1dcd5a4349f3e617af53dcfa24600fd169cfdd53dece33fd72c6d66c2991d240

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-02-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rdp_check.exe
Size

6.4MB
MD5

983b0043947ae9f11f0bf89b0defb99f
SHA1

be82d2670c69215572fc73ad39bcc5a2b816e615
SHA256

1dcd5a4349f3e617af53dcfa24600fd169cfdd53dece33fd72c6d66c2991d240
SHA512

052dbf5590fda77cb66e7a0162745a8f9844b51ed9bec4e348100d57c04fceb81d0e78eec5aa31ae79863670bf4c50980c3b0e8823b9c03e7fd49d978c08165b
SSDEEP

196608:C9flX+aFF9MMDJZkyVzlPKQ8hY/DkgMWsDzS:C9flrFF9MMDJuyVMHYgGsDz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 12 IoCs

pid	Process
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe
2764	rdp_check.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2764	2656	rdp_check.exe	29
PID 2656 wrote to memory of 2764	2656	rdp_check.exe	29
PID 2656 wrote to memory of 2764	2656	rdp_check.exe	29
PID 2656 wrote to memory of 2764	2656	rdp_check.exe	29

C:\Users\Admin\AppData\Local\Temp\rdp_check.exe
"C:\Users\Admin\AppData\Local\Temp\rdp_check.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\rdp_check.exe
  "C:\Users\Admin\AppData\Local\Temp\rdp_check.exe"
  2⤵
  - Loads dropped DLL
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26562\python27.dll

Filesize
2.5MB

MD5
f5c5c0d5d9e93d6e8cb66b825cd06230

SHA1
da7be79dd502a89cf6f23476e5f661eebd89342b

SHA256
e3eed66221a6552d4b9ae7350b3dc30de238a6029efae060514d2780c02fedb4

SHA512
8a13b15884f8450396b8f18597dfe62f0e13e7ab524d95de5b7b0497a64e52f26b22f977803280b1916fc2b45c52a92ab501a6fb8ad86970d8326be72f735279

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26562\rdp_check.exe.manifest

Filesize
1013B

MD5
d0ffce2dec4b93fd33006ce5c08818e2

SHA1
b9e3b58f09fc4061528aa34c3e8fd71be27cac49

SHA256
0f29aad54bfb8833caca16b1e1dc31bdba7100b02b976dbc22e68186e8aebcdb

SHA512
e2ac058449a3d464c7228d5c03d3bf1165881197b4b1baf164007450d956e05322277e66a64a51feced1d9179a6bb2ca84a9fe3c62a116446b8ab3aee2bca22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ctypes.pyd

Filesize
89KB

MD5
9e6c48ec9508423d0ce6b6e4d4a10d90

SHA1
82548d0cfcd99bc11ecee670dc0c1c9538aa6ade

SHA256
b700441351b3a24a1ec392376984d3d95a541ea548c77f0df55d7af579ea9c1a

SHA512
37fc511610e5ab06a78f276bf0f4b7335a37d40fdf0158f674ecf1b029fe3298e0667230d3f8840258b8e5413108e1e6aeaaff090b3cca6eef007ca5a1f8d926

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_hashlib.pyd

Filesize
993KB

MD5
b1dbd52e5da083e5b5613a2b4c17a4ef

SHA1
0ed87f9e0b572f88e102739daab54db03fade416

SHA256
fa57bf3173f2d636984305401c06f1618b8119fea2c311d1173566ea236fa0c6

SHA512
dbe14802ff53e8fb9f35baa1c1bd0dc55c1073e0f96b59b5cc3783760e23c645cd453a39b2b4d0ab79ee871ba1cb81154a4cf5c54b67dde7ea14008d72dd2cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_socket.pyd

Filesize
45KB

MD5
600de8a82e2204e88df27714687f88b9

SHA1
dac20e0bf5482a6f09648648bc4d38562473c89e

SHA256
a24422d519e5a9283a0887d4be09be2ac89797886d8f45151cab5e9fef8db1e1

SHA512
3d82eb600bd358a019dcde1f4a337d87f29c9a22937989dddfe697c433f58ba9e4a836752998a542e7df179adafa8c89c99aa18b51b100f7a57aa5b47a456460

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\_ssl.pyd

Filesize
1.3MB

MD5
9b59be1fa8427368c4e0e763f578d74c

SHA1
7287fe431a0a67aa41e9952906759746ddcffad1

SHA256
4ba198e7f53a37b3a825ff2ce4d3e6ca00ad96e62852f0127a46c57a9a4a3026

SHA512
6905c5f80ff723ff79863332dd8d20d4cbbe224d355ba9b824a6f29ead62ebec16fa96ec664bdb56a2688847881a53c34459311c156f35aa887b2a808a6e9032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26~1\cryptography.hazmat.bindings._openssl.pyd

Filesize
1.6MB

MD5
68009359275e52126ba45775c2249754

SHA1
6dca720748a4a1e0a1a9b5ce7c5a6ff7f1cd2c96

SHA256
90539851722fddec11d44e4be2ab2a2982853cbc62fc33bcb67182de2c9a8825

SHA512
57c67721a305a0cab127bd6d65fe57bd1a1fadd8971fca090574cff2de01c19e2bc82abff3cdc3b9bfd3e5ab047f45f8bd26fb246d641f14c1516cdcde7a8460

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\Crypto.Cipher._ARC4.pyd

Filesize
8KB

MD5
35cf493fa03a4b8a79666c23fea1da38

SHA1
9fb5ee963472f1d1754b6ac568574ebbc3ace8ab

SHA256
cda807a9cb5515f37b030f6ef4153b1e58b946a710af498173a756516d77a1d8

SHA512
8be08d249b18c244e789d4a3de21c4ddb1ee8e62aa75c84d0ea33afc746ec9cb7540d77c3966ca8e465ce3bec498f62c41d8034110721c764a6605dc0256febb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\Crypto.Cipher._DES.pyd

Filesize
53KB

MD5
4142eb42a87310d01ed50ec82f4dffc1

SHA1
d62775001498e4298b03ef496baa8fc1b3d0fe1e

SHA256
a2bd61a869173321d34f835d409d3a5a251797bf63f531d25396778bb39454cd

SHA512
6c581f995e09d300727bab47a93142fd9ea0318d9662b316c7f486f22626155319ca7155bafdd987621a6ad1cdf5d5531eac6fb8409c4e7a039729e9935145fb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\Crypto.Hash._MD4.pyd

Filesize
10KB

MD5
1c303a89853532c1cdfa59cd543bbf2c

SHA1
e77a8c85d526dfac464fe2fd1d65c3b291ee09ea

SHA256
5a95d92de1e906b8e12725c0628080313e271ec6b7f29e8d14951abccfe8112c

SHA512
8adcf9eafea044113d2aeb11a9835c7dbb60f1dda55fe7f20411f85962cbdb1d4a2d6e35e54a0168d1c358419997f4c6dbbd769e9d144bd5776265969c01e213

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\_cffi_backend.pyd

Filesize
124KB

MD5
2409e1eb60aa992a684d92edf3850869

SHA1
03085afeeceb5013d6c9b583bd694de46d8b5276

SHA256
d14b245fe80e163c24fbfe517ea30f6630d15a10c0271bc21b1efd58911072cb

SHA512
dce1f7d5b7d8ccdad3540f0526c887865d5c81ad971a72b3dc0ad12da1ca7a45e98658c0b9a96ff88d512f59dd3a82d93ca9928523561cd16f575bf94c6f9186

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\cryptography.hazmat.bindings._constant_time.pyd

Filesize
7KB

MD5
87f7f14305e898dc7bc5ec6ce33e9e98

SHA1
09345490a299ad65f0b3abaa8c857852456ed8bd

SHA256
92ea01d3133c807a3c13f924e2423f47e2237c20453da741ffb8d28eb0eccc08

SHA512
770348233eb3c5fb38a2ce2a80c156b175517c29e6d7a34a73b4b0296fa210322447cff3d6b68c486d0024f4b0da269ac70ed27e2a7f7626e3811c9e5f3ed118

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\cryptography.hazmat.bindings._openssl.pyd

Filesize
1.2MB

MD5
acc5df74d75e3b5638cd8f3b6a3ad207

SHA1
0ae5fdeae193ff4b7cea0f29eab5b871d0bfa021

SHA256
141205a0d75400b36f1a946cbd8ff6435e63bf39416ed974180e233afec74059

SHA512
dc8089134240649f65de51ebe19fd88fe1939eb907eb906365c7d3e99f847622b394cf676c348176eddb552626a842129dc7a709b5bc37c31e2c6a456f8ef220

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26~1\unicodedata.pyd

Filesize
671KB

MD5
a13020f231b588d46aaf82fe9314efdc

SHA1
fa43858266fbfa564e98fba78f7e8634659f2dfe

SHA256
426d241e6480cecaf55a23ac686311a362548377edcfbfc920ac4cfbe3ea479c

SHA512
ed759afde4cf4960f059162b945c5de0e8270780004309c85093684ebfba93cfbb6e642e9db667ed852e8ceaa8c7c4386ff303db08713af4b31a4eeee45955f0

Download Submit
memory/2764-53-0x0000000000190000-0x00000000001B3000-memory.dmp

Filesize
140KB

Download
memory/2764-44-0x0000000000170000-0x0000000000180000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads