0ee9466b060fa155deb92e588c976cf5abfd0488c3d5d971a72d7da684b0b072

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

503ffd064ab9c755a6ddc4c35ee5bb35.exe
Size

6.1MB
MD5

503ffd064ab9c755a6ddc4c35ee5bb35
SHA1

d51acc078d9ddfe09538f5283619d407a426edc5
SHA256

0ee9466b060fa155deb92e588c976cf5abfd0488c3d5d971a72d7da684b0b072
SHA512

e124c5e8b2af84f5bccec3700d7053e83ac71c58ed2b6548c1d58210eb0ea3bc4c73381389b4497ad71a45293cadcc96ea34bf22553b4fed5e74c3bece08c4e8
SSDEEP

196608:GOEUVq9onJ5hrZEK3e9tGPqKvbuTbHbFhcyxs9:7q9c5hlEK/PNvbu3Lx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe
4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 4492	1684	503ffd064ab9c755a6ddc4c35ee5bb35.exe	27
PID 1684 wrote to memory of 4492	1684	503ffd064ab9c755a6ddc4c35ee5bb35.exe	27
PID 4492 wrote to memory of 3884	4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe	25
PID 4492 wrote to memory of 3884	4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe	25
PID 4492 wrote to memory of 2316	4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe	26
PID 4492 wrote to memory of 2316	4492	503ffd064ab9c755a6ddc4c35ee5bb35.exe	26

C:\Users\Admin\AppData\Local\Temp\503ffd064ab9c755a6ddc4c35ee5bb35.exe
"C:\Users\Admin\AppData\Local\Temp\503ffd064ab9c755a6ddc4c35ee5bb35.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\503ffd064ab9c755a6ddc4c35ee5bb35.exe
  "C:\Users\Admin\AppData\Local\Temp\503ffd064ab9c755a6ddc4c35ee5bb35.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pip install pysocks requests wget cfscrape urllib3 scapy
1⤵
PID:3884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color c & cls & title iZorp DDOS
1⤵
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16842\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\base_library.zip

Filesize
385KB

MD5
01751e06372436e8261cca3149797196

SHA1
681c417b3d94b3e2c66b0f0728650dbd32e4d56d

SHA256
390a5119b0d2027d6fb3d5e7e7ab3ce5175e2b31ea42f2bb729aedfa1c645803

SHA512
9e48c365570a3fd60eb9acc518d5e5e6c036626b6bc3aaac8bf39db1cc51507bf05b50f6b0d108129d44aac2e737edad653ceba9f9a166127a053f9db4c5df54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\libcrypto-1_1.dll

Filesize
3KB

MD5
4f50ee637495ee4ba3538c11128d396d

SHA1
6055c1c73105cb11633214032a9c0f77549c0fa5

SHA256
a2dbf5ac248b94af0c9ade1483aaefc427816cf85ef17db6af7b8b24bc56e29b

SHA512
af79247e83f63376b2138c070e9d002c1be3a743ff748c4fb10b493dfa047d6d05bd2a431376d9576367e9cad563f3feab17ed056d94db2c00b93433dad97d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\python37.dll

Filesize
894KB

MD5
7aaceb6223e8fda601d93e920851f020

SHA1
af939b15c4d0efd9d1fb272d44e4457dab791f51

SHA256
1e35ec03724c22b6d8e69f22bf0ef6cc484b7d1ac963c54645e50a41f99d914c

SHA512
8da1a741838ac4718ffb0c87b31de3e60132d5f30b59f9e787784194c0d9320b15f92ed5641b13ec7d5e45c418469e934880321b968bc36554f8a9cca38eb7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\ucrtbase.dll

Filesize
409KB

MD5
2d31aa94f6fdd51f93314401e572fb04

SHA1
be66d724a426938864166c001f5d5a4e88c840d5

SHA256
93ba2063b0b399619e07990e8017b046498d758cf5712ed26b7ae55b1958f4a8

SHA512
cf439d76fd665be71193678014a79b1b18dba6280cf6c86ddeb6669b9bb718011bcfddaed555e862a43cc7b1aaad47946227235fd55f8b9b93210efeff7e521d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16842\ucrtbase.dll

Filesize
894KB

MD5
77627b84193d61163e9a0a26fafa6ce8

SHA1
311b9d4a0d5088ded62ee8346d77a5d7b595b341

SHA256
82417d1a824d2cd5f32af1d641fb8ba750bef237f7c2d32cb999eafe667decb1

SHA512
0247d593ad90854fabc1efb481627b4c5edfc0db943c6586afa9967ce9f4b2d6fc0fac58b450337cc9a0ae94da2b8e6f76c63f69197a5fa950fbf3791cf5472b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads