070923d5ca225ef29a670af9cc66a8d648fcaaff7e283cb1ddc73de6e3610f0f

Analysis

max time kernel
86s
max time network
88s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
24/01/2024, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

capa.exe
Size

30.0MB
MD5

21dc36681c30aeb8e0e615d02105cb11
SHA1

8e6782379741b55fab8090b348e5ee5ffc7eb816
SHA256

28456074020e4982cb2c7d0f8c7aeec3d8470e4625bb6f12dc9bb6a794bd9fc6
SHA512

f1eadd147dfe986a3220c0f214f7dfa0639fccc986f50605abcd0feefe56b69a54dab8ca3cd02c2cbe6e996d527ae2edbd901ed2a83570e9bfd24b9c148d62ce
SSDEEP

786432:Q2DjsCED74EaEizozeyAZWXBiFhOfBhqcnrmUNZ:vDjsCk5aEizozQOgFhmFrV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 22 IoCs

pid	Process
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe
408	capa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 408	3740	capa.exe	81
PID 3740 wrote to memory of 408	3740	capa.exe	81
PID 408 wrote to memory of 792	408	capa.exe	82
PID 408 wrote to memory of 792	408	capa.exe	82

C:\Users\Admin\AppData\Local\Temp\capa.exe
"C:\Users\Admin\AppData\Local\Temp\capa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Users\Admin\AppData\Local\Temp\capa.exe
  "C:\Users\Admin\AppData\Local\Temp\capa.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI37402\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_asyncio.pyd

Filesize
63KB

MD5
0400b1958d0f7aa0d2ad409ea12ffec7

SHA1
ce1a5c61192ffe489a53f029ac0a95d4abb3d2b9

SHA256
6e25aa5931f175b971dfd05aab7a24cef29edd8f4b524341c414d0577c07a200

SHA512
8790f3f9c69823d55350ea63a1b8ebb3dad64942b6e6752109d2932b3bb848a5101e2a9a4645e93a476a8c4e5c8b27e15eb39b33fcc772a876b0e8ab9fd5eefa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_bz2.pyd

Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_ctypes.pyd

Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_decimal.pyd

Filesize
137KB

MD5
ede7e476595429fd2ac8597052767fd7

SHA1
3874182aa89cf1edfe90ebc1d42c0c6795b15e30

SHA256
2024a005d575914b4a95a1eac660d1c3afa2ccb6162ac0e4fa17ecf595b2c519

SHA512
c7142afe3587e940cfcad9f66104ff69af1e448ca9f70a9af7af8f62d5b15db90e760e7dcf01b81816b708fe00aa2a83503c746fc5d257b15161999a3103e944

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_decimal.pyd

Filesize
243KB

MD5
25fefc2e62f083e1f60c92d74e611fe1

SHA1
047f4791322858aaab2a286f2c6a803fe2e52ad8

SHA256
cc1377d47a82c74b889edd0492851b1f3f77ff7013ec0322e06d4f78dc28eef3

SHA512
ebebc2f78a5681fe5d83436382b719ec7a4e1b00c7b93d8b4cef47b4b9035c73a18d0cb466e44e3072444732edfcb143696d2afa760a9922f55832251d26c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_hashlib.pyd

Filesize
46KB

MD5
5e5af52f42eaf007e3ac73fd2211f048

SHA1
1a981e66ab5b03f4a74a6bac6227cd45df78010b

SHA256
a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b

SHA512
bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_lzma.pyd

Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_overlapped.pyd

Filesize
45KB

MD5
7d5bb2a3e4fbceaddfeef929a21e610c

SHA1
942b69e716ee522ef01bde792434c638e3d5497a

SHA256
5f92c163b9fe6abb0f8b106a972f6a86f84271b2e32c67f95737387c85719837

SHA512
8c44f1683fdea0d8121ff2fe36f2582313980ef20ee1985af7ff36acb022acbb7617e85d2dd3b8e75715444dc0cfc4487c81b43d0222bd832aac867875afbe30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_queue.pyd

Filesize
28KB

MD5
dd146e2fa08302496b15118bf47703cf

SHA1
d06813e2fcb30cbb00bb3893f30c2661686cf4b7

SHA256
67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051

SHA512
5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_ruamel_yaml.cp38-win_amd64.pyd

Filesize
167KB

MD5
9ee33fa77a04bc3822e503c3f0de2e05

SHA1
787532122627b506c33de7caa356f66de197871d

SHA256
978c511b3331c7f985f2e79d372b417bb0ff555f7758b1a203027b77b4a7aa3a

SHA512
25e60b81ff4ae7bb33aa6159ef3bd3c3f99a310cd176e05f8ea8c0f49acde8cec9aefaecacc8f888cbe4f422b0c1ff31ebff1536ecb57b1d8a4d7b68e3d8e3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_ruamel_yaml.cp38-win_amd64.pyd

Filesize
176KB

MD5
e33e6149f99566ff04887037f4ce80d2

SHA1
82950b5351ab3c076c48f16ee5fa6c263f518928

SHA256
acd60c6e3f30112aa8d305de66635d92e39a20fab838305517956708e7ea2563

SHA512
bebff659793cd1fcd325f4e971515b6a7b08fae04edd965a232702c94e76951f4d47394a44f3420f6312ac6431fc193cdbd10a4fb803bb419d8d088af6f5c04c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_socket.pyd

Filesize
78KB

MD5
4827652de133c83fa1cae839b361856c

SHA1
182f9a04bdc42766cfd5fb352f2cb22e5c26665e

SHA256
87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

SHA512
8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\_ssl.pyd

Filesize
152KB

MD5
d4dfd8c2894670e9f8d6302c09997300

SHA1
c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e

SHA256
0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0

SHA512
1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\base_library.zip

Filesize
237KB

MD5
302b8475e73733c8ec7994e267c328b4

SHA1
4b411ec550ddcffac526b0f3704d6e3d510c8a04

SHA256
e3afbd79e3bf688bc28277630dc7279e76580a7083a0d1899815549c340d3203

SHA512
5579aaafced3e0eea3d2e863d2d776a34ced9e84efac5e895b28467cf1cc16a70fd00a0c0364eccda51b7b2e49c6566e1d7a5c2977fc53ba12940a0479e520df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\libcrypto-1_1.dll

Filesize
202KB

MD5
a2f14d1542b2f23cb767021c9411d0c3

SHA1
c0b8c9635de24a8e4053cf881aa899ec6f158a0d

SHA256
b7783325ae471efba5b14d71894bc6ae1f20d3d5c988535534996bb04003ebbf

SHA512
88f60282ed1efe69d89fc4e0d2dca7e6f749a9410855f57549634f54dd86ebce7d84856421e4bf1dab799e46375aebca12ca1148f074f043427e16ef0e4465f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\libcrypto-1_1.dll

Filesize
145KB

MD5
9c494995d2ec65893e890e65b390f7f1

SHA1
a89a3808dc57079eef6d98568ffa5f1ef1042289

SHA256
8ccafc982d2e35c43151f174587940206fb8acb9ef5502c910187b43a6494cbb

SHA512
dc0f9919f4fe8ddc762dfafff9b406e9cea0dacc2eedee158f06a5d3949b2712ee3dcddcb5abea0800b7395ae20fe6c2427307b903a70bb548bc1814cf65e4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\libssl-1_1.dll

Filesize
194KB

MD5
5899225ae6ebf8a2176187955d09f0cf

SHA1
5bffb62bb865b3871b31d65365c7e94dca860de6

SHA256
6f1bd869ab62548e98ae41514d4ce8d5a3cd5bc08f9e0df7b6037b9017585a53

SHA512
065e0de14ce2fa6f250ef307dc6c6b3058b0e9de0ceb7793c3b714a0d2f02debb27d319e15678f3e4d4b8ed744b31593bb0c5ee85d66afe1110a6811db9828a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\libssl-1_1.dll

Filesize
268KB

MD5
1251f5c7ac371891e99860fd6b80ba48

SHA1
2b5e7c221bf78fbc01447324438c328880aaae6a

SHA256
422d3663313b31aecb4490733934b8ec8de7129cdca4da7cf67f998e8b918956

SHA512
9d3dce8fa3b4d3df01b5df444886663ecb6f90513d306a36dc7c7d858ea60c4deb21456136eb6c80ca413c67d544f767453dd4a8cdcd69b56507e56fb9a743ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\pydantic_core\_pydantic_core.cp38-win_amd64.pyd

Filesize
107KB

MD5
15e3a1dff5ad55188349b8a935ab99a7

SHA1
108ce5fe5d959bf729c86f9c534bc173772909bd

SHA256
ff1422e6614770940ef4e614075c4479fff5c8cbbcac9391f59f4fb3d83c8a83

SHA512
ebad55055a5e180027a175137961b457ed124bf24d16268287e9f5108f43bfcab81e6d8c68113d1b2fc4a7806f8a0377388b97199c35b306c6814b0b312c2a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\pydantic_core\_pydantic_core.cp38-win_amd64.pyd

Filesize
82KB

MD5
0eddd814b8cf790f40e89901adf5f701

SHA1
ac7fc2cdd4d39c973e4725d7c939c82431cde7a2

SHA256
73bb19ef6106cd1c6b03199340f780e9f015acd9b8b444dabed033c2f4321201

SHA512
0d66f70a0d4b979defafe9d9f95eac1e7a058e00a3a5f8acd47d81bda243e82d63ca1c299ca72cbdbfd663ce07126257ce805e31cb6c7c8990de28d476ddb1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\pyexpat.pyd

Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\python38.dll

Filesize
64KB

MD5
86ab163bbdb95dba223e23649222fe63

SHA1
7e03ee86410303fd5bc2811941c6a462f622c3cb

SHA256
f897a21506b9626b619ac7693571ba77da1ec59c01e922164a22457dd058ef38

SHA512
a2c9a0864e4b58d95a92b37ee073374f5f6cef79559afd6a2225310ecbedbfeb93a1780596d7ca4bfbe8ef1c977b5375d4994175c2d36f08db40a22a4d4a38ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\python38.dll

Filesize
218KB

MD5
aa65593251a50a55573a1da488569add

SHA1
c83aaf3555a2e4263ebc5b05957407f261b6cd7c

SHA256
93f4d4976d0de4b62d16da28e4793dc20f464ee4f1ac2d13efe4c71205b27737

SHA512
8d8c59252f280f204651bdc1ea011618bb6805ef1d0a6fe5037b0343363c4038ff04a99e851e9483cad580dab38b8493cadf71d7174f5798142f38d71a1035a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\select.pyd

Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\ucrtbase.dll

Filesize
384KB

MD5
cb68fbf062696fff0d13de9a4d9161c4

SHA1
7c7f0528b6d2a3541172361e8d45ab1b7c7ff6cd

SHA256
4c9fae552128d3deea855a9963d45f6696a79e149282c737f82ea88ac24d787c

SHA512
ada1210a9079db81fb8845d4f9cf43bd20794dc39457945a4899129a1f340ca69a2f7cf5f39a27ae01a3fe3b50d248c05dd3927b14a52ae4a2101d4093ac37db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\ucrtbase.dll

Filesize
99KB

MD5
4da04f6d79290b5a755e67bf7a736887

SHA1
fb2011790a5828880f021ee200334729cbac5408

SHA256
7d8f7de60a18362787e63906d6c5742dcb4327412fc8475a11f8227cb0bfb831

SHA512
5e435047d2c86e7d788540f626bb2db81681be5613e1cf1a88a3b1e4ab0efac2c0a23e9a43cca9e86cb06e2974b0cbf02e4193eaec23ee891d39ce1b6fd4456b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\unicodedata.pyd

Filesize
284KB

MD5
5c4036fb5a2c5393f757190d1464c13b

SHA1
4d9d95fb8740344a8702d1282912fda00017bc1b

SHA256
45b6dfca39a9b7261e9478c6e03c43e2af725c376807fc0af3941200ed5e059a

SHA512
cab8d675889213004a18c8bef608239936d5749e10e7b1bd1e803ac4448f73a3b9d5185c61be4ef890dc653a9978314dcd7a8aa113c3ef1eab48c1365d50334d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\unicodedata.pyd

Filesize
393KB

MD5
06d1020af8b1b5eeed91a9636c02a129

SHA1
71f849b1baa70ac6a51ee8b3c8d30713e69b0a6d

SHA256
657db1844b28cfdb1930b95b3bd6cf08643a8966381c60472b8c7b1d9412151d

SHA512
ae267625930a304333898b68d54e6632494baf6fa862b1310cf4d74787260ca05adaa0f4a723535d2bc413cf97c4dafe6a47705bc61e01f503e6d5ad33e41ea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\yaml\_yaml.cp38-win_amd64.pyd

Filesize
134KB

MD5
cb8549c94ad343ca13aca1d71fc8c10e

SHA1
0a3fd14b51352e6dc998f056b62ff97930e6cf25

SHA256
da5f911c363fb9e4500ac2672c993996fa667a11c8b011e69251af4886daeba0

SHA512
67506d2e816de71adbf974efa3da3317b0035b89f0f50e36fb0ee8780e18baa6e9d02433907622b5ef8fdc4666fd5372bb59c3b942a8fd1b38abe7f555c05b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37402\yaml\_yaml.cp38-win_amd64.pyd

Filesize
108KB

MD5
30674e612f0b663cf91392ba0fe55e01

SHA1
0076e757609dfc906632d6528eeb2734b58e0e60

SHA256
b485d43eab18780fdfef82335ff5867090c0d3e4be29f13b8b1dc3b87b1d5646

SHA512
0f6e88d66c5e6e005279bfd4ed8d2b747bcd54477c496cd111c6580ec9b605b5c2ba8b85bf20465a9c4d3f2f4458dd967447958bf4fa2843f4e5fc231df89aa2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads