611d3067f4809745a80de966ed8af04c672cbb4598b522fa485ca43159969052

Resubmissions

07/03/2024, 09:48

240307-ls7jaage85 7

07/03/2024, 09:29

240307-lgdrtsgc46 7

Analysis

max time kernel
155s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b866eb82ee4d9e20c25a409e0630113f.exe
Size

6.2MB
MD5

b866eb82ee4d9e20c25a409e0630113f
SHA1

8dcbeff3f0a6db5c8fc888c1121c9961a95734c3
SHA256

611d3067f4809745a80de966ed8af04c672cbb4598b522fa485ca43159969052
SHA512

7b5e39e6e34764cdb0cddce124faff6a443f0e9c8f8f8bda63af5c1c8539cd054ce27614f7d698444ae6fd3115d3458231b431474a8df0257148d6764b8a7169
SSDEEP

196608:ZKoVqqsOHPkNCxchmDYzSVbYaaC8j/9hI9t:nyOcUxcho8AbYaaC8z9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe
2132	b866eb82ee4d9e20c25a409e0630113f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2132	b866eb82ee4d9e20c25a409e0630113f.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 2132	4088	b866eb82ee4d9e20c25a409e0630113f.exe	96
PID 4088 wrote to memory of 2132	4088	b866eb82ee4d9e20c25a409e0630113f.exe	96

C:\Users\Admin\AppData\Local\Temp\b866eb82ee4d9e20c25a409e0630113f.exe
"C:\Users\Admin\AppData\Local\Temp\b866eb82ee4d9e20c25a409e0630113f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Users\Admin\AppData\Local\Temp\b866eb82ee4d9e20c25a409e0630113f.exe
  "C:\Users\Admin\AppData\Local\Temp\b866eb82ee4d9e20c25a409e0630113f.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3924 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI40882\VCRUNTIME140.dll

Filesize
85KB

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_bz2.pyd

Filesize
92KB

MD5
dc6192772baf809c11ccd80410d6317f

SHA1
ccdef9fe8971b25bce456c9ebcee0855e9b40f32

SHA256
d346fe3b7434f21c6027cf2306ce0b733120f9398e1e304fce8798382a6abb96

SHA512
157f0a2a022e601839a59be688ded4d5e37c7d6b41383721e35963750693e49c944fab0f5faf471581f6c5a3261ff772555a2b885f5d290766077f7dcdf20f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_hashlib.pyd

Filesize
1.6MB

MD5
2186813d0d654e9387ea6b41fa11fb44

SHA1
f401b4d4c86de94fdcb9f3e662502eb4b5a315d0

SHA256
fc28fd2ec37663a1e19a37a0faa81b47ce1e6215175ad15a0138d91056358347

SHA512
ac0389e49a2412407266de5b35dd5c4067dde02f19700459511893a24bb3ef469430e7c26b067b3ef36dff5ecc819dfd3499fc99d9aa7c5b710926224b2f213b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_hashlib.pyd

Filesize
1.3MB

MD5
d5650144a71643583e0b12fe9e75f2b7

SHA1
6ef698b7bb93e868a9ae69c5148adadcbb0dce04

SHA256
84875bb0d984221210f3289ad6e9ef5bf2d530b04b77b59a131922652535dcd3

SHA512
58f1eb317b4a4bd6e8f187f64b9025e7ce8e6d5fc18a18016468eadc930e8ece51b3c62bcdc0634ca0d26c6756d8fe012a45b423d5ed613d7906de281caac761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_lzma.pyd

Filesize
248KB

MD5
3b639756208428c0306a3d9e34d58d19

SHA1
79a0fd1f312a9497d249df83f74e5134a77615e5

SHA256
c41ab7af2ca47f6154cf9a6133b121153933135acd9e0c14efbc99260e1aa8c0

SHA512
f2241b3b9da3963d363383bc91ca1dafde9e228c3a2ed6ad6bb5eab3a0203c2a2b65a55452702e90cb48a1914c6d956d32ec9ed6db42381ebf242cef4ed0f8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_socket.pyd

Filesize
71KB

MD5
19ecb0247b98dde8efcd094c6878952e

SHA1
97bb086a7bb727001d87935762548649ea5e4d38

SHA256
9623e56b79a5a4903e6effd1bb33043b300ff9377f5cee9ee97d8bc6595d8fb2

SHA512
ca95accee9ea1901174f5ee4462845a47f117a1669c5e3dd36260e5bff005e42f5a8109f701aae31e61ee521bb2af800c83e109966acd32d3309f7633ca77cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_socket.pyd

Filesize
64KB

MD5
d387e1cf4aad99c38fe4f0a08e259ff4

SHA1
e051556d951a2ac620144e8197943a55ea7a17f6

SHA256
b1fc31b3f6f3041a80383f0714358b3367aa788e133ca8e48c8170727fc24685

SHA512
d96fa05b791e9fcc2ecdedc4376437483df8ee90865d28b95d3293512bd747891e37225c8bde34def204e62cd2fd0842dca8c8e5f12887df26d09343d4c7c634

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_ssl.pyd

Filesize
325KB

MD5
b8205b3dc5ff29333332e27d00509ce4

SHA1
b8bcf6ea3b5b4813ab8cc67fe305f33895f98cb8

SHA256
3b69eca17819b759dbae072d064ec3bbe44550084fd54cbd2650b3df77ec2a8e

SHA512
326d29c3fa1617ab2bfcd7d8f2823a066a62a0ee604c9cdde385d2d84708ddd5b0ffa3e377a53e8e2f21914c97d476c295a5b64c920d74a95cd8dbb4be071cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\_ssl.pyd

Filesize
236KB

MD5
1c99acef91566b4fa3dd999703fe68a5

SHA1
e8e5f3871f6280074b554652ed3d2be3db2acfb9

SHA256
fe4b75d3cf1eaa39d1c45b398f9238375be905cc0dba746bf4bb5fdd23abdc30

SHA512
6eb1cd8a6ded9ca46fa261f83c7cdaf142085fc7a39f077de2e540fb165eb47d416e764c0cd5e735668090bbe71bc3bbf17b5223687b4e7df1bc4a7fcd0c303a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\base_library.zip

Filesize
507KB

MD5
1f00451be554bf4a33a9962c976e0456

SHA1
e449fec9e3a4b434a30d5adb5f0010a14b8970fd

SHA256
43f03f9f45408ef00ad52f3a69b19187f09445ff1ee73f1d400ce83ebe9e158f

SHA512
1f74811f539dc76f2b32d8a9b169c983252ac6b3eacf993553bfa509d1d18bf9907ea77a84aacd75c29c63ab0e8f2c93b036d3c9553d1976b4569d61ab0dc82c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\python36.dll

Filesize
2.0MB

MD5
d3e76a1296a980763240ad7b7deb1cc9

SHA1
8ae28584526072777a5b28c95e14b4f6dd397dcb

SHA256
415367d6bd87db6fca15937e04f20cbd193709bb42e1453bc1c28b100c0bec63

SHA512
f5deabb966f8dfb84f018102c66455ae046153271e7b9482eacf97ba137d31774a98221f0e80663be460c68421ca0ba372162cb8b633786840e856895fd1de91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\python36.dll

Filesize
984KB

MD5
f987497bdd93897dc1a3941a6c66d795

SHA1
12d32111c8a5e622b357e7d63d8f88aef9c7e4f5

SHA256
926910f99e31213261185207d3fda018e102951b164a960965761c2e2a8adaa2

SHA512
3e61400f105376a6309fffce26ad2b0b726f29132c78e46e248a53b2d3e2c387eedfbb77103c6e08e1c44ec945d1ce51194ddb506ec74e7ce62214ca4c8e8312

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\select.pyd

Filesize
26KB

MD5
eef3e43cbbdf35f93af031cc63403e22

SHA1
186a3b96229014495dea94781436b7e2668e98dd

SHA256
ca973eb28266c1326efc7306dd788b4777b8715894458694795750deb8a8dbbb

SHA512
aef7112641c953c5e9650f51662672d5a35c0bfcb8721169455b8d1ab91e8a9e801dc6917642dd4bead70cc132065f05dc3fa819b4ca2859b978d1caea4c70eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40882\unicodedata.pyd

Filesize
885KB

MD5
fe511a043e1152ee28e495e3cdccb8cb

SHA1
65b9e4f5644684f893bdaa00b0e35c157113c08e

SHA256
2e486db4c9ad2f8d382d26bb88f806b74be345fce48bef473b102afa128ccc79

SHA512
27118f4cbfec001070aa0369a04dda860aa9bae45f1dd67897c0ca2bbf9b416630f705bb461fb2f54b7fc89fe2e2c320ffbfa595c0a5d2d3422af89940d67e10

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads