e031f5d53a854cb545bb0ca5e3d632946c6f5ba4dc775f2d9b9405b5899ff590

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Installer.exe
Size

72.4MB
MD5

6793e3d4fa6dfcdc57d8d81675ab01d8
SHA1

ee42938dbd0a31f14bc975d9a78c6a68ed0cb253
SHA256

e031f5d53a854cb545bb0ca5e3d632946c6f5ba4dc775f2d9b9405b5899ff590
SHA512

d77fa6e3c18cde8c428b05c9bef1afe954562d7993241652770ed0ce2a4fea8efa7231c66ef1386d9faaa53a7286b5ff6c7708fe7982b0bcebb5795be5904a7b
SSDEEP

1572864:1a5sz+nsB4ptQ34bgbJ42l6bCiAvmMIEdXOBp9N/m0TMHVkRPHgW+eN0:w5sz+sBmkbJVZux+XW9N/m0TMH2Pz90

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Runtime Broker.exe	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Runtime Broker.exe	Installer.exe

Loads dropped DLL 5 IoCs

pid	Process
2680	Installer.exe
2680	Installer.exe
2680	Installer.exe
2680	Installer.exe
2680	Installer.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2680	2956	Installer.exe	48
PID 2956 wrote to memory of 2680	2956	Installer.exe	48

C:\Users\Admin\AppData\Local\Temp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
a148dc22ea14cd5578de22b2dfb0917f

SHA1
eaccb66f62e5b6d7154798e596eabd3cef00b982

SHA256
7603e172853a9711fbdc53b080432ad12984b463768dbc3aa842a26f5b26ae23

SHA512
4e3c927692fc41889b596273aea8bbd776cf7644dae26c411c12bda23cd3299a5c9adc06a930294310f002de74592a244767378fc9e37ec76e86bfa23f4c0478

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
3095c9577395249e105410bdcc585f77

SHA1
7dfc0c81f8f28cbf36c5acdb83523569b430b944

SHA256
c08be448195f46c4b423d0ce0c2cdc343e842ff1f91b16a8d3c09d5152150917

SHA512
555568fc23ade238bcc13a447520d395546def4409a002d795dd3abea03b15321491bc63c97f4ed8eb78aa411a0b1267dce5c528e51dcac8ca9e93b8f5265786

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
a00ebd3cf88d668be6d62a25fa4fb525

SHA1
edb07eafd08991611389293e2be80f8ee98f1e62

SHA256
b44646453584305d4edf8ab5f5d1adea6b9650bd2b75f8486fc275be52b86433

SHA512
d63f0e9f2e079ee06aa3ab96a0bd2d169564896027b731ee2597327bdc55456c5fd0c2d8c7e68165fc80bbc3fe0c24a3388d4c3615f33fc9f9fc0b205ae9ba7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
98340ffd2b1d8affef27d4b1260aeac5

SHA1
b428b39aa814a7038a1ddff9b64b935f51833a26

SHA256
7388a019922e9a0a3d05a8605a5307e3141b39f7d57b7faca5d34e72adfd5fa5

SHA512
6165c5be0360d55403e9dfd4e9df4ff9a12e5fb6057ed9278da09e688751487e46d9dd64949375c00764cbb4355cc13a1ea714055050f2ab7d432977b8443f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
abf9850eb219be4976a94144a9eba057

SHA1
3d8c37588b36296240934b2f63a1b135a52fcee2

SHA256
41c5c577fea3ce13d5beb64ce0920f1061f65bcf39eafa8cd3dfc09ff48bcf76

SHA512
dfaafb43ce7f05b2db35eac10b314fb506c6aada80f6c4327b09ec33c170478ebd0eea19f1c6ca2e4832bfa41f769046deca8f15d54b7966134d166ee6036bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
2b36752a5157359da1c0e646ee9bec45

SHA1
708aeb7e945c9c709109cea359cb31bd7ac64889

SHA256
3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc

SHA512
fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
567ff20a8d330cbb3278d3360c8d56f5

SHA1
cdf0cfc650da3a1b57dc3ef982a317d37ffb974d

SHA256
47dfbe1ecc8abc002bd52dcd5281ed7378d457789be4cb1e9bee369150d7f5c8

SHA512
1643e900f13509f0ef9c7b7f8f2401fb3b6f2c0c39b512c623615df92b1e69df042ef1a0c6aace82173ce5d4d3c672c1636d6ee05545ce5c3b7374ab745e0e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
a8b967b65232ecce7261eaecf39e7d6d

SHA1
df0792b29c19d46a93291c88a497151a0ba4366d

SHA256
8fcc9a97a8ad3be9a8d0ce6bb502284dd145ebbe587b42cdeaa4262279517c1d

SHA512
b8116208eb646ec1c103f78c768c848eb9d8d7202ebdab4acb58686e6f0706f0d6aaa884e11065d7ece63ebbd452f35b1422bd79e6eb2405fb1892758195ccbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\base_library.zip

Filesize
1.3MB

MD5
44db87e9a433afe94098d3073d1c86d7

SHA1
24cc76d6553563f4d739c9e91a541482f4f83e05

SHA256
2b8b36bd4b1b0ee0599e5d519a91d35d70f03cc09270921630168a386b60ac71

SHA512
55bc2961c0bca42ef6fb4732ec25ef7d7d2ec47c7fb96d8819dd2daa32d990000b326808ae4a03143d6ff2144416e218395cccf8edaa774783234ec7501db611

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\python312.dll

Filesize
5.4MB

MD5
fb0edf91b4a8796b8827dccce7a6e721

SHA1
8b33935517414875650f94443176f3b49c9940a5

SHA256
2cd987b4a058a01b4849fed255869418a996c0e11c1a73c29eaa4a34da647655

SHA512
defb906ba1aec4b327fbb4aa10272adb3e5e13c72e41a30fb391b64c217ad0fc96371228ea83f015b4f18148faffb59de3813779b090ebdd7842e0ede7482faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\ucrtbase.dll

Filesize
877KB

MD5
b2cc4e5f0afd49f38f1478f5c2752fd0

SHA1
4879fc267e6aef5cfabae7e30de1e0c885251013

SHA256
2b5dca304aa2d42255fc3b9ef166e509bc3ec2fd1c7dc0d01a41d60a857c6951

SHA512
c9db63edc2db55d46a909d7dc0f84c76b5f93ff09e014448dec364320f5540312bb44bb5526147c7456e8e7fcb8e1514ece7175864ec2de0bb0fdea00d1975ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29562\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads