66e8cd483fecac0f1cb9ab74cad35ae7c4993b7621c5afedf55801796d1706fc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fight.exe
Size

7.2MB
MD5

6591fefcbed30d5b1d07004911b42f3e
SHA1

265cb9668a746293dfc4156005d3865728966564
SHA256

66e8cd483fecac0f1cb9ab74cad35ae7c4993b7621c5afedf55801796d1706fc
SHA512

41f908619deddbcd5d4d4708db1e8dace048f1340d542c0c2677aa62fc030e44038a2addacaf8900102bd95aefad95d3435360d056db5a18d7fee82a59f51798
SSDEEP

196608:xSoP1HdXfZ8bnti7tbYPvbJQlHHbTvN8CbpYC:rP1JR8JCkJQlbTjL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe
1576	fight.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	1576	fight.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1576	2072	fight.exe	28
PID 2072 wrote to memory of 1576	2072	fight.exe	28
PID 2072 wrote to memory of 1576	2072	fight.exe	28
PID 2072 wrote to memory of 1576	2072	fight.exe	28

C:\Users\Admin\AppData\Local\Temp\fight.exe
"C:\Users\Admin\AppData\Local\Temp\fight.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\fight.exe
  "C:\Users\Admin\AppData\Local\Temp\fight.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20722\_ctypes.pyd

Filesize
102KB

MD5
10861d3fa19d7dc3b41eb6f837340782

SHA1
b258d223b444ab994ec2fec95acaa9f82dc3938c

SHA256
6255bab0b7f3e2209a9c8b89a3e1ec1bbc7a29849a18e70c0cf582a63c90bed1

SHA512
ec83134c9bce9cedeee8ebdb8e382fb7f944a7bc9d3bb47c7e3144ef2ef95114a36ac1cc8c0d52f434ee4c359d938a2d7c035e699c4407df728e200de7da4af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_hashlib.pyd

Filesize
31KB

MD5
4f51ed287bbae386090a9bcc3531b2b8

SHA1
26bd991ae8c86b6535bb618c2d20069f6d98e446

SHA256
5b6da4b43c258b459159c4fbc7ad3521b387c377c058fe77ad74ba000606d72e

SHA512
2eb2ccd8e9c333b5179cf8f9fd8520cb3d025e23a10dca3922e28521cfb9a38f9dd95f5d4f2784643eed08925d9008e5238ff9f93bdd39ee55414131186edff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\python37.dll

Filesize
1.2MB

MD5
4721eb4232baf13a1965b119338f7dab

SHA1
f2e53575b9718bc78974dc3b9cf48bb66ac46ae2

SHA256
6efa1dd84aafb0529935b478acac21695597bc1f4887058afef2355513aeb450

SHA512
df2337f8d9a882732e0f91f438b03bd20c0e4587205ebd2309457309a4876b0a5600465807c0aa04cc0713e27214d5ed842563f755fe8d1ea57b5a5a69d39a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\VCRUNTIME140.dll

Filesize
81KB

MD5
aeab74db6bc6c914997f1a8a9ff013ec

SHA1
6b717f23227d158d6aa566498c438b8f305a29b5

SHA256
18ccb2dd8af853f4e6221bb5513e3154ef67ae61cee6ec319a8a97615987dc4b

SHA512
a2832b7720599361e2537f79a2597acb1a2d5633fdfe20a0d1075e9457683fdb1d5676d121c0bf1a825ff99512dcd924254f1151b50aae922acc0cc10f461036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\_ctypes.pyd

Filesize
4KB

MD5
8991adf1ae8482c6f3c86db1b3f7008b

SHA1
4e4669f387a4e9ef18f0c3f549131b95283bb6bd

SHA256
471547ab92777645efe0d396a8b741618c5b2a08aab6756e1a064afa234e457f

SHA512
de7dd76987358967678763f4c4c72b68e083b6f1a0e6d2fa7963be1772026e4db1c0c5648b40e3ef2e8444bff3aa7a9af17c99389fd04164779e35af5fb9a619

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\_tkinter.pyd

Filesize
52KB

MD5
d8bef3883f3e58c6257c43b059f652b0

SHA1
50aa092861b518fec5effe3d1d3fd37fdd2ceb9e

SHA256
80bfb1a85f5de28b084dec0a6ff3b89c90fe68979e863ed0c52397c77b6e6a20

SHA512
b7bd89bb112dfc598af346a017662bde854f7a214b8681bd113212fc922069ff5b37238a89c734c0edb994a2a9f3720e346c5fe7b7b174798769ff7412f991bd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\python37.dll

Filesize
1.4MB

MD5
49705ba73e822f923e3ccbd600e98a83

SHA1
62ad66aea00d2eccb45ece77026c2de8b15821c3

SHA256
618fce58e3dbe9d51a4abf6c937b13e8d600bd7c87ca3593cd206ad77762567a

SHA512
7edfe38212803e9bfde3530e7902524c38e2b751f97d40b42bf0463e7a5d150592f1115e2b7a32c3c70be8b2249649e79dfbf7b63bfdb86cc03307bb440bda9e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\tcl86t.dll

Filesize
218KB

MD5
0bd33185cc2d8a94acbc580088d3d34e

SHA1
91db16c8b2e21cd27d9fae8923e9d356adbab4e4

SHA256
d6a01c37d00ae85189441b3ba08345cba33d7e7e39428df6d15ca26b7682871b

SHA512
012c8cff86d24ac017f31a0439f31dd6de9f55fb57867b25e38e96e8728eabdb0f5e38b3e594675821407882b3f7b967a36303b3eb6b56d12cc87cd02e194bad

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20722\tk86t.dll

Filesize
30KB

MD5
62166116248cabed28b465ac95d67ad6

SHA1
486fa79919c6aec76b97cd0a3ecc275032f9a99f

SHA256
93f5bd7c10d968208e7dd4b31dcaf9744f95be898f3229d5b42f162e2658ba80

SHA512
d7b4cebd8645b2813e617706d7b2af8f62e7507468e315682c5b999f4d456116cf35cb8c3f27f02b0ddad151f9b849caa808c1fe34658278e699bea17fbb2544

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads