21d2ade48d08f5c58f9011ca29035edc790eb10e24b7533963974802653f5589

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991bc82c8b45a7e8caf4912289dc55a5.exe
Size

6.4MB
MD5

991bc82c8b45a7e8caf4912289dc55a5
SHA1

684a4f85441b1475228a7659826414ccfa022737
SHA256

21d2ade48d08f5c58f9011ca29035edc790eb10e24b7533963974802653f5589
SHA512

c06ca0ac8159161f8ff694bd5300d455d228aa21cf15bd54c3ba5f65054156e4a0f21f2d1472c389527612ca43e76772d1e87fff64223e91599c827d09698123
SSDEEP

196608:GPeD1WuWJysVYvsO5mDIEVFKgd7rouHE0Kaf+:6e1WJOmDIEBd7MuHE0KA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
4996	991bc82c8b45a7e8caf4912289dc55a5.exe
4996	991bc82c8b45a7e8caf4912289dc55a5.exe
4996	991bc82c8b45a7e8caf4912289dc55a5.exe
4996	991bc82c8b45a7e8caf4912289dc55a5.exe
4996	991bc82c8b45a7e8caf4912289dc55a5.exe
4996	991bc82c8b45a7e8caf4912289dc55a5.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 4996	4792	991bc82c8b45a7e8caf4912289dc55a5.exe	83
PID 4792 wrote to memory of 4996	4792	991bc82c8b45a7e8caf4912289dc55a5.exe	83

C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe
"C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe
  "C:\Users\Admin\AppData\Local\Temp\991bc82c8b45a7e8caf4912289dc55a5.exe"
  2⤵
  - Loads dropped DLL
  PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47922\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_ctypes.pyd

Filesize
121KB

MD5
b8a2aa0b18b076f3138d4b6af625b1a8

SHA1
965f046846293af33401c7c0d56dd1423698f08a

SHA256
ddd2e07bd447e46bf8682953e08a52ef3dec2a16b73016a210ac88196964623c

SHA512
0b75f59db170ab74ccb5d82187171000b5a607524449576ecfc8c708e3dfc501ddec5bcb82153f20e928d6c46a7109ebf59fc32d904fe1307a280ce6f1c6bf7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_socket.pyd

Filesize
77KB

MD5
fca96fe528ff7c8a688da45a1667576f

SHA1
3346925f3c5ec51ef9ffbc57b9630663942bdbc4

SHA256
6fb731502320840ea36d2c8194c8de2371d275eb2c2fdffa1a5e62f5bcfc84ea

SHA512
cd3e1ea2590052bd8b0db8f230cddbcf248886acd18f17508fadd64701633646967395aa22c5891ace08b5149ac6dd0543f042ece3a5a6bb2315c4bcaca4d423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\base_library.zip

Filesize
669KB

MD5
bf17d4d13ce76df87c1bd1fbd37c848b

SHA1
cf7390fad3f17568de9721a1b583147e69b2285f

SHA256
715ff8737cb427afd1bce42a5b3cf5538ad1678598eb2cbf3ea02bca0e053613

SHA512
ef7ff29f1212e7b14264ca4d2feed515ef54302379c205b41d9a28e8bbe99862860b62606e5a03eaed8ae6f484373dbea5766ea2a8a57cfa69794e94a55e8227

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\python38.dll

Filesize
4.0MB

MD5
147281c6864c61225284fc29dd189f37

SHA1
f9affa883855c85f339ac697e4f2942dd06a3a2e

SHA256
c5d4495bb879cc52a5076e1f366f330aa006d1e7e34c6b640a98378746244099

SHA512
ec5d36cda7689f6f9889ff0fdf2d946704c930a030d7254b901db78c4591a3f4fde0fe75a841ae91c2f0881edaf75b36d04e81e3d8605b81df4bc9195a09d056

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\python38.dll

Filesize
2.8MB

MD5
fa7e1dc1ab45131dc55b4bb69dc81c69

SHA1
f7083e2d103d59f31226f0629f3552dea8d445aa

SHA256
707cca9e3111e14fde38d46ab7c8d449ad595cf9212b18a97a42ad6b27b102f4

SHA512
92040946cdcea9439d3e48cd1733e1af97072f5c10babdfa4e58373bde4a0189947c4865e6f84820a175cf6f4fa0e07d2df1a679878d568eed8d8183725e6c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\select.pyd

Filesize
26KB

MD5
3bff7c4ca394c523c25de029461ce32a

SHA1
15e2e1bff65fdf400ef54358079bb25a29faedaa

SHA256
306b8d12b77a8d6b6d06c6120331584af14f8deb97d5aed799a4779413052bc1

SHA512
2ce6d85dd23882b8a0ed00e0d2f4cc70f1c2871172e5f4e39d3bcf68ad0f69a528b227f14e02fc28467bc232619cbbf4feead778818a926716604e86285e69a4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads