Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 17:47

General

  • Target

    6febf9009df8b33329a8e746ac27f334.exe

  • Size

    5.7MB

  • MD5

    6febf9009df8b33329a8e746ac27f334

  • SHA1

    a986814ea927d3c6c7e229eed2b22b7b03e139e2

  • SHA256

    ad16e884ae04e09b369bd2febbf1e928a556286909192702c82fd8b573bd461b

  • SHA512

    cf044c5bc1770a497a9fb1fe03ac30d6d10b50c1bc871468250feb8fea9fb80bccbd338c7887a095d9a3c8d04338b514e9111faebcf6ac19ccfec927990f0e69

  • SSDEEP

    98304:5oMJ3z2O5lMrxpOB1v7sHz/M9Aet17bjCma4WLB3w+vsEHgQ4/jDSDWzyeva/FBW:aQjZ5lMNpa1Az/qthCmWLdZHQztva/rS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe
    "C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe
      "C:\Users\Admin\AppData\Local\Temp\6febf9009df8b33329a8e746ac27f334.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\windows\SysWOW64\schtasks.exe
        C:\windows\system32\schtasks.exe
        3⤵
          PID:2976

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\VCRUNTIME140.dll

            Filesize

            81KB

            MD5

            a2523ea6950e248cbdf18c9ea1a844f6

            SHA1

            549c8c2a96605f90d79a872be73efb5d40965444

            SHA256

            6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

            SHA512

            2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_bz2.pyd

            Filesize

            69KB

            MD5

            349b15b78e073cf51e87396264b46458

            SHA1

            feb9d0cc20b039247b7575162f902193998d07d4

            SHA256

            3163faab1d971649e78497200382286cac7b4c9302dd49c2fab8be287466f89b

            SHA512

            7509d19a4566559d1b701db3249d44bd58bfc62585f4251c27bf91bdcab4d6bd20cc46b63a5410370dbe30cc5cab6bca143b9db1325aca2ee98621b1ecee5b81

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_ctypes.pyd

            Filesize

            93KB

            MD5

            3af3107bb4bbe61cf16075ea8196cfcc

            SHA1

            e87b263dc73047a7f72af74b02d3deefd76c97dd

            SHA256

            5dfe799784ab7fb0727bfed0edf16cc582dbf38eefac16b487874693c707c762

            SHA512

            564895b93154916900b67c6e382ebaf0fe3953dbff9c4b6c99f74691e5f7282e28520a4cdcec5dcb6d199806aa33d7904865159d722c88839883913b9661bcaa

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_hashlib.pyd

            Filesize

            559KB

            MD5

            a68d3b7c5dbb52a63a59fb7464e4cfcc

            SHA1

            ca080a3452bd4bb80437fc6856b9c49d21b9429e

            SHA256

            f87688f17820a0ba7c3a785dac32a110cf81c5a341eb7036f57af4a3b19e70a2

            SHA512

            0c0bf79e56927868956ce731e16f1ff2cfc98775952313139dd78e0877fe4310f7304b64d10691fc6718aa82868623aa18fd45df6e0c54cdf1e313127372d9a0

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_hashlib.pyd

            Filesize

            471KB

            MD5

            e55faaaf0e82fc0e0755ee4633fac2d1

            SHA1

            31f93c6059f446f6ce56c409b2641facd072b75e

            SHA256

            ba6331b07b136b921bd624036f9a69bc7053ac76d7b8953f2bb73d37e9f4f628

            SHA512

            32f40a634301be1351ac5d66a0c32e258c3e0d4351c107ee762406fee9084b1a92216c61aad7bf12af2cc389de51b3fa0f0474b53a3b96b2d64206483bf625f6

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_lzma.pyd

            Filesize

            172KB

            MD5

            41c28d076a29ef39ada6a88c13a20f26

            SHA1

            b679297c4fddf2a083901820b3831e9defeb8868

            SHA256

            6e1beffb1735804a476b247c364c636a6d8205c59fe6817f91d4765f40684d35

            SHA512

            c40a60a6b31d81c7e18cc2dfec62c75e6a00c5336201c40b61df11489ae68e399f8321c6c5bdb21c5e41fa73c5bc6a2b2d43c998ddd3a2730dd2d8db362cfff7

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_socket.pyd

            Filesize

            53KB

            MD5

            7e3a0b776d9f2e541cc229914550f73c

            SHA1

            8a4804554da4fda9b5ee26350892160cb68b3192

            SHA256

            25605e93c25765780296a13b131eeeccc058e85e75396782a431923b8e5986ee

            SHA512

            8f3aa12b83b960c99c43d478fa78dd5319d1cb8095834246e769990e75bd3af22690dc212867bd3a1a358eddd5bb2bf119f9fd8b1a92e689ceb98a77411e24c4

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_ssl.pyd

            Filesize

            261KB

            MD5

            a10957cea5320b03c2f4a710c2e5b63e

            SHA1

            53700a6efa3bd3e8b3598a8d422f742464a87d3b

            SHA256

            0ce7a5de2667fc2678b1ea72551d1b45d27d1dbf16de34b951b7a48e6b4956bf

            SHA512

            c468505017e2033bb2de2d47fd93ac1ff74c76bb4184037f57e882196119907d4a770994980c73cf211e6c9511a26546e987bf72cf596fb20af69878b4239e67

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\_ssl.pyd

            Filesize

            294KB

            MD5

            b4965c2d1addb0058f30a7855a36ce7f

            SHA1

            4e1bc5455efcd2c8fdeeb3d013c0b7148650c168

            SHA256

            aeb2a7b773e3d76d16cb2518580b6056a2f86a21571849dee55e67c32a73ce04

            SHA512

            c67cdf61aa1d9e06172f55a65e894a6afc644cd64d46ce185aa57addc0472d54dfdb42955c4ec916df10171c02d2a35f3a74174a89a4be487981c8b4e659af9e

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\base_library.zip

            Filesize

            430KB

            MD5

            2aff2e153eafc1f37acc3e3f77ddebb4

            SHA1

            8adeedcbaa5161532cae246351dfb01875903d16

            SHA256

            6f05d6d6b273bb01cda064cce941f1b76b276915f0e6411db2f08ca4a3d8d9ad

            SHA512

            9d3a1d7ce77f5b759ad8b51acc72c14146aa524698260b8c42abcc2ee121f5343a755086a49dd9fa4b1e5ab750dbe842d02c3a09e172866852ba0ed245fb42d0

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\psutil._psutil_windows.pyd

            Filesize

            54KB

            MD5

            95e7df8d97acddd70efc26aa1efe0a7c

            SHA1

            1dcbcdde4cf6adc64882086ace539c8b86d313d8

            SHA256

            b2af31f74b0963f45ea5dd5df2948a0713c837776c57c57da4f772da132ed818

            SHA512

            b78e6e1a90c5a36fdc042ee11466e0ee70588e207d31791da17021be16e487dc4d5c44efd1b576206f194b5de14fd5d7e42b813245abedb05f5fdcc55a238b04

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\python36.dll

            Filesize

            1.1MB

            MD5

            6316907faca8ed91e8477eeb1cb62b36

            SHA1

            5e6816c064538b8ef110f30a67df2c30b965ea23

            SHA256

            606171464bf27f67bea8d08e8015fd6777ab8b574c22691a29254098b3f94e25

            SHA512

            f53c7a39f151c19d63872c4ae4e0daebf4229b5332eede56da390b719eabc0dffa2ff4e72bd51a5728ac26aac1752abd30b7d5d5716fe6fc7a97a98faa3f10f7

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\python36.dll

            Filesize

            833KB

            MD5

            f6732a596a2e62c14d733eb023da7916

            SHA1

            71bea1945ee05843003badc29d0b18efc47edc06

            SHA256

            ee7c2c685280b3981def8da10a3247335649c22bcfd464f991ac4c11d02e31f0

            SHA512

            0916a5ef9aa508d0d33544c8aaef14162f4c04a924daa3386a3a1ba7741711b91fdcb1628b06266598afb163f0ddb993646a7e1df792e3d213cbb75c829a8b0c

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\select.pyd

            Filesize

            16KB

            MD5

            53180ac77de73a05568cc8f7bf0ccc37

            SHA1

            1ae29bd26716b46a4c441f9454169d6a26d451b1

            SHA256

            11bad8fccaf9cd3c8a1de238a6dad3a4289be1d2e1d97bacf213cd0f3c2b1e75

            SHA512

            0b30ba9478a7d91c1a3d143d997a4d1e1288dd53f4586005b62f9d64a3d0b051d0b1ae8dd8d252dd36ca57e997138927dd7f22a3d43234432927f6156cb1d3cb

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\test_rules.exe.manifest

            Filesize

            1KB

            MD5

            25d73be1f056a07f175030fb2c2cba42

            SHA1

            c7b316ae764192c0caae5d1dbf218024f8a4857b

            SHA256

            d77e1a1da4150ec7670f5d77d718ba4af2bcf6e6cf5c57eebc767c60bb34e135

            SHA512

            27e87160fde48fe973a343b3c629e97d1b391e759fcf09ed4c5d3621939c6ce58cef2e26891b986b7f19cbb8d48b114efcd2db9b0e68fa6567b28d3ccebdbe33

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\unicodedata.pyd

            Filesize

            419KB

            MD5

            a9ae2ac9a00561f6915612e87bfb2170

            SHA1

            9d2bb2639e06ef9613b99499ec9a14b84bfdd2da

            SHA256

            c3a4b9c9cae4abeaefe5489cc81ff3f33177558dd2119a1bdbdcec4ed8443788

            SHA512

            85f4369f0a8c03b366f47772532365aab9880a2682025638d62387be846b404ff2de76aa0788b75a21d1330875c1a218589f96908d197f833b9f686a67f545c6

          • C:\Users\Admin\AppData\Local\Temp\_MEI32242\unicodedata.pyd

            Filesize

            459KB

            MD5

            cf6e427596548d7ba041cd83dacfb46d

            SHA1

            cdef6bffe65cc618e408bbe575180436cb0663ca

            SHA256

            405f65e1fe6f3c2df4f4f3fe62598002153645368037a2b8d01a2dff466126c1

            SHA512

            9684f37bdfbe7bd2b8965b94305b971953699cf741acf028e1cb54451bf0a630c808a00c26f1b0a498f48c7bbcfc07ab459460a600032d98fb0dbd90f7cec505