ec6cc0c8ca59f336b5d1214d22c0668438aa2c87c41930f7799cbff1ac6c2658

Analysis

max time kernel
98s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

newBypasser.exe
Size

8.0MB
MD5

b1ddf91d73f4e19a1da7479d79baac66
SHA1

8c5d5f41717f3fdbae0057a827b38e7933ae5f57
SHA256

ec6cc0c8ca59f336b5d1214d22c0668438aa2c87c41930f7799cbff1ac6c2658
SHA512

82d9d07deddb868229bb1aec24cdea89ed47720b07e19b7388503cc7373f8de7f4fd2915e27138f98b1beb8b0439df649fd12a6d068f5b3080ae3db169a7327f
SSDEEP

196608:azFCraA1HeT39IigwWc0/aFFH3ZAqxNiC:Xv1+TtIiFm/KKqxcC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 34 IoCs

pid	Process
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
1096	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe
4824	newBypasser.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
59	raw.githubusercontent.com
36	raw.githubusercontent.com
38	raw.githubusercontent.com

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 1096	640	newBypasser.exe	86
PID 640 wrote to memory of 1096	640	newBypasser.exe	86
PID 1096 wrote to memory of 408	1096	newBypasser.exe	95
PID 1096 wrote to memory of 408	1096	newBypasser.exe	95
PID 1208 wrote to memory of 4824	1208	newBypasser.exe	101
PID 1208 wrote to memory of 4824	1208	newBypasser.exe	101
PID 4824 wrote to memory of 1904	4824	newBypasser.exe	102
PID 4824 wrote to memory of 1904	4824	newBypasser.exe	102

C:\Users\Admin\AppData\Local\Temp\newBypasser.exe
"C:\Users\Admin\AppData\Local\Temp\newBypasser.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Users\Admin\AppData\Local\Temp\newBypasser.exe
  "C:\Users\Admin\AppData\Local\Temp\newBypasser.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c move /Y 1v1.dll "c:\Program Files (x86)\Steam\steamapps\common\1v1.LOL\1v1_LOL_Data\Managed"
    3⤵
    PID:408

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\newBypasser.exe
"C:\Users\Admin\AppData\Local\Temp\newBypasser.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Users\Admin\AppData\Local\Temp\newBypasser.exe
  "C:\Users\Admin\AppData\Local\Temp\newBypasser.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c move /Y 1v1.dll "c:\Program Files (x86)\Steam\steamapps\common\1v1.LOL\1v1_LOL_Data\Managed"
    3⤵
    PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1v1.dll

Filesize
2.8MB

MD5
cfab28c28fd208300d553427795bf31d

SHA1
f922da3c646ed015e49499d72f381d6077299f54

SHA256
ce077406b3ee43b87f6854c1d730f0e43d52f1db641b518439028fa52a328951

SHA512
ec6ca828e5176479006165826490724d22e4b92dadb2e3de5ef39e230f904721875b4ef3aa061f32d6d3d609d1f5229abe5f6a82d437f4e90188166ac9aa1d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12082\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_bz2.pyd

Filesize
82KB

MD5
37eace4b806b32f829de08db3803b707

SHA1
8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9

SHA256
1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b

SHA512
1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_ctypes.pyd

Filesize
121KB

MD5
a25cdcf630c024047a47a53728dc87cd

SHA1
8555ae488e0226a272fd7db9f9bdbb7853e61a21

SHA256
3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac

SHA512
f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_decimal.pyd

Filesize
247KB

MD5
e4e032221aca4033f9d730f19dc3b21a

SHA1
584a3b4bc26a323ce268a64aad90c746731f9a48

SHA256
23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c

SHA512
4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_hashlib.pyd

Filesize
63KB

MD5
ba682dfcdd600a4bb43a51a0d696a64c

SHA1
df85ad909e9641f8fcaa0f8f5622c88d904e9e20

SHA256
2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

SHA512
79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_lzma.pyd

Filesize
155KB

MD5
3273720ddf2c5b75b072a1fb13476751

SHA1
5fe0a4f98e471eb801a57b8c987f0feb1781ca8b

SHA256
663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948

SHA512
919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_queue.pyd

Filesize
31KB

MD5
284fbc1b32f0282fc968045b922a4ee2

SHA1
7ccea7a48084f2c8463ba30ddae8af771538ae82

SHA256
ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766

SHA512
baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_socket.pyd

Filesize
77KB

MD5
485d998a2de412206f04fa028fe6ba90

SHA1
286e29d4f91a46171ba1e3c8229e6de94b499f1d

SHA256
8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

SHA512
68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_ssl.pyd

Filesize
172KB

MD5
e5b1a076e9828985ea8ea07d22c6abd0

SHA1
2a2827938a490cd847ea4e67e945deb4eef8cbb1

SHA256
591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b

SHA512
0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\base_library.zip

Filesize
1.4MB

MD5
d67807911e3e5740375e56bfb71a0f82

SHA1
232f1c78c0da9ccab1be67a0b5124faa7d36c0d6

SHA256
9095b218411ec46d59aa5e7b174aea7e628c8cd364891f685944a4f8ab975452

SHA512
22a9592be7e60a78cc06ed8b597bd768336738aec5fbcfc6697eeab59cc8f26964ae46234fa862d18f922df5107ffee8578448911ac72eb9d3c344d268595823

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\certifi\cacert.pem

Filesize
285KB

MD5
d3e74c9d33719c8ab162baa4ae743b27

SHA1
ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b

SHA256
7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92

SHA512
e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libcrypto-3.dll

Filesize
2.6MB

MD5
ec7323dda86b857a77184eb204f1e210

SHA1
7903a056dba0922a7c2ded4b09e007ad7624db27

SHA256
66a3a361d04aca37fa8f8ce2723b74cdb9dbb9e7179d8554810aecc05a6b3740

SHA512
cb9e8ccdcf021a7fd6e142c1787fc896b759a1d2af164333654b81e23026e2b225a464e49510b7b0493bdd043ccacc442fcac2489769a5d54ef3b8a035ed0bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libcrypto-3.dll

Filesize
3.6MB

MD5
278c831e52d842cbb447ef557566d76a

SHA1
eda4c79eb083817e25a93681c7a4dd4c93c93b1c

SHA256
bec46dc762eb0385bd4321cdd695d497bdf55dcff829b7018d61d336a7288134

SHA512
7cf4add1f81a0f800a1156a5db5722d9b9ee898553e60d44a51825b73622c74a357438beea56232cbcff3cdd5121d05a3afbbf0884e4f89206523becf3e1679f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libcrypto-3.dll

Filesize
2.2MB

MD5
2e2b2d4f9750982d405db56bb3da776e

SHA1
4297de797173fcabb57c70de89bb8fce1df5d1fd

SHA256
1b074a585e8618607b8c9e97fe893ff92dd3dbd92fb6b9ec9dd254acbc3dd1b7

SHA512
006b5ee538ca74a646bf59418cf93003e784263b17ff08ca0fc08b4afdedd9777a0f235abf7d01fda7dcc3bba765eb7c471bc8a9f74480788e12662c06ab160b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\python311.dll

Filesize
4.4MB

MD5
5906fda75f2e5573bbbf303b6f4966f9

SHA1
f663ea3ead03f2bd602a1fa95415022f42e4ff4c

SHA256
04004dd2bac90b1f6f4950138504587fbea1572e83bf95cfe5e5be5657dd5536

SHA512
232a0ae9ee60a7d91fafb2631587b216cf87e64ec17699f37680186294e00f652cd7de0c36900ff33449e293a13c19a48e43edb2cdbea2977f49986d86df78a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\python311.dll

Filesize
3.0MB

MD5
7e11635618d7164cd0c7faec68d1eb88

SHA1
ffb401fa4d378f2a55cd218fad82b84b1decf035

SHA256
b31a33a5ee05eb85db028f8e514a513e2b3f5b826792d25c8847b1af67822a0c

SHA512
254438d2586a3750ef0035e0578d76ed9739c3fca8237a562c8894680219e7443384161e1d01264821d5db02b02a5bf08399f994f3b07909488698da1a2cf285

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\select.pyd

Filesize
29KB

MD5
e07ae2f7f28305b81adfd256716ae8c6

SHA1
9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

SHA256
fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

SHA512
acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\unicodedata.pyd

Filesize
1.1MB

MD5
5cc36a5de45a2c16035ade016b4348eb

SHA1
35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

SHA256
f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

SHA512
9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

Download Submit