Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 17:47

General

  • Target

    6febf9009df8b33329a8e746ac27f334.exe

  • Size

    5.7MB

  • MD5

    6febf9009df8b33329a8e746ac27f334

  • SHA1

    a986814ea927d3c6c7e229eed2b22b7b03e139e2

  • SHA256

    ad16e884ae04e09b369bd2febbf1e928a556286909192702c82fd8b573bd461b

  • SHA512

    cf044c5bc1770a497a9fb1fe03ac30d6d10b50c1bc871468250feb8fea9fb80bccbd338c7887a095d9a3c8d04338b514e9111faebcf6ac19ccfec927990f0e69

  • SSDEEP

    98304:5oMJ3z2O5lMrxpOB1v7sHz/M9Aet17bjCma4WLB3w+vsEHgQ4/jDSDWzyeva/FBW:aQjZ5lMNpa1Az/qthCmWLdZHQztva/rS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe
    "C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe
      "C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\windows\SysWOW64\schtasks.exe
        C:\windows\system32\schtasks.exe
        3⤵
          PID:2612

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140.dll

            Filesize

            81KB

            MD5

            a2523ea6950e248cbdf18c9ea1a844f6

            SHA1

            549c8c2a96605f90d79a872be73efb5d40965444

            SHA256

            6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

            SHA512

            2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ctypes.pyd

            Filesize

            93KB

            MD5

            3af3107bb4bbe61cf16075ea8196cfcc

            SHA1

            e87b263dc73047a7f72af74b02d3deefd76c97dd

            SHA256

            5dfe799784ab7fb0727bfed0edf16cc582dbf38eefac16b487874693c707c762

            SHA512

            564895b93154916900b67c6e382ebaf0fe3953dbff9c4b6c99f74691e5f7282e28520a4cdcec5dcb6d199806aa33d7904865159d722c88839883913b9661bcaa

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_hashlib.pyd

            Filesize

            1.1MB

            MD5

            4b513969daebd22c88a6453607a70cc1

            SHA1

            03cba2aaccab6498bdd3fb9e7b7900741d89374f

            SHA256

            f549a7a432ad4dbdcd6343d44550fb7d94fd34881487d420aca6db2704378022

            SHA512

            02f8af9f25479941a9657f06268e00db2026f2d405244964290b0fe97cdf72e0bef0d10cc52e6bcaaf2105849d1ff6f23a14f11275cfe8c4b3d3e03a7857d5c7

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_lzma.pyd

            Filesize

            172KB

            MD5

            41c28d076a29ef39ada6a88c13a20f26

            SHA1

            b679297c4fddf2a083901820b3831e9defeb8868

            SHA256

            6e1beffb1735804a476b247c364c636a6d8205c59fe6817f91d4765f40684d35

            SHA512

            c40a60a6b31d81c7e18cc2dfec62c75e6a00c5336201c40b61df11489ae68e399f8321c6c5bdb21c5e41fa73c5bc6a2b2d43c998ddd3a2730dd2d8db362cfff7

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_socket.pyd

            Filesize

            53KB

            MD5

            7e3a0b776d9f2e541cc229914550f73c

            SHA1

            8a4804554da4fda9b5ee26350892160cb68b3192

            SHA256

            25605e93c25765780296a13b131eeeccc058e85e75396782a431923b8e5986ee

            SHA512

            8f3aa12b83b960c99c43d478fa78dd5319d1cb8095834246e769990e75bd3af22690dc212867bd3a1a358eddd5bb2bf119f9fd8b1a92e689ceb98a77411e24c4

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ssl.pyd

            Filesize

            1.4MB

            MD5

            390f2cfcb0a28c8b40dc765027db860a

            SHA1

            a847084eebb1b4cc5b391654b14cfaa20fba9951

            SHA256

            2a8968976eefa6654ad0180c84827cfdf846fecac371921cb4c1429f7482d202

            SHA512

            48f99918bb0f13d5989406fcc748ea86d4f9053379bef59c81bf48c62ae4563fcccb709f8d00b4b2b29a4f7b7c5c836e9cfec5314ecff7fdf07d98d1701e9c75

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\base_library.zip

            Filesize

            718KB

            MD5

            5014f4d3db24de420a401c0778918e2c

            SHA1

            3a595c6a983a93a7753870252f163dc8a1fc79ca

            SHA256

            22dd03af519c999f114f44049d350e0cc886323a06a79854068adc7e568caae3

            SHA512

            143a689e591f483296e906ce4ac4295ad8476610802515315fc4d8af42dd228c00680ecfa6a08a4cfc2d2d1b9438b64a5ece24345c32c6addb18790579449152

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\psutil._psutil_windows.pyd

            Filesize

            54KB

            MD5

            95e7df8d97acddd70efc26aa1efe0a7c

            SHA1

            1dcbcdde4cf6adc64882086ace539c8b86d313d8

            SHA256

            b2af31f74b0963f45ea5dd5df2948a0713c837776c57c57da4f772da132ed818

            SHA512

            b78e6e1a90c5a36fdc042ee11466e0ee70588e207d31791da17021be16e487dc4d5c44efd1b576206f194b5de14fd5d7e42b813245abedb05f5fdcc55a238b04

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\python36.dll

            Filesize

            3.1MB

            MD5

            56c6b77c9e833643eb8879cba8b25ca4

            SHA1

            42e476ae69ce242ac8568157051ccc5b2690188f

            SHA256

            9829b8779d904e95972e751c1d6e275c07027e642dde03b63f9c62f67daf73d7

            SHA512

            3afe1d94cd2f50d3fd33d65364969a538b9d8401977cdf46a0f5bdf5595ceb80e6ce9e36b7349a664a35afb6d8a4910ac623c1ae86936a4c0794d7fec6ded1e8

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\test_rules.exe.manifest

            Filesize

            1KB

            MD5

            25d73be1f056a07f175030fb2c2cba42

            SHA1

            c7b316ae764192c0caae5d1dbf218024f8a4857b

            SHA256

            d77e1a1da4150ec7670f5d77d718ba4af2bcf6e6cf5c57eebc767c60bb34e135

            SHA512

            27e87160fde48fe973a343b3c629e97d1b391e759fcf09ed4c5d3621939c6ce58cef2e26891b986b7f19cbb8d48b114efcd2db9b0e68fa6567b28d3ccebdbe33

          • C:\Users\Admin\AppData\Local\Temp\_MEI10682\unicodedata.pyd

            Filesize

            868KB

            MD5

            508f09979281f99a61d8a2d2165614dd

            SHA1

            c7f04719b0325c5c2e2de2b9ea9e2db81f8376ee

            SHA256

            fad1cb2d4eb57612461bc6fa75c6ee827d7fbef15a78031ec9ea251312ba0f0e

            SHA512

            8ce9ac7ff375dc820aaadc7ef558da6dd34b66abb7a19095e5aaf43e3717d5b0f03b1d9a3886baa23772a3bf0fa97e4eacccb572bd416ec72e599dba516d1a3d

          • \Users\Admin\AppData\Local\Temp\_MEI10682\_bz2.pyd

            Filesize

            69KB

            MD5

            349b15b78e073cf51e87396264b46458

            SHA1

            feb9d0cc20b039247b7575162f902193998d07d4

            SHA256

            3163faab1d971649e78497200382286cac7b4c9302dd49c2fab8be287466f89b

            SHA512

            7509d19a4566559d1b701db3249d44bd58bfc62585f4251c27bf91bdcab4d6bd20cc46b63a5410370dbe30cc5cab6bca143b9db1325aca2ee98621b1ecee5b81

          • \Users\Admin\AppData\Local\Temp\_MEI10682\select.pyd

            Filesize

            16KB

            MD5

            53180ac77de73a05568cc8f7bf0ccc37

            SHA1

            1ae29bd26716b46a4c441f9454169d6a26d451b1

            SHA256

            11bad8fccaf9cd3c8a1de238a6dad3a4289be1d2e1d97bacf213cd0f3c2b1e75

            SHA512

            0b30ba9478a7d91c1a3d143d997a4d1e1288dd53f4586005b62f9d64a3d0b051d0b1ae8dd8d252dd36ca57e997138927dd7f22a3d43234432927f6156cb1d3cb