5eb56da651b51c7476625e3430f8637b81f9a7dfc9d35b282ed4211768dbec9a

Analysis

max time kernel
95s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 18:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Samarium.exe
Size

17.8MB
MD5

5f345be9d29631ed0a7ed2b0f77077c6
SHA1

37ba737cea8df154bacd3618425365173e27f43d
SHA256

5eb56da651b51c7476625e3430f8637b81f9a7dfc9d35b282ed4211768dbec9a
SHA512

1cce29dbe418a76984d5ef3c542cfacc9da59ee253ac307d4d2962162f670d3036141ff58d5218de906f3ac862a45644d0a6abbba3cb6d111a9dc3ff36ff5a13
SSDEEP

393216:kDfDg2/m3ppc6HJ4n27q3+d9O6V4asW8RAm3TksLw9mZja:kb02KqS4lOd9HeW8RAmo9mI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe
4576	Samarium.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	discord.com
36	discord.com

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 4576	2704	Samarium.exe	90
PID 2704 wrote to memory of 4576	2704	Samarium.exe	90
PID 4576 wrote to memory of 5036	4576	Samarium.exe	91
PID 4576 wrote to memory of 5036	4576	Samarium.exe	91

C:\Users\Admin\AppData\Local\Temp\Samarium.exe
"C:\Users\Admin\AppData\Local\Temp\Samarium.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\AppData\Local\Temp\Samarium.exe
  "C:\Users\Admin\AppData\Local\Temp\Samarium.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27042\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_asyncio.pyd

Filesize
63KB

MD5
33d0b6de555ddbbbd5ca229bfa91c329

SHA1
03034826675ac93267ce0bf0eaec9c8499e3fe17

SHA256
a9a99a2b847e46c0efce7fcfefd27f4bce58baf9207277c17bffd09ef4d274e5

SHA512
dbbd1ddfa445e22a0170a628387fcf3cb95e6f8b09465d76595555c4a67da4274974ba7b348c4c81fe71c68d735c13aacb8063d3a964a8a0556fb000d68686b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_bz2.pyd

Filesize
81KB

MD5
86d1b2a9070cd7d52124126a357ff067

SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503

SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_ctypes.pyd

Filesize
120KB

MD5
1635a0c5a72df5ae64072cbb0065aebe

SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f

SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_decimal.pyd

Filesize
248KB

MD5
20c77203ddf9ff2ff96d6d11dea2edcf

SHA1
0d660b8d1161e72c993c6e2ab0292a409f6379a5

SHA256
9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133

SHA512
2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_elementtree.pyd

Filesize
125KB

MD5
9dc3969ee6304eec0cf502fe34c9bbc9

SHA1
be8895abf3fcbe4e7df3f95d0d0c030377548ea0

SHA256
262d771de19a071c2d086717c29dc9a704b33f95f6aa06ec2092f3e8f54495ae

SHA512
d5c02a0e4b4ba4fe1348e218123d56a91efeff291dec10a4c8df6d7c86bad47ad95501396af35ea7103b3b5a9f27a81a67f8c8ca604e8da3922209b71d46e5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_hashlib.pyd

Filesize
63KB

MD5
d4674750c732f0db4c4dd6a83a9124fe

SHA1
fd8d76817abc847bb8359a7c268acada9d26bfd5

SHA256
caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9

SHA512
97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_lzma.pyd

Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_overlapped.pyd

Filesize
48KB

MD5
fdf8663b99959031780583cce98e10f5

SHA1
6c0bafc48646841a91625d74d6b7d1d53656944d

SHA256
2ebbb0583259528a5178dd37439a64affcb1ab28cf323c6dc36a8c30362aa992

SHA512
a5371d6f6055b92ac119a3e3b52b21e2d17604e5a5ac241c008ec60d1db70b3ce4507d82a3c7ce580ed2eb7d83bb718f4edc2943d10cb1d377fa006f4d0026b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_queue.pyd

Filesize
30KB

MD5
d8c1b81bbc125b6ad1f48a172181336e

SHA1
3ff1d8dcec04ce16e97e12263b9233fbf982340c

SHA256
925f05255f4aae0997dc4ec94d900fd15950fd840685d5b8aa755427c7422b14

SHA512
ccc9f0d3aca66729832f26be12f8e7021834bbee1f4a45da9451b1aa5c2e63126c0031d223af57cf71fad2c85860782a56d78d8339b35720194df139076e0772

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_socket.pyd

Filesize
77KB

MD5
819166054fec07efcd1062f13c2147ee

SHA1
93868ebcd6e013fda9cd96d8065a1d70a66a2a26

SHA256
e6deb751039cd5424a139708475ce83f9c042d43e650765a716cb4a924b07e4f

SHA512
da3a440c94cb99b8af7d2bc8f8f0631ae9c112bd04badf200edbf7ea0c48d012843b4a9fb9f1e6d3a9674fd3d4eb6f0fa78fd1121fad1f01f3b981028538b666

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_sqlite3.pyd

Filesize
96KB

MD5
5279d497eee4cf269d7b4059c72b14c2

SHA1
aff2f5de807ae03e599979a1a5c605fc4bad986e

SHA256
b298a44af162be7107fd187f04b63fb3827f1374594e22910ec38829da7a12dc

SHA512
20726fc5b46a6d07a3e58cdf1bed821db57ce2d9f5bee8cfd59fce779c8d5c4b517d3eb70cd2a0505e48e465d628a674d18030a909f5b73188d07cc80dcda925

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_ssl.pyd

Filesize
156KB

MD5
7910fb2af40e81bee211182cffec0a06

SHA1
251482ed44840b3c75426dd8e3280059d2ca06c6

SHA256
d2a7999e234e33828888ad455baa6ab101d90323579abc1095b8c42f0f723b6f

SHA512
bfe6506feb27a592fe9cf1db7d567d0d07f148ef1a2c969f1e4f7f29740c6bb8ccf946131e65fe5aa8ede371686c272b0860bd4c0c223195aaa1a44f59301b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\_tkinter.pyd

Filesize
64KB

MD5
8da8e5348d9f9572ce9216ac8a628c2b

SHA1
35a23ea241d004a45399d69ca038042936d8288d

SHA256
06b96357f5dd83d0d8105127e7aaeacb834ddf1ae03fa46aaffdc1e5fd0a7621

SHA512
ca7a05cb49c8af6ebfa3cd5d415352bfd0c2abdbbf05d539e296042bbde075d29ddc8c2a2e5d46c9e736dcc848bc633686029784883f855167875972fb607f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\base_library.zip

Filesize
1.0MB

MD5
04a48614579ed1014b2bc30921bcd406

SHA1
45bfd1e6d2d4780d4ccc066a885ffbcd35b7f055

SHA256
f8e8711b49a85428ea2da91d7cc2bf339f76b608e221db6378e6242c41a5c5c5

SHA512
0b63127ef1249a34b9f1c2ce12c892ace910acf49d04ef2d04fae6d0cfd17dd8c789127e6322277c54da715951ab2b33e4a47cf37072fdbfbacdd0380885b9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\certifi\cacert.pem

Filesize
268KB

MD5
59a15f9a93dcdaa5bfca246b84fa936a

SHA1
7f295ea74fc7ed0af0e92be08071fb0b76c8509e

SHA256
2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524

SHA512
746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\nltk\VERSION

Filesize
7B

MD5
b5beb86e1be418e2896ec3e571fdecda

SHA1
b4d60bff3eb8940c84b5a78eb2b5b3243bd36c85

SHA256
f77d95c6f3b9321fa158dc99557b2aa5d9de2c62a063490a700e3f5d5492bf24

SHA512
9f1424ebd7a80a229c43f4e6e7e0ede7603a65882dcb7db26af6847f2a940a434ac96e2d9dc7eb0a01041a94550edcd1583e3c527d83d849f0710d9c337856d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\pyexpat.pyd

Filesize
194KB

MD5
1118c1329f82ce9072d908cbd87e197c

SHA1
c59382178fe695c2c5576dca47c96b6de4bbcffd

SHA256
4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c

SHA512
29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\pywin32_system32\pythoncom310.dll

Filesize
674KB

MD5
e3b435bc314f27638f5a729e3f3bb257

SHA1
fd400fc8951ea9812864455aef4b91b42ba4e145

SHA256
568982769735d04d7cc4bdd5c7b2b85ec0880230b36267ce14114639307b7bca

SHA512
c94baffbec5cadf98e97e84ba2561269ee6ad60a47cc8661f7c544a5179f9e260fbec1c41548379587b3807670b0face9e640e1d6bca621e78ef93e0bb43efcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\pywin32_system32\pywintypes310.dll

Filesize
134KB

MD5
a44f3026baf0b288d7538c7277ddaf41

SHA1
c23fbdd6a1b0dc69753a00108dce99d7ec7f5ee3

SHA256
2984df073a029acf46bcaed4aa868c509c5129555ed70cac0fe2235abdba6e6d

SHA512
9699a2629f9f8c74a7d078ae10c9ffe5f30b29c4a2c92d3fcd2096dc2edceb71c59fd84e9448bb0c2fb970e2f4ade8b3c233ebf673c47d83ae40d12a2317ca98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\regex\_regex.cp310-win_amd64.pyd

Filesize
655KB

MD5
fc7b3c8813354f024431d13fedbc0098

SHA1
4edefa782824f357cd9106c2724a8d4cfb84238b

SHA256
42e39437d3199333ab0d415ee8767f77d857bfee2efc123c3419fb3a751edf1f

SHA512
fb6d795f26541afba6dc8a455954d11dc353229258d22abcc17b10d2b11c01ac714d779e622d5c1a558b988e3f8c27e6c0880c7087ea2e579bf304b20a8e4ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\select.pyd

Filesize
29KB

MD5
a653f35d05d2f6debc5d34daddd3dfa1

SHA1
1a2ceec28ea44388f412420425665c3781af2435

SHA256
db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9

SHA512
5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\sqlite3.dll

Filesize
1.4MB

MD5
914925249a488bd62d16455d156bd30d

SHA1
7e66ba53f3512f81c9014d322fcb7dd895f62c55

SHA256
fbd8832b5bc7e5c9adcf7320c051a67ee1c33fd198105283058533d132785ab4

SHA512
21a468929b15b76b313b32be65cfc50cad8f03c3b2e9bf11ca3b02c88a0482b7bc15646ce40df7fb42fbc96bd12362a54cffe0563c4ddc3fc78622622c699186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\tcl86t.dll

Filesize
830KB

MD5
6432b8c7737693fe48417f63287d1d30

SHA1
cdf6ff3bc0ba2b39f073bfd28110dc97073062a7

SHA256
165e90051cc8176e317e4f9eaaa5224042d5dbdaa87ebff6b7ad2a8f5382fa46

SHA512
362155fb344fe77f1992b9d2180b1e1a4cb5dc1ac1a283c0904853ab46ba363b93fe09527476a6187f1951c522782d2e710c269cda369a87ebee96cdc931cfbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\tcl86t.dll

Filesize
640KB

MD5
addfeb819955f23e0f52967d5c461b90

SHA1
d64169c1c221fd8a1aa484f152bb8fed2d1f4718

SHA256
b9ed90c679859578f76964e9363e3029249df322b392c242d921209c34419af8

SHA512
da6dcb72db5b97f429e082281d928b6513abbfeb63b3d4c88f87270cf8b9bd29b2d28452c528043e31cb36982969d736f4b5814e6ea88319bc7184143d8b1ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\tk86t.dll

Filesize
1.5MB

MD5
4b6270a72579b38c1cc83f240fb08360

SHA1
1a161a014f57fe8aa2fadaab7bc4f9faaac368de

SHA256
cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

SHA512
0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\tk86t.dll

Filesize
448KB

MD5
6c5f424b15243a3590ca32eaf68276c0

SHA1
c3bc765d5a65263fa7cb534c43c57cfad67e9940

SHA256
48dcb86d195d96d366d6cd7419396518940719d766a0928e9426d9a2c74958da

SHA512
5b4d9b2792eee0223f857a12ea2169cb156233fba93c1602ba74cda174848014918df6d76e72917d80ffb32c8dd3058c1513cbf136b746c99ff7f8186aa5439b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\unicodedata.pyd

Filesize
1.1MB

MD5
81d62ad36cbddb4e57a91018f3c0816e

SHA1
fe4a4fc35df240b50db22b35824e4826059a807b

SHA256
1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e

SHA512
7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27042\win32api.pyd

Filesize
136KB

MD5
931c91f4f25841115e284b08954c2ad9

SHA1
973ea53c89fee686930396eb58d9ff5464b4c892

SHA256
7ab0d714e44093649551623b93cc2aea4b30915adcb114bc1b75c548c3135b59

SHA512
4a048a7a0949d853ac7568eb4ad4bba8d7165ec4191ce8bc67b0954080364278908001dbce0f4d39a84a1c2295f12d22a7311893f6b2e985c3ad96bd421aa3b8

Download Submit