2c1b4fd41ff83c3062719f91ae4ad77c5b61f72f4ac4f85d29a9ee34f7d150fe

Analysis

max time kernel
79s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OV.exe
Size

21.3MB
MD5

bbf6d8387a8dc483ef150d9f1d949135
SHA1

f7fd6715223472b74367091ba82a01592ae6aaa1
SHA256

2c1b4fd41ff83c3062719f91ae4ad77c5b61f72f4ac4f85d29a9ee34f7d150fe
SHA512

f27a887ec8ae415abb87f3f797571ab2640855ae82b93bc2cf8541e0c61bfe50236038be396ed3e2ae057b375de6dab1fb7d3c19f824c34b055a16299c0820b7
SSDEEP

393216:QzQtsfh5mKmr2pu0tTkQETS8vJQn+9PWkA75umhTdbgDqxMwsQkd:QzQtsfXmKmr2puIYQEW8hQ+ZWl9Jb0wS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\decompiled_C:\Users\Admin\Desktop\UndoPop..lua.lua	OV.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
740	OV.exe
740	OV.exe
740	OV.exe
740	OV.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	740	OV.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 740	4776	OV.exe	93
PID 4776 wrote to memory of 740	4776	OV.exe	93
PID 740 wrote to memory of 896	740	OV.exe	94
PID 740 wrote to memory of 896	740	OV.exe	94
PID 740 wrote to memory of 5028	740	OV.exe	100
PID 740 wrote to memory of 5028	740	OV.exe	100

C:\Users\Admin\AppData\Local\Temp\OV.exe
"C:\Users\Admin\AppData\Local\Temp\OV.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Users\Admin\AppData\Local\Temp\OV.exe
  "C:\Users\Admin\AppData\Local\Temp\OV.exe"
  2⤵
  - Loads dropped DLL
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47762\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_asyncio.pyd

Filesize
63KB

MD5
79f71c92c850b2d0f5e39128a59054f1

SHA1
a773e62fa5df1373f08feaa1fb8fa1b6d5246252

SHA256
0237739399db629fdd94de209f19ac3c8cd74d48bebe40ad8ea6ac7556a51980

SHA512
3fdef4c04e7d89d923182e3e48d4f3d866204e878abcaacff657256f054aeafafdd352b5a55ea3864a090d01169ec67b52c7f944e02247592417d78532cc5171

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_hashlib.pyd

Filesize
63KB

MD5
4255c44dc64f11f32c961bf275aab3a2

SHA1
c1631b2821a7e8a1783ecfe9a14db453be54c30a

SHA256
e557873d5ad59fd6bd29d0f801ad0651dbb8d9ac21545defe508089e92a15e29

SHA512
7d3a306755a123b246f31994cd812e7922943cdbbc9db5a6e4d3372ea434a635ffd3945b5d2046de669e7983ef2845bd007a441d09cfe05cf346523c12bdad52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_lzma.pyd

Filesize
70KB

MD5
7cd29f9b09e5c50e6ae914d143c00823

SHA1
80e57a6da417dfce6e54e1885f0adeb786c35b87

SHA256
11873b0266bb2922ec44582dfb0e2ed5bc09230dbb27b4ad8123bbddcab274d5

SHA512
71c9c12f06075a7f104d8f79d8ea5b1512e49213abaff28cc5dba1e960693cf873c07c69836f419d83801c0956d24d3cb07a12b0648b1bb93f5d452e8a03fbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_lzma.pyd

Filesize
91KB

MD5
fa18dcab8d52b0a34b0f84a467255afb

SHA1
e8f276c3a149c04ff1572bee88fbb1c4602b23c9

SHA256
7087cd3fef111ff07ce2a194a53618e876f06474bf436566dc8736d5260873a9

SHA512
723aa78e72db43530863ee4f3d2daf34feb4084db25aa2e74e5afcf7c40fddf9086bdc299b7a573da007104afb9047457d1acf1869b4f34f914c9f446af0b47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_overlapped.pyd

Filesize
49KB

MD5
e5aceaf21e82253e300c0b78793887a8

SHA1
c58f78fbbe8713cb00ccdfeb1d8d7359f58ebfde

SHA256
d950342686c959056ff43c9e5127554760fa20669d97166927dd6aae5494e02a

SHA512
517c29928d6623cf3b2bcdcd68551070d2894874893c0d115a0172d749b6fe102af6261c0fd1b65664f742fa96abbce2f8111a72e1a3c2f574b58b909205937f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_socket.pyd

Filesize
62KB

MD5
e37ea57b89798cc5b5ddda788d984375

SHA1
fbdc7ec604f4c8964f21ab459c678ca3c960a249

SHA256
9dc05b4021d6afd7fb0ee64c25cc99e83e3a033b1af9eca1a0bc0da96473d00f

SHA512
883064c877658bd00d207d7f710fa060cf38d9ecd5801b4412d598b1fd1d9f0026c016871a309402caf5f19ac8f2c7338582f65ce8211021fd2538726cc10a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_socket.pyd

Filesize
67KB

MD5
a2ef3df01f13191e8c385784139d1b90

SHA1
d7673346e1494b289dbc629364eba2de1347156a

SHA256
d7c9ab33c77bb4a77fe0c8155e78625b764b0cdc907bfd2f752ecbd6691ab486

SHA512
bf853c3894cf9af02af304866b0a247640bf4fb3f1b2f62c0d8d099a01f58ab0e3ac4160304983f2256a57f5ae6dca6fd4f4b8f60e66e72792948649998fffe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_sqlite3.pyd

Filesize
117KB

MD5
d7b9ed5f37519b68750ecb5defb8e957

SHA1
661cf73707e02d2837f914adc149b61a120dda7d

SHA256
2ce63e16df518ae178de0940505ff1b11da97a5b175fe2a0d355b2ee351c55fd

SHA512
f04708c28feb54f355d977e462245b183a0b50f4db6926c767e8f1499e83e910b05a3023b84d398fb5dd87743fe6146dbbc3e1caaed5351c27396f16746c6d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_ssl.pyd

Filesize
157KB

MD5
208b0108172e59542260934a2e7cfa85

SHA1
1d7ffb1b1754b97448eb41e686c0c79194d2ab3a

SHA256
5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69

SHA512
41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\_uuid.pyd

Filesize
24KB

MD5
46e9d7b5d9668c9db5caa48782ca71ba

SHA1
6bbc83a542053991b57f431dd377940418848131

SHA256
f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735

SHA512
c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\base_library.zip

Filesize
1.4MB

MD5
cbe4512cbc48769b9459b754566c4625

SHA1
d34aaf5fd9c59d856f82360614a5b40dffed0547

SHA256
6794a117b564cd34c7ab40461bd27a60cd699f13a90eb0a3abdf43bd5d18e201

SHA512
3804365de6271977c718dcc471410f4bafb9e461745e5a714f4ad59c76313aed3de2553b6a5dd328f1bec5a46529515e57b4e3fcb506b64d3c25d74fed80cd0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\libcrypto-1_1.dll

Filesize
1.3MB

MD5
8ff5238d16a54466925c4e79dfc09818

SHA1
0b67c1017205ace4c03d2f367beaf84b9aa85078

SHA256
eedb794bda68b5d17ed9e5e8c50d48da70c4d44b5ed7c68d97c83a8cb703c53d

SHA512
ef84c1092a91c94603a3c3d6e6a3482aad2b9e2b8a73493cb3c04eee61fe16b60916f800feb1345cded18af74cc09e94c9c94f0b17b127ebf25b4c124393e606

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\libcrypto-1_1.dll

Filesize
1.2MB

MD5
7bcb0f51b649f6b618dade41e7b7a9d4

SHA1
30bbac9ba6f63317513fab57b78fe9ad5cb089cb

SHA256
71b3d1f9fe38a748afbbe3060a7c469d2dfc435f4e30c2e564ce5ef127c8c9eb

SHA512
9776135f5b1b19b7712336622d892d465ac2d5c1c94771f1bf18e86383556323c51b73a7238ba2f1d1dc129d0b722015eea446805ee56444834993d9a924c948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\libcrypto-1_1.dll

Filesize
768KB

MD5
8d8e603970de9350567826b5d36643a7

SHA1
2c4f8d4b0c677d39b31286dc550851d9c32b82c9

SHA256
594a071e65c271c537f52768ba01dd1305f86a25609cf7c7772dfe14416e4125

SHA512
dff6abc0d18170905c1d8bb48e18a5d27003a41faf49133d3f5cbabc337e9650e25c2892142e89f791fe3fab66acaebdd843412d5a208adf64c0b5569b7a3105

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\libssl-1_1.dll

Filesize
688KB

MD5
25bde25d332383d1228b2e66a4cb9f3e

SHA1
cd5b9c3dd6aab470d445e3956708a324e93a9160

SHA256
c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13

SHA512
ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\python3.dll

Filesize
65KB

MD5
b711598fc3ed0fe4cf2c7f3e0877979e

SHA1
299c799e5d697834aa2447d8a313588ab5c5e433

SHA256
520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a

SHA512
b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\python311.dll

Filesize
843KB

MD5
9abe38fcf4cb73d7a766e121ea462c91

SHA1
45f24ceda4a30fbaa29b783558ce82eb274eba3c

SHA256
f62e86eaadddd8aa9233d19f0dac2650019211b2a1cb53063180f73eb1f8cdad

SHA512
9ed8409b7447ea0a894033ad48151b4543c68dd488448797b09e20f8f1ed7b6b47d8e4e609f642e8aeb1a5dcfa15d693f85a349025aaef5d57b4dd7bcc0d3a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\python311.dll

Filesize
2.1MB

MD5
4b865609933eb0b5fdf2f538f02e3be1

SHA1
5cf219ef6a4cc7573f0c8e908d47908079d07a4e

SHA256
ef72d92346469c054333717ae56f409bb16f8e3fd7dce1d9b05c0938975936b4

SHA512
0997b0f9595c28aa9e0b941e22a4b32d986fce2c4e5f70e7f37db8d9b6eae8617e760e7be2f919a08bb3733278bd6f9bd3d24ed3a9ff5c6d7ffebbfb97272f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\sqlite3.dll

Filesize
397KB

MD5
af5d0814239d2045d0dbc7cfafeab118

SHA1
751db057a526d241427d5edea30ecd8519412904

SHA256
720c778edb809d8a0bf79d7aefe3dfcf8e4dec82f45218cf5df0f225a10933f6

SHA512
baf7cd99fecfb98c9f0c0c4c16ff6cc99a74c92414a3f0c33787fe655bc3e50142fcc2a21b9533e31f2c1bcff53be9b8d9abd32e27dbdc821054a8c66be2d938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\sqlite3.dll

Filesize
156KB

MD5
721db61d72b0b254dace295932f3dc31

SHA1
bcc71b5d369c9130187c01ea47b8e32c39df401f

SHA256
4b95f403f3e288f9cc3ba03115be63adbf282ab0b069ac154c518a458e515274

SHA512
73a6e3e3ac47c638f997141fefc8ed2c7669bd1e368d09345ed173a5999aaf1dbba2b2100c3aeb59c669706055d3ea6fad5aba4df73164c66a7a6c3db9298a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\ucrtbase.dll

Filesize
987KB

MD5
0a5632da3e5d51ac53c58f965be121ca

SHA1
b585d2b902214c45ad8072a9126c0d464d1da4ad

SHA256
9f627acf1839cdf1b503080ea98f4da3e2e273cad7e6f07c7f64c3fd3a2563c5

SHA512
c9991e18fd4685bb327b59d1fd5aa18973f10b67a01eafc3ffef72988caf6e5f07a5f4c56c9d485a3b733142152cbcc8dbf43122112f952f525cda57a8a56b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47762\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit