7bc3a4a8f32c4edb66cf173c772c837530b6b34c4337a0de2d188c60c06c2411

Analysis

max time kernel
134s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 01:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6682ecd0875ba6c538b25de38b512353.exe
Size

16.6MB
MD5

6682ecd0875ba6c538b25de38b512353
SHA1

8c565d83bca9c8883259e2c86e12aaed9da78d5f
SHA256

7bc3a4a8f32c4edb66cf173c772c837530b6b34c4337a0de2d188c60c06c2411
SHA512

fa772622176fc7dba48fa837051139fdef4b0890782d170d86b96c74419a6fd099f3283213eb01dc8a4b85b788a32ddf92331a1912d7cc5f9ee6125a4109c51d
SSDEEP

393216:VlCghQnZxlHOFGCED0lh2p2ZkieRiEFrJQ/vjlc9CzMUk:V1qBHCEDaQp2ZkxRinvj8Cnk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 56 IoCs

pid	Process
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe
2340	6682ecd0875ba6c538b25de38b512353.exe

Looks up external IP address via web service 11 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
45	ipapi.co
36	ipapi.co
41	ipapi.co
42	ipapi.co
43	ipapi.co
44	ipapi.co
22	api.ipify.org
26	api.ipify.org
32	ipapi.co
34	ipapi.co
46	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2340	6682ecd0875ba6c538b25de38b512353.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 2340	1532	6682ecd0875ba6c538b25de38b512353.exe	35
PID 1532 wrote to memory of 2340	1532	6682ecd0875ba6c538b25de38b512353.exe	35

C:\Users\Admin\AppData\Local\Temp\6682ecd0875ba6c538b25de38b512353.exe
"C:\Users\Admin\AppData\Local\Temp\6682ecd0875ba6c538b25de38b512353.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Users\Admin\AppData\Local\Temp\6682ecd0875ba6c538b25de38b512353.exe
  "C:\Users\Admin\AppData\Local\Temp\6682ecd0875ba6c538b25de38b512353.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15322\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_bz2.pyd

Filesize
84KB

MD5
e91b4f8e1592da26bacaceb542a220a8

SHA1
5459d4c2147fa6db75211c3ec6166b869738bd38

SHA256
20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

SHA512
cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_bz2.pyd

Filesize
67KB

MD5
ea7081b7f5cf1a7d5b8e1c99b28ec4dd

SHA1
278ff8d13bf5217b3e06c72d522e4977f8a2ca54

SHA256
5960c4a2fbfdad30964b080bb0c7902e9a696e4301254c33de5bef74bc5325c4

SHA512
a80fa498b9c90772356b7a732687c2f228543bb2c82a5ec1b4717c94843310d84a567b3d2152fb7a617862b3201843365a1db238f70fdeaac6caf25bcf85b2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_ctypes.pyd

Filesize
124KB

MD5
6fe3827e6704443e588c2701568b5f89

SHA1
ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

SHA256
73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

SHA512
be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_hashlib.pyd

Filesize
8KB

MD5
3adc7e6a66d0c3c5eef3d6b75f8faa98

SHA1
21f156e1fdfbb9a02491aab206b7b4cbc1debb4a

SHA256
e837d401b29301a14faf559f894992c0fdd71bff301e2dd7933002a19e456848

SHA512
c6dbf19a5d63a8f67640141d211cccb6ca5caef61bd13943ff851d061fadf5f356cb142214524f045eb6b1cf4cf3de19bdfc94cf60631fa27307e423e42873aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_hashlib.pyd

Filesize
3KB

MD5
c07764cdd4ad5740f19b53e0deddf5e6

SHA1
7a7ef0bf81d4485fcb27016e7176a106998686b8

SHA256
90268a2569308bda8049c34e9afdad9a6c52d46fb3a497e8aa3044e6b6c671f9

SHA512
0596c6db08e88e885e255b158f33c0b6a087a3a2ac7288d94a1d11f0de564a23d56644206395dc6c1682b65bc31c403e66fc9af543cfeae46b4c526c734fd3ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_lzma.pyd

Filesize
92KB

MD5
5afee6d91629dbb434b1c87fdfe47056

SHA1
e44960fb97d65863183b0b29fb09a5c668b1eddd

SHA256
b33b087ae99e83de7b9a3ba210af0bac3980d3827b9e895640ee33b3104020ff

SHA512
8abddbcb2e06e8f33d40b0b60c27458ae9c7601bd838f575b818b04fc55e565262e5c98b6f760d70102a4c179baa91c42c8405fd08ec00897c98a3a16b3fd81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_socket.pyd

Filesize
32KB

MD5
8d47c78129f90dba8e2c8c6eddd14430

SHA1
fcbf83861d94b3519005fc254516d82b136ea819

SHA256
3377455841f084908c4ff69b13971a351ab745911d56f14cd206da6283f1eab9

SHA512
cae11bc4f24a0c67e8450d541afa02d719ef78fd3c8c869e70b3aff070461eab73ca7647a1d1bcc8a9076bd4df52c15189fdd644dfc6e0c943b447352447070f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_socket.pyd

Filesize
78KB

MD5
fd1cfe0f0023c5780247f11d8d2802c9

SHA1
5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

SHA256
258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

SHA512
b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_ssl.pyd

Filesize
96KB

MD5
593dc62f917248484267c696b16d3188

SHA1
9132234d64ae5eeafae0b990554cf7bff32f4e2c

SHA256
3ff80c79329b59f113b9794968b4e36ad8fb395cb73bf349764e2735fdd5830c

SHA512
b1150ada824cc1f14ca14f9aee91e54ed6c86b69538fffda741d759ea413ac340592b7abbaf995c53d466a2b617b9c67dfa56823d76d4dc2d8b3389630aab819

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\base_library.zip

Filesize
92KB

MD5
8f8af384f2b1b246bb37149b0786228f

SHA1
78557f50347d52e975e1945a079f052ad07b38cc

SHA256
3a10482bb43954e19f7284795e6d83037dfd7ea03796593039aa525e65544ae8

SHA512
cae90708ae4bd33308a2397217d4269b638822872c67728595ef797ad83b681276749310f9726b31634dc46bd4e1dc527f2c5cb173379b18ba2da6160e2a5ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\keyring-23.0.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libcrypto-1_1.dll

Filesize
139KB

MD5
f65a5980613516cb7e4e8f7affe77452

SHA1
5c514ed9f0187d8cc6c0d3ed2c4a1176d0130c9c

SHA256
beca468802c5417549f7d6ef370f4afd7add6d1790bc244a26de017f51ef190c

SHA512
090ba4e1c001eb68ff068c70699b42e58870bbae43bf48c9cf7bf6b75c1d697ac465ea5c300e07a79b061413f847fa37d19313aa9f8be8c4cca1f4b72842634d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libcrypto-1_1.dll

Filesize
92KB

MD5
e23fdc4ad88ef08fee8cac1f0ebb5082

SHA1
d603c31be0973bada95482184071b1ebacad413c

SHA256
3ee5e47e0441febcab361a79a1f2b8be73b401c989f5119854e3b99da9910fe1

SHA512
235e5d9d5f2c4f819471299ef622554b5487977c693073c7aa61eaaf8b6f289f28c1f890b6d755f756630e3c9b1c9e3a5d5b6106ccf142ed462fe67de21ba2d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libcrypto-1_1.dll

Filesize
36KB

MD5
2fbd095bbe058b920430fd3ec35d834c

SHA1
1d994ac3efa0fe9b5be10e1bdc18502020c095b2

SHA256
07a665919f9a052cb757309fb888ce9c3f7190d565ee9520eae32b1983b73165

SHA512
75724d885e42aafba2f105cafca1fd08673e8369202b8e884e6beb502ad5e3d2e8c4d299d9207dfdd160a7725c0d42246014e2f3bff4a795881c610234142630

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libssl-1_1.dll

Filesize
95KB

MD5
8efd9f11d5bbe70a7e29799ec768ef13

SHA1
2aec2486a516142bba2638d301c0219232d0a51e

SHA256
0e8e4829b2de31a763ef386ef6a406e7e20c3ac31315b37b373cb111b7715ee6

SHA512
43cc005ceaec2690a7c54fd8e0c67a084ac4658a4a493589285065464461771a4b9a1afbd93736be51aff218402a812bab560d48d474d401cb5d4872ce269956

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libssl-1_1.dll

Filesize
382KB

MD5
6ed2511add2e15340553bd3ca0ef46a6

SHA1
81e18f5925b7e592e277c68542c828affeb329f5

SHA256
853d9b5730020e9bffca1c6e42421064dbf29498a79221cd011740b381c4be3d

SHA512
f0bb00469c483436b6ecc3486f7ba6c4c9dc60c25e954bc989fb0bef687a00d123a5404e2cc22762772cdc14e4d6765b130720d5dcb682893a3d10af2f9db97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\psutil\_psutil_windows.cp39-win_amd64.pyd

Filesize
74KB

MD5
789827bcbae298d8d3223f33228b26af

SHA1
29de4ad19963292504414196dd3e353084a0e864

SHA256
f79f6732ea5a3675312ef4b9506bed8e15aa2d9c722d30d0c96274675aa9dc68

SHA512
e4d53c2a31b046862accc33ca1fb3327df10fa92e79556d16ca5dccc132bb0812df9454196554c848644c312c58faa07558382a58b53cf8889e61684cfe14885

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\psutil\_psutil_windows.cp39-win_amd64.pyd

Filesize
11KB

MD5
38e7a3f1768c1ad42a8d18843d9fe8a3

SHA1
bd39e82bc5f441f8c330fd33e3c8af6337c03d15

SHA256
4f6fc70478e4b70cb424e7f6b55d3917b3984e6d5529917e25e45d82d412ef98

SHA512
7f27cc6a40831be9f7392f92dee077111eab32e06c829ea84507be8aacb6c6ca8bd9064543bc7afedfcfa3799646263357200530dda1c98a4c2ab38920f175c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\pyexpat.pyd

Filesize
187KB

MD5
96d55e550eb6f991783ece2bca53583d

SHA1
7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e

SHA256
f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e

SHA512
254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\python3.dll

Filesize
58KB

MD5
e438f5470c5c1cb5ddbe02b59e13ad2c

SHA1
ec58741bf0be7f97525f4b867869a3b536e68589

SHA256
1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

SHA512
bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\python39.dll

Filesize
434KB

MD5
5f6dad967bcf7654be98e004aa3ffd98

SHA1
dd0f456ee642f30d737a4630d806c3b1d60a74c8

SHA256
43787b4c56015ec447646e96c55fec4984f8744e5602d0f39e5f571171a5ff65

SHA512
6d0f646f9f7edb7e40ff497c793abbcca8034d4c0f6e2c23a2babc0f67dead415b647a3b01630b3a7363192fb59acb23f5af044550e1bdf9fa03f3d8e79bdd38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\pythoncom39.dll

Filesize
364KB

MD5
433eddee7a262432675c9cba557e5051

SHA1
89d1c3a84817784d7458c1683aa27cc3aa63c7e8

SHA256
d1c5d6bb02dea3acd3bb0ff323f58d3bcdcb6e5c06a4cb73b8cba63dbb7e8317

SHA512
68e65c81a3779289864fdb7e88832e07b0de6923c6ae537d12c949a72f3c98cdcc476e10e2f9979a8f9c81e9f5df1e49654290d8eaa3496a71f34363bfee3c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\pywintypes39.dll

Filesize
139KB

MD5
d658ffb571a541e9e21a6b859a67e112

SHA1
d9e7f54eb92ce32ff4d02fedd5c9b738dabbfbdb

SHA256
0cc26e2acaa1933647f885b47ac6da6625be7a4cd93fae220fb172906ff22091

SHA512
0040b19841d2d19ab5506cefc3186813cc92f57144b7b3f0bfec45638eebc053ddb8a40f2843cafe5d0ae5c6dc7f5db646a6441d34e02d749eb9563edbe5c7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\select.pyd

Filesize
28KB

MD5
0e3cf5d792a3f543be8bbc186b97a27a

SHA1
50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

SHA256
c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

SHA512
224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\ucrtbase.dll

Filesize
32KB

MD5
ea15413e2eaf9d471e3601deab2baf63

SHA1
480d7eccbf61004663af4e09e1fb01a23c0cdc2e

SHA256
a51268ee103c068c780757ea589ef93c25d99888e7f78b35c01ce792b5594001

SHA512
cf66220df2ad61afae49391b38a259d12a3a771f7db620d34a498f228e7d676d8fa2bfc29cf659d46c7741a0908b7f59c5c760ae2b46112ec73f36a34cbb5c83

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\ucrtbase.dll

Filesize
451KB

MD5
b07292916340de60282b199f486478b7

SHA1
ae0d5eff92bd04a77f074fe8724dfb129c09ae32

SHA256
109ea78d8fbb1c96299b9045c7c08d6f52aecf31ad30603900afb9815d3b041f

SHA512
e19b18f22bfb3e224b3e637dbb289658e85b2821cda8b6bf87663e1a9acbc153e8a58f284297df8859c354b730f16ad9b248e6fdee94ce593bd2c80fb8086870

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\win32api.pyd

Filesize
131KB

MD5
8ccfec535f312418015bcd067fe32208

SHA1
79aa4bc6d681972afadfa4b2bae230ce06570a56

SHA256
9157829433f0bd8a12b1a1cf2fb90301e20ecf43802eb0ac85525ebcc53d0e30

SHA512
698b3a57338ffa47e2afecf9e8f8f709061e5cb56d82d8e10e48c6d4c8d26d2e0a21f2dcedc599a1b605ee2026dc2af7bd79d9f8b035c5c6fd9bd9fc817673b8

Download Submit