Overview

overview

7

Static

static

3

b7673d307b...a4.exe

windows7-x64

7

b7673d307b...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 12:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b7673d307b8ee78b2a48d2dcbac580a4.exe

  • Size

    11.1MB

  • MD5

    b7673d307b8ee78b2a48d2dcbac580a4

  • SHA1

    1fd017a819f32f640a6b7de5bd9a110a07b0e505

  • SHA256

    b3149dd6082792c613d1d4e8707b708aecf1eb2c9d6a408427928db8216429c6

  • SHA512

    bd61596d818a36672f45d01c9cdfccbe6df6aea9b3ddd29bca613e9d7141dec012b3d6870a6a797c46c81b97d3f01aadfede60e98cfdeea6169a6e3304ffda29

  • SSDEEP

    196608:TcHI9wPAaCYM18Hq3WSzLfqCtgOquGAgyc2apjCREy/1U+0F6puA5KR:goAArWs76As2aRqMGNE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe
    "C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe
      "C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:512
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4836

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\VCRUNTIME140.dll
            Filesize

            74KB

            MD5

            b8ae902fe1909c0c725ba669074292e2

            SHA1

            46524eff65947cbef0e08f97c98a7b750d6077f3

            SHA256

            657ab198c4035ec4b6ff6cf863c2ec99962593547af41b772593715de2df459c

            SHA512

            4a70740da0d5cdbd6b3c3869bcf6141cb32c929cb73728bd2044dd16896a3a1cafa28b0714fadcdb265172b62fa113095d379f3a7c16a248e86c8f7f89ecd0f4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\_ctypes.pyd
            Filesize

            114KB

            MD5

            1094aad0a1ff0de0f1168dc4e5f2331b

            SHA1

            894e9b837f3596be4bc9d9a8f53598eb3cc6cbb0

            SHA256

            7d25916acf37123c232d081f0eddaa238eb4836e83668d701b92057b3b2eb361

            SHA512

            c7e95eb742575eaef0d775c9d183b5ab94ff90960df6c34451656bb28b6f5975d5f49cb6234d5bd84a840c47dd8d2fefe3d0ceb7a8d3a72802462ff6354f861f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\_socket.pyd
            Filesize

            69KB

            MD5

            d17542c811495295f808e8f847507b5a

            SHA1

            517c9b89e2734046214e73253f8a127374298e1d

            SHA256

            99fe82a75841db47d0842b15f855dcd59b258c5faf2094396741f32468286211

            SHA512

            affa357a639f512d2cf93a7d9fbf35565bc55f587a02004b661a3d604c3bb5f4ba8c7d646c3364d9a682264899768bcfcc76071b4856d14afa4a85cafa03fda7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\base_library.zip
            Filesize

            64KB

            MD5

            d0e0d6f35ae11cb096c6e0c40e83a27b

            SHA1

            6ad6beda05ba47e828c8ded6b8f7e077c79b259c

            SHA256

            83178023fd1415adf6460ea1a2943de9da785d616691842f634d0fb1c7028f6e

            SHA512

            3138ae6e7ab51b31c7bd2e0a4d0e0f7d323c54d82c40dabba7c95715304ef9b2ab742ab78e33a255f237f716f84bec2f65b1e4274ed6b5944172e1983982b4af

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\libffi-7.dll
            Filesize

            28KB

            MD5

            bc20614744ebf4c2b8acd28d1fe54174

            SHA1

            665c0acc404e13a69800fae94efd69a41bdda901

            SHA256

            0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

            SHA512

            0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\python39.dll
            Filesize

            3.1MB

            MD5

            ec70f0eda110348049b07131541a798f

            SHA1

            8fac2fda20e49ba45829fa916647645a4013354c

            SHA256

            e3953b26c80e1841ee6de2e139a2bd01f08c2a606dc0a222bd57fb1b5760a62e

            SHA512

            1150985c77154ce2f481e8b98f6d5b591df6ea074a9e07f1515aecf4603b1548115f7afa5d87507424b4598a59c985245ae187698b9c6184f3385bc24271ce02

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\python39.dll
            Filesize

            4.1MB

            MD5

            3af6d171bd4263af220b8a054ebde9f6

            SHA1

            4b43342c4225bcc2329107870493ecfb684e286e

            SHA256

            8fb2e4edd545e1e56155a93ed5de329e4a66a04ab91766c635ccffdea855f9ff

            SHA512

            4efee345c110fd78b0bd2f993d7044a06622fafec76b4ece01e44d1cca1b57037e47641c1bb9694e22683696342140445ae3533c2ae3ba53618c129834140388

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_MEI46162\select.pyd
            Filesize

            24KB

            MD5

            6e02edd31fcb2d346b8bddf9501a2b2f

            SHA1

            f6a6ab98d35e091a6abc46551d313b9441df4cc5

            SHA256

            422bb7d39d4f87d21e4d83db9a0123a3be1921a7daf8ad5902044fc5a1cda0a1

            SHA512

            37c91d5d44121769d58b91ac915840a3eb4ac9071fc04f9e1bc3eb5b0e2cded0d72d0c989d66386b40f41238b0f3930f938ab1ec89e757988dce07b847e40227

            Download Submit

          • memory/512-25-0x00000000FF030000-0x00000000FF401000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/512-39-0x0000000000800000-0x0000000002119000-memory.dmp

            Filesize

            25.1MB

            Download

          • memory/512-40-0x00000000FF030000-0x00000000FF401000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4616-20-0x0000000077702000-0x0000000077703000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4616-2-0x0000000000800000-0x0000000002119000-memory.dmp

            Filesize

            25.1MB

            Download

          • memory/4616-1-0x00000000FFA60000-0x00000000FFE31000-memory.dmp

            Filesize

            3.8MB

            Download

          • memory/4616-0-0x0000000000800000-0x0000000002119000-memory.dmp

            Filesize

            25.1MB

            Download

          • memory/4616-55-0x0000000000800000-0x0000000002119000-memory.dmp

            Filesize

            25.1MB

            Download

          • memory/4616-56-0x00000000FFA60000-0x00000000FFE31000-memory.dmp

            Filesize

            3.8MB

            Download