21d2ade48d08f5c58f9011ca29035edc790eb10e24b7533963974802653f5589

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991bc82c8b45a7e8caf4912289dc55a5.exe
Size

6.4MB
MD5

991bc82c8b45a7e8caf4912289dc55a5
SHA1

684a4f85441b1475228a7659826414ccfa022737
SHA256

21d2ade48d08f5c58f9011ca29035edc790eb10e24b7533963974802653f5589
SHA512

c06ca0ac8159161f8ff694bd5300d455d228aa21cf15bd54c3ba5f65054156e4a0f21f2d1472c389527612ca43e76772d1e87fff64223e91599c827d09698123
SSDEEP

196608:GPeD1WuWJysVYvsO5mDIEVFKgd7rouHE0Kaf+:6e1WJOmDIEBd7MuHE0KA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2708	991bc82c8b45a7e8caf4912289dc55a5.exe
2708	991bc82c8b45a7e8caf4912289dc55a5.exe
2708	991bc82c8b45a7e8caf4912289dc55a5.exe
2708	991bc82c8b45a7e8caf4912289dc55a5.exe
2708	991bc82c8b45a7e8caf4912289dc55a5.exe
2708	991bc82c8b45a7e8caf4912289dc55a5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2708	991bc82c8b45a7e8caf4912289dc55a5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2708	2668	991bc82c8b45a7e8caf4912289dc55a5.exe	28
PID 2668 wrote to memory of 2708	2668	991bc82c8b45a7e8caf4912289dc55a5.exe	28
PID 2668 wrote to memory of 2708	2668	991bc82c8b45a7e8caf4912289dc55a5.exe	28

C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe
"C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe
  "C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26682\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_ctypes.pyd

Filesize
121KB

MD5
b8a2aa0b18b076f3138d4b6af625b1a8

SHA1
965f046846293af33401c7c0d56dd1423698f08a

SHA256
ddd2e07bd447e46bf8682953e08a52ef3dec2a16b73016a210ac88196964623c

SHA512
0b75f59db170ab74ccb5d82187171000b5a607524449576ecfc8c708e3dfc501ddec5bcb82153f20e928d6c46a7109ebf59fc32d904fe1307a280ce6f1c6bf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_socket.pyd

Filesize
77KB

MD5
fca96fe528ff7c8a688da45a1667576f

SHA1
3346925f3c5ec51ef9ffbc57b9630663942bdbc4

SHA256
6fb731502320840ea36d2c8194c8de2371d275eb2c2fdffa1a5e62f5bcfc84ea

SHA512
cd3e1ea2590052bd8b0db8f230cddbcf248886acd18f17508fadd64701633646967395aa22c5891ace08b5149ac6dd0543f042ece3a5a6bb2315c4bcaca4d423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\base_library.zip

Filesize
758KB

MD5
ca8aaf218f83c486c60df55e109c213a

SHA1
6788eb2465e36f73a0aea5020391f6c35b345500

SHA256
486e8c71e3cb50fa131ce877f1f12326937deb586f9c4a207616ed1efe8bdb4e

SHA512
ed941b89213ba5c301f0f123a5556b2459c49a7e304a2f8488f981014d668d07946f5c355509e25b9e538414b6af953aabf2af94afa108e6c65c0e4ec30b9be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\python38.dll

Filesize
4.0MB

MD5
147281c6864c61225284fc29dd189f37

SHA1
f9affa883855c85f339ac697e4f2942dd06a3a2e

SHA256
c5d4495bb879cc52a5076e1f366f330aa006d1e7e34c6b640a98378746244099

SHA512
ec5d36cda7689f6f9889ff0fdf2d946704c930a030d7254b901db78c4591a3f4fde0fe75a841ae91c2f0881edaf75b36d04e81e3d8605b81df4bc9195a09d056

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\select.pyd

Filesize
26KB

MD5
3bff7c4ca394c523c25de029461ce32a

SHA1
15e2e1bff65fdf400ef54358079bb25a29faedaa

SHA256
306b8d12b77a8d6b6d06c6120331584af14f8deb97d5aed799a4779413052bc1

SHA512
2ce6d85dd23882b8a0ed00e0d2f4cc70f1c2871172e5f4e39d3bcf68ad0f69a528b227f14e02fc28467bc232619cbbf4feead778818a926716604e86285e69a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26682\python38.dll

Filesize
1.4MB

MD5
badf2b5609662c33f9141d0a3b17a019

SHA1
d67d4ce1a423cacef8eec57ba9f7c623666de8e0

SHA256
8d0ea4268351c745309e43e89014e51975b425b084f2c94971556bb35e611298

SHA512
6814a87ca42a4b4af5378bd062696db078842ab91ba3c2bd983294c0c6133b5655ff63adf77d40ad5b46aad66d39f805e2091927e8086dde0ce8a52356f3d5e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads