64af0fae0c14f3c50396afe88ffc67b0f21f870f8b9f89e449a311ba9690b2cd

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

121ce9fa922ffd09870fc68bd7ef42f8.exe
Size

6.7MB
MD5

121ce9fa922ffd09870fc68bd7ef42f8
SHA1

710aceb5f8a0c6c63f0ad47b8075d74de4df24c9
SHA256

64af0fae0c14f3c50396afe88ffc67b0f21f870f8b9f89e449a311ba9690b2cd
SHA512

cf9804dff17ad43c120024c62efbd83cf2a129c674bb10336da3a4150d55da4bf626de60bbd62f5ec971f04c8393a8b22ac48794927a225f8a0e2fffeefa13f8
SSDEEP

196608:e/PmCsXDjDyf6L2WliXYrHW1L0KF1aOH+v4SV:iPmCEDVL2ciIrHWRV1F+w

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe
3340	121ce9fa922ffd09870fc68bd7ef42f8.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 3340	2820	121ce9fa922ffd09870fc68bd7ef42f8.exe	93
PID 2820 wrote to memory of 3340	2820	121ce9fa922ffd09870fc68bd7ef42f8.exe	93

C:\Users\Admin\AppData\Local\Temp\121ce9fa922ffd09870fc68bd7ef42f8.exe
"C:\Users\Admin\AppData\Local\Temp\121ce9fa922ffd09870fc68bd7ef42f8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\121ce9fa922ffd09870fc68bd7ef42f8.exe
  "C:\Users\Admin\AppData\Local\Temp\121ce9fa922ffd09870fc68bd7ef42f8.exe"
  2⤵
  - Loads dropped DLL
  PID:3340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\_ctypes.pyd

Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\_socket.pyd

Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\base_library.zip

Filesize
763KB

MD5
abbe5270af3906f418a479c104a04a5a

SHA1
520c6184459e9b526ffaefb985a1446d3511c028

SHA256
4d9abd9354a1a7554109a4a01f23d0b18e34b8fd1e953a2ede4cbca7952e695e

SHA512
a0c790f99fe4e7a02ab5107bcfa025e30ccb468b7b8f4f528fc34d6ad670087a5ff95ad38568b8ff0ec254a9fcad7fde743a1b98720277604720454bdb48ae55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libffi-7.dll

Filesize
3KB

MD5
79166234c4c97c6679f684b149bd12f7

SHA1
4b513bb4d6fc103c0f10f0c518f56721fc2d1b9e

SHA256
4b456f1222cf26e30a6d9737308b7cc587ca4c66733824fdb88f31866719a071

SHA512
739bf2a8b3fd9274cf1fecdff1b1ae15a7b652c5375a96ed361a5f7936147e163b185945afaf278712609d755f80bc2195a7250f1adc2cfda64db35d69ac7a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\python39.dll

Filesize
1.1MB

MD5
9b32154710e6d7036d341ae031372ba7

SHA1
f69f555e2f76b9be72961be5d795de7568c75364

SHA256
28ca5650ff94f8e654fadabaffc5ffa133f02391b47ff10ffefb84e99a80cf05

SHA512
01e4a10536a8c01ebbebea500de7a1059cacbc1834eb0680a04cd8aeb72ef0cecc3bc0c1c7e62897c4bb8831a413d46483837107b79774f8107807667d1e7ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\python39.dll

Filesize
1.0MB

MD5
df0281d2251a4ed7086a6a589f8eec70

SHA1
a3169698e1f0a6a5ecc95a92e27233ad000f54bf

SHA256
0c01952ea773b82c4adf17cb59284ca689c7bb0943b2071a5e44cafd8acb73d7

SHA512
e8e2816bb3e93280054e8d50f1469fad2ccf3a1a90eb7a9563f44ccbd86ecc594fc651741eb56c0058890afbb7fe01141ef5d520b3a87eb8d359f2f8908564ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads