5dcda2fad809db4c6918f8110b8a500ad0ea43898ad4290e16bf09bdf796050

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\tcl86t.dll

Filesize
154KB

MD5
9ad91f533b8a791a1ae4839b8c74ebb5

SHA1
f2feba4bd25150f5313bd9dffb8bbe4d1a1ee886

SHA256
cfc2eea602b330950fc8eee92fa08773f4dbe09e6bea5c73a389d4a7920fee3b

SHA512
9ef0dfaf17edf663176ef150b35bf008ab6fe94573638dd814c58ba5c6652e6fd092c836797705832a858c21bc94fbde906321875157be46d5615d9db1d9be4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\tcl86t.dll

Filesize
102KB

MD5
ee481791f943b7cbf1cfcbcebf1ed8ef

SHA1
2b55aa07e987ed46c18cbdf48e994bd46264fb17

SHA256
8975fe9f9c745de0e42fc47d5e1d95285cb45a1f6c218c907455589fce977d70

SHA512
303e3783d048af6141e4eb7ccc44a315b6ece40b040238b4a89e3711596c2e66888357c604ff5c16dc541dcabae6d6573fb3cf94e50d39c7faed91d1ff980257

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\tk86t.dll

Filesize
78KB

MD5
5dd5dd50ea40a7b5113a7969b8306268

SHA1
3255f8719003fecf4009694f05143d7cd550f999

SHA256
bda104d7deae9313b062e83fa1fa7399807df52f4bb17d412cbaf935815f45a0

SHA512
bcae8ec641aa14e248ec0f2b77f5930269976b0d6b0e775781a99c96573908d8a9b0411572051226e5524caa8c30ae0f3bbc99470db8d0bd836e38631c912368

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\tk86t.dll

Filesize
159KB

MD5
050653e7b1ab2907153197c605518cb2

SHA1
09d43e84253cc4801e121eba7d8d7aef5a69ab8e

SHA256
d97043d93ce85142728c16a9a63e03ab3bf9f04be59511d568580cf576017257

SHA512
d0dd6770156ecf4425b2bb71b0927cabccd8c682256381a5fb406bb7e381400866331986a650f1c4737f49c8938e310567aba831b6af57c524f49b36d76c318d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\unicodedata.pyd

Filesize
246KB

MD5
e14d8283d39faa451435806bb1afecd5

SHA1
acdf86feee296cadd4df75ec74e5d4d2adc9388e

SHA256
941315a3e1f182474c8fc92bea655bfe340525c04fd23c10756dd4ec2627bcd5

SHA512
a03611eb32238cdbf2c8de1ad4c0b6c7692071031bc62a355b7908bc51b4b880236e6fe4a5ed036fb948cc7ebbe39d5b79c995675e7401cb8530dcab0bb9de9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45762\unicodedata.pyd

Filesize
135KB

MD5
258e2526cf69c31a1032bb334e124c2e

SHA1
6f2fe8c64cf6ec5eb6e8c956200de58649c14994

SHA256
b36aa1d6eaa5e7b4db3af6bbecfc464124ffd731cabeb2a032c1de8a6935f0ac

SHA512
d7c247d578cd8535fe82cb4eabb2b2a8e834ee987fb3387593acbdf7a816e3bf514a657e39005466fdb14fc2e2e99ccf1be016f716632bbaa19d6e4cdda667e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads