Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 12:49

General

  • Target

    TokenGen.exe

  • Size

    8.4MB

  • MD5

    6ab683496d974568e89cacbc75e8f911

  • SHA1

    9422365d1bdef1232f79ae92897589250a65735b

  • SHA256

    2c77f01d2d3d4e3f32e25437d8afc259e3c5f9e8f40fb8d7688637b11649b682

  • SHA512

    446348fdba1fb4c28e36edac99c6bc1e13eb2af482499ada21030d425e730051a26e8c2ea1d01822bfb596802be489160b8dc52906e86ec7bf2c3b37a63bcdd0

  • SSDEEP

    196608:Ye4IHXzkneX38DXDQ9/tbYPvbJQlHHO2SvJ37n8CS79JjXSKn:9Hy0MDTQ9/kJQlnEc9RC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TokenGen.exe
    "C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\TokenGen.exe
      "C:\Users\Admin\AppData\Local\Temp\TokenGen.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Title Token Generator v1.9
        3⤵
          PID:2496

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\TokenGen.exe.manifest

            Filesize

            1KB

            MD5

            6db386d733f82ea48868aa6f545377e5

            SHA1

            ff3ed40b56cae8bb21201c89d67736b4771194a7

            SHA256

            409347cac216532b65046ef28eb80ab0be81ec44b42b2b3a64e2a90faabbdb8c

            SHA512

            f9a49c21c5efe2f8bda03e05cd7f375cdcdb9fbf67f7e5db2ab005f3f4f346dc015dd5e2107aeb2f21810acc8c0e9f0351d6092320c25f6ca4c8ed66d08f1f22

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\_ctypes.pyd

            Filesize

            113KB

            MD5

            3a2e78784b929003a6baceebdb0efa4d

            SHA1

            abb48b6a96e22b9bd6d2a8443f5811088c540922

            SHA256

            f205948b01b29cb244ae09c5b57fd4b6c8f356dfcd2f8cb49e7cfd177a748cf9

            SHA512

            ad5a9a5143b7e452d92cc7ea5db12967b2073b626be3437d17041d7ae6d82ee24b15d161d2f708639d3bbf8c657202cd845009a219657557203497ea355876ce

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\_socket.pyd

            Filesize

            67KB

            MD5

            cea329ce0935e99a8bc01070f07fefaf

            SHA1

            9d81307e9559d0661633530e5756957b05d84268

            SHA256

            d1a4d66c557c2fe7dc441614ca62e67f37ec44bef5a762bac41bac15d491a930

            SHA512

            b6aea9c2221bf35b0895c35942cf3c9613ec7919540b4c24a3b97d7a0846256e9ba654e8f233fadca1b15ff0b7d30d73adfaec85bcadb6100fd73e62d3a068ab

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\base_library.zip

            Filesize

            768KB

            MD5

            1162eb4c51c50e54909a31d03a30548b

            SHA1

            5724bda677dfd2545ab02496ffcda76522c17137

            SHA256

            228dfd18d006a848d50999c278cc74f21423afe9268874d0277a9fcc8e9593ab

            SHA512

            fb78949ff304bc3fbe3e1b12b282638fb84ccdf08f92c9ce930fb2d69c3dad78926f4a5f5b93e061b1e082c28e236827b7420f755e2a911090caaa9f4fc08d15

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\libffi-7.dll

            Filesize

            28KB

            MD5

            bc20614744ebf4c2b8acd28d1fe54174

            SHA1

            665c0acc404e13a69800fae94efd69a41bdda901

            SHA256

            0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

            SHA512

            0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\python38.dll

            Filesize

            3.9MB

            MD5

            7e771d92e814a9fe3520b9f1af6176e0

            SHA1

            2b1d2fc31fdc2d1940d3835e1e62214414e6cffd

            SHA256

            54326ecd163c7fffcdd02620490b6bde727c6a3153bff9706cf086510e4aa36d

            SHA512

            547bdf9048d3b3bc88741ce2307ed4a48b10407d17dbb9f5ba5a727d59d208069abddb90d24b3d4bf0aa5ced2bdcabec3230baf73f2576652035afe5a1297667

          • C:\Users\Admin\AppData\Local\Temp\_MEI21762\select.pyd

            Filesize

            23KB

            MD5

            26bc7e9826bc13a4d0cf681b0e5cf3c8

            SHA1

            effff42e88cdd66bc4397de1a6d3b5ae540f820b

            SHA256

            8e7366cf6e128f977f8977a8db45a714ba72e643b31bd26b7676f33d3d8df612

            SHA512

            16d92785a234e60301aa6c4c5d508bdaff805689d4f160ab3c0c4d0c2376dd3616f676ad2fa81c08ea80e4fb862c3a15e1b59212508dddb388c8a768726b018a

          • \Users\Admin\AppData\Local\Temp\_MEI21762\VCRUNTIME140.dll

            Filesize

            81KB

            MD5

            4c360f78de1f5baaa5f110e65fac94b4

            SHA1

            20a2e66fd577293b33ba1c9d01ef04582deaf3a5

            SHA256

            ad1b0992b890bfe88ef52d0a830873acc0aecc9bd6e4fc22397dbccf4d2b4e37

            SHA512

            c6bba093d2e83b178a783d1ddfd1530c3adcb623d299d56db1b94ed34c0447e88930200bf45e5fb961f8fd7ad691310b586a7d754d7a6d7d27d58b74986a4db8