de6abf3d928ec8984c880c3420021499e404f02fa45299a2f2d4bb6992f19a9e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

@123PUnrealcc.exe
Size

6.4MB
MD5

dbf4dcd4ff9447151480feb5345b19d5
SHA1

d42a9518b8ed631bebc32b740210e24461bc4512
SHA256

de6abf3d928ec8984c880c3420021499e404f02fa45299a2f2d4bb6992f19a9e
SHA512

16485261d120529455145b9c6c297a7d0c172b8c4cd25508a02112a7dfafa7d0be2d0a1706dc48ee162e288ae8784f7596957c2fadfeeb41d8558cad3306a8a9
SSDEEP

98304:+eP2gj7e3iNK72rP3yqfzH7iOSYF5McwoPllMWHuMXkTZONq0d6NlPf9/iPUA+5d:4ikmZHtaoP1HdXfZ8bntiAWfl0

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe
2712	@123PUnrealcc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\AppData\\Local\\Temp\\@123PUnrealcc.exe"	reg.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2904	reg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2712	@123PUnrealcc.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2712	2208	@123PUnrealcc.exe	28
PID 2208 wrote to memory of 2712	2208	@123PUnrealcc.exe	28
PID 2208 wrote to memory of 2712	2208	@123PUnrealcc.exe	28
PID 2208 wrote to memory of 2712	2208	@123PUnrealcc.exe	28
PID 2712 wrote to memory of 2828	2712	@123PUnrealcc.exe	31
PID 2712 wrote to memory of 2828	2712	@123PUnrealcc.exe	31
PID 2712 wrote to memory of 2828	2712	@123PUnrealcc.exe	31
PID 2712 wrote to memory of 2828	2712	@123PUnrealcc.exe	31
PID 2828 wrote to memory of 2904	2828	cmd.exe	33
PID 2828 wrote to memory of 2904	2828	cmd.exe	33
PID 2828 wrote to memory of 2904	2828	cmd.exe	33
PID 2828 wrote to memory of 2904	2828	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe
"C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe
  "C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Microsoft /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\@123PUnrealcc.exe"
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22082\VCRUNTIME140.dll

Filesize
81KB

MD5
aeab74db6bc6c914997f1a8a9ff013ec

SHA1
6b717f23227d158d6aa566498c438b8f305a29b5

SHA256
18ccb2dd8af853f4e6221bb5513e3154ef67ae61cee6ec319a8a97615987dc4b

SHA512
a2832b7720599361e2537f79a2597acb1a2d5633fdfe20a0d1075e9457683fdb1d5676d121c0bf1a825ff99512dcd924254f1151b50aae922acc0cc10f461036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\_bz2.pyd

Filesize
76KB

MD5
1c52ba084a3723940c0778ab5186893a

SHA1
5150a800f217562490e25dd74d9eead992e10b2d

SHA256
cb008e0a6c65ddb5f20ab96e65285dee874468df203faeafca5e9b4a9f2918dc

SHA512
b397508607a1c7ccef88c6a941398f78ba4f97cf8a32f40764673db34c20eea61364148260d87014348613eb07e959a043b505702437e33927249899bf4522b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\_ctypes.pyd

Filesize
102KB

MD5
10861d3fa19d7dc3b41eb6f837340782

SHA1
b258d223b444ab994ec2fec95acaa9f82dc3938c

SHA256
6255bab0b7f3e2209a9c8b89a3e1ec1bbc7a29849a18e70c0cf582a63c90bed1

SHA512
ec83134c9bce9cedeee8ebdb8e382fb7f944a7bc9d3bb47c7e3144ef2ef95114a36ac1cc8c0d52f434ee4c359d938a2d7c035e699c4407df728e200de7da4af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\_lzma.pyd

Filesize
143KB

MD5
f91a9f1f2efee2f5dbae42ea5d5d7153

SHA1
2575cc77b51cb080fceed9810a9f4b2903ae1384

SHA256
1f82bb06c79b6b392c92cad87ffa736377fa25cd6d10da8d61441d42c0d0101e

SHA512
df1dfb8c8cee3496a60eeeb6f0d3fe48e1de8af5d04667f9a3124b769e8edd886cc46e6e4d4b277ee5d30f9f70f6f8c755097ddd996573a6817a5bb335de919f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\_socket.pyd

Filesize
64KB

MD5
b3af79bbfd7d5c5285660819792a3a9c

SHA1
1fa470b280ab5751889eaa7bdb7ba37ff1270a06

SHA256
eb6132b253c40d7c3e00b2bbb392a1573075f8bbc0b2d59e2b077d2cfe8b028c

SHA512
dac7da4cd493c0753d477da222c9b1e8c2486a4b6587c7cea45661192f2d51316b6e6f3951ffbbcb83952e51ab61cc79326beacb3d5e8637d13f2831e093f124

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\_ssl.pyd

Filesize
98KB

MD5
2825bae93cd459d835b74892c9bd80db

SHA1
c7ab0c88489e5eb8e920ebc9871c969768bd4739

SHA256
af4379fdc8bd41f7a8a4b509de949202ccdb5e4825797d7a5dddd5e77671382c

SHA512
fe5d9c3ff4469647afd20ffa43ebfdada0516576117c51d03eb8960a81516425fd110e2f6978cf98d279e3912c2a9c1d42c4c39900e183b1f08c2272eceb00b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\libcrypto-1_1.dll

Filesize
2.1MB

MD5
aad424a6a0ae6d6e7d4c50a1d96a17fc

SHA1
4336017ae32a48315afe1b10ff14d6159c7923bc

SHA256
3a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377

SHA512
aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\libssl-1_1.dll

Filesize
525KB

MD5
697766aba55f44bbd896cbd091a72b55

SHA1
d36492be46ea63ce784e4c1b0103ba21214a76fb

SHA256
44a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b

SHA512
206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\python37.dll

Filesize
3.3MB

MD5
465089eaced8159ec533e4a37033e227

SHA1
074596adae6f53f33b8297f02e21f6a6f7ac6ff1

SHA256
2b29ae140cb9f08af872acf9e17f785ef99398ef3367549b55242bc064d6ae40

SHA512
55eca0922074162c22fff2b4f97bd2972540fa893b9b02b7d9bfa26345186dbbdaf1fbc37a9eba6366743d0d42fb5bb88e708877dfd57cb02ca4d3a6953cfb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22082\select.pyd

Filesize
23KB

MD5
d3bf89184b94a4120f4f19f5bcd128d6

SHA1
c7f22bb0b957bd7103cf32f8958cfd2145eaa5b8

SHA256
568efdc33f1fcc1af1d030c75fccedc2d9b1fcbf49c239726e2cf49d47add902

SHA512
1da8ebf323d170c5e9f6bfbb738e60119ccc690a08234dd23f2d9c1a33519fd4ad154805b012cca3dc7565bee672d334ca877afe2b5211e2122dd6e1ce337971

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22082\_hashlib.pyd

Filesize
31KB

MD5
4f51ed287bbae386090a9bcc3531b2b8

SHA1
26bd991ae8c86b6535bb618c2d20069f6d98e446

SHA256
5b6da4b43c258b459159c4fbc7ad3521b387c377c058fe77ad74ba000606d72e

SHA512
2eb2ccd8e9c333b5179cf8f9fd8520cb3d025e23a10dca3922e28521cfb9a38f9dd95f5d4f2784643eed08925d9008e5238ff9f93bdd39ee55414131186edff8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads