38add4e0067a3d4272bde6ad242cf94fea968a7a40efb292620ee79500825762

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
09/03/2024, 16:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bypass.exe
Size

5.3MB
MD5

9a1241f2d323596fbeef668ca803ef45
SHA1

4eb0a84553c2d79f833ac101f2ffd83c095b3cd0
SHA256

38add4e0067a3d4272bde6ad242cf94fea968a7a40efb292620ee79500825762
SHA512

52d76452b9270e2f038750a22459b284ab1e1e6462be799c66038af5e8ac8876c3abf6d7bde30c0d906f88dc4039a8808c30ac0ede5fcfcbf4eea93bb1805431
SSDEEP

98304:UlmqNU4zHQktlw2Kce0t+JhVWn2xxjsS9cIBXIzsQbpjtN:ULp3tlKXjXWnAf7BXIzp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 22 IoCs

pid	Process
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe
2616	bypass.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2616	bypass.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2616	2228	bypass.exe	29
PID 2228 wrote to memory of 2616	2228	bypass.exe	29
PID 2228 wrote to memory of 2616	2228	bypass.exe	29
PID 2616 wrote to memory of 452	2616	bypass.exe	30
PID 2616 wrote to memory of 452	2616	bypass.exe	30
PID 2616 wrote to memory of 452	2616	bypass.exe	30

C:\Users\Admin\AppData\Local\Temp\bypass.exe
"C:\Users\Admin\AppData\Local\Temp\bypass.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\bypass.exe
  "C:\Users\Admin\AppData\Local\Temp\bypass.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22282\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\_bz2.pyd

Filesize
87KB

MD5
4079b0e80ef0f97ce35f272410bd29fe

SHA1
19ef1b81a1a0b3286bac74b6af9a18ed381bf92c

SHA256
466d21407f5b589b20c464c51bfe2be420e5a586a7f394908448545f16b08b33

SHA512
21cd5a848f69b0d1715e62dca89d1501f7f09edfe0fa2947cfc473ca72ed3355bfccd32c3a0cdd5f65311e621c89ddb67845945142a4b1bdc5c70e7f7b99ed67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\_lzma.pyd

Filesize
251KB

MD5
a567a2ecb4737e5b70500eac25f23049

SHA1
951673dd1a8b5a7f774d34f61b765da2b4026cab

SHA256
a4cba6d82369c57cb38a32d4dacb99225f58206d2dd9883f6fc0355d6ddaec3d

SHA512
97f3b1c20c9a7ed52d9781d1e47f4606579faeae4d98ba09963b99cd2f13426dc0fc2aeb4bb3af18ed584c8ba9d5b6358d8e34687a1d5f74a3954b3f84d12349

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll

Filesize
14KB

MD5
2d392251a80fd6debcb0ea6fe72be122

SHA1
c4e618872dd98d97cfd9e537e56ecbb512599855

SHA256
e012521a03fb1455e8537bbd91bd0ae0cc3b8ef0fa0262be461922c08ead8159

SHA512
6d907569581c4f0586c9199de1e2369af02f64dffb36cbba76ba8b26dcaab7a0ca8f5a003c0032a06532a064291afaca456e71277e4ef63e639aef8ff4f50ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll

Filesize
14KB

MD5
2b59a0d1572d646cee7b033b7b599153

SHA1
88bf2c4f9544c164023ebabe68ba2489c00d514a

SHA256
d2488736299d2089383ac5a52b42a590d92430e1c4b28761d8991c33918aa6ee

SHA512
945883502cca4f8352374ffdd4d8967b168f91b19f917986feb1ae6c605787ab732fd875d5b3e6690c5e5dfe02c9637ed7febd65ac93bdbcfa9ba83573fff833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll

Filesize
17KB

MD5
8069b4e93f64080e0f69e39babe659df

SHA1
790eca13741e7f013fc25d28d4a17774f1e4c639

SHA256
5bd225745b8fdaf73d058661b8a4be5fb7672328ee2b3e4915692eec931aeaa4

SHA512
33a2cd43f5a22653c5386cfcd71396eb1127c7569b42580a7526823b04d253e9ba02ae604903bb373a67f3bcf208041b62b402d00dcf40c5ad5a478b41909430

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
15KB

MD5
e1905f756f24ffd5adfde728e8deef0e

SHA1
37d3fb2bc0ea7c5754c6231b2b5304e0e1c32d7f

SHA256
5a56b78520e5b438b003312356dca1c2c10febcc17dd01c37ebe0735111c5cd0

SHA512
6b0786084f46766bbfbcf1cc20944f4be1d1e2f64cb5a96e824d9cde96123e8e44bf521d842292d0297ce9c90eb5c33e5ec5ca58d61a5d59d5fa4a619cb4b8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
14KB

MD5
13e8e35d4ad0f2ce91809424bb7f08c1

SHA1
57bbfb38909735285a173a02cf9d65f8b9008c01

SHA256
64dfad5bbee56c7cf22a5a9d16f2d97e2b856504fcc2d32e97a315403f8114a8

SHA512
cd13412852efd214ede0ba75f4a29347e8b1b68d883bc45b64e99cdc2992196877e53b107ccb3869ca39e75fb3f98519374413abdca8eaee324b869dd36d4107

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-conio-l1-1-0.dll

Filesize
15KB

MD5
0b20ff2c16a4e1ab8654daab28c70251

SHA1
3edc07edda07b7dced41355fbb7ea8d0c47925e9

SHA256
8fefeba6558252e7adaf4682bfe64d3c0b4fa9c2397e8f7deadc614aa3d5c7cf

SHA512
f5432a409fa28bcd5db1d53231509a8017f44b0aa87eda2b12e0a2e3d0ec6dbb0cc8a37c739e3219d280aad0ebaef120c5784a4ef258af6f6362fef4b890400c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-convert-l1-1-0.dll

Filesize
18KB

MD5
612d0f781f91484d956cc0ff98534264

SHA1
81b5d2ae72bf28a24952311da711ace4966117ab

SHA256
1bf1b85e0598a9099e6fc76356377f526f23de06b3f26e134bc446382b2d68ac

SHA512
2a5f5e56807936157fca72ce47ed979307b7f9ae16cffdc658c6e63843099a772c6369f0d3bfdc580737bdeb58800670f3bfe9b2a2f919e2d5bd603a59c48534

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-environment-l1-1-0.dll

Filesize
15KB

MD5
63ae32b789c5f16513c002441c520ae2

SHA1
9737d7a3d868fd5869400cc6d920c64e9163d0a2

SHA256
9b667e89d0a655d855f9a5313581c402673dd192415ff9b8a86b0073d6bb6af3

SHA512
3e1746296a77640168a1ed7a13462452e60f27a5e5c591d72dbe833afdc6e9ed8abfb3b11e79fb826ffdf0bbaf0db21d91d842e10a35c6d79d988fc79fb561b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
16KB

MD5
00bc4051d7867d904d39eca5baefbc2e

SHA1
7dea50fa063a3a6fc56e49182fb04399bc2bee84

SHA256
aed615c2ebb76877dbefe7bf555592f6e9d50c38e598c8a76b42fd5406727f71

SHA512
46eabbc83a144155022f2b47abcc2d7764e7a2b06d4a13b6c71b39d7852264de86f54951965f92fcf0a1b0953124d4304a4e06ada37f98d02c38cff4b39f6bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-heap-l1-1-0.dll

Filesize
15KB

MD5
c62578b650f314432e8f5cfe733dcf28

SHA1
685bfc2475cf74b50a0dd3a4f4b37644013049f4

SHA256
b8428167d782c563ee7d8dbb2ea8abb1bc1b2090f987bfeb0d7d4afbe90990e8

SHA512
5c8d2f1d4331c41df31b2a50ad6ee909c29509ccf19d83f26404591718f24a1364a7b05662241199d27cffe523527ca04425b1ad54c47b0da2f03a6fb7d28bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-locale-l1-1-0.dll

Filesize
15KB

MD5
36df7bf3b5482a8080a26a3c13f647dd

SHA1
1ba9b4db469532201f50edbe79c80e781a8614bf

SHA256
db822d149d72ec3a415144cd1a4256dc3cec3d4b723298c31e5e3dc92a0e07a6

SHA512
3e08c451fd21ecaad580a576df67fa83547348fa47c29d3686a0fb7ce51945e4d55ddb54b86585b5c8c587b0aea4f07c1b62b7c531a32c235691c28065612c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-math-l1-1-0.dll

Filesize
23KB

MD5
b346e38103749321e781a64a8334dc86

SHA1
8fe59733595e093caba0a504c9d2eb9209a13e57

SHA256
d6d5a31f50c0b209f8b8f5824c1bf69a7adf0f9d11d211f4cfe0c40dfb1bf9ff

SHA512
24dc2aeb7c0c70a1e3c4c81a9a7a54598303498ca518f82d7f507a2d2e6f40ee928c4a98571d21f0d1206a802fff9f57440149f66447977e70aaebd3bd84b181

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-process-l1-1-0.dll

Filesize
15KB

MD5
fef5bab06a44baa35f5a771a97adf5f9

SHA1
59950c56a6d7f46fb1fd04c3dae58c01b7e445a5

SHA256
a0f6bc4c0dbcdab1787b1dc2a9b2eff61ed487f86650fe66404514d9d08b5558

SHA512
6dc2f5329c43f98fa5d0ad01a4c2554ee796e4eeb9b0e5c96b438ff2fa629eea18ac50c3389c88c4495712e97f07ac5e764c619211dcce0ed274d2ee4febe2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
19KB

MD5
d5f928e3a4645e370af7e3e4e347457b

SHA1
a92fb4d9a0f1c7809e25a0d1f4a2070155c7f5f2

SHA256
12a4b4a189cd46bf1936883042d0f5a5e74922acfbd2211be94955b4efb72e95

SHA512
34356bbb5b3647cf003c7d92af71292036cab0e06cc0c18979f618e10b1af5ddb04bbd20fd2cebc920d4e80a8bd4e4ee0efffff09384d5f10d90dcc709808c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
20KB

MD5
4ad71764208f09e660bc7cddbb617917

SHA1
d6028c90a4c2ac5597e2bbdc9ffb3497559f030a

SHA256
15a3fcc39ef5179071590950eab00afb62848f6131e02977ab7d69126af7ccc8

SHA512
abf925f8443d7075e7a8bc1ff1d644e6e790f662e6c620af44edb7ad7bdca72368835a1aaba1f75e649a81c720bb6af80a03b43d38dd08760678e81c275d08ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-string-l1-1-0.dll

Filesize
20KB

MD5
cc9edecd2b99c8666576b3d2bcad1a8a

SHA1
d018cad049d6d83670823fda9c44bb07d2e345b6

SHA256
d4abc875f955a51d1671c1f1d006b81cdc3f615834054490bf2d5d55a3cdd4de

SHA512
2a5396b2a0e7f18ea8c9a05051e86d4ba737e1b733d4cf60f61346b03c7ffd0197cd6b98f434997568baffd6955b23404c3e10b7cb2c52b8f258f445bf3c073f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-crt-time-l1-1-0.dll

Filesize
17KB

MD5
812b70e25a8ae174d53a603895040321

SHA1
72201c60f79415b6ddafb60f7346d228c6a923a8

SHA256
1f21e488a17e15b5b0e1873a020d84e8d2f21e0a98ec8e16dd829526fe59ad0c

SHA512
627f261f395ca41331df5963982281c69afb012c984bb200f58ef1cecfb453386306741e89ac957537bc866d7449bd31f3d478f15db160f247b00a401fc13066

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\base_library.zip

Filesize
994KB

MD5
2cbfdd9d140cfec033b87be369551ee3

SHA1
42bbc444691715d56d62cecae6373314d05a267c

SHA256
414f685d9b0ba655e61210cc9f4241829ee3f7a0342762b111d5743a913527eb

SHA512
840936a495a800f5ff32ab66f55c6773aa530fc919a3dfa624b2a04661770e53ff90fcf38dcaccc1341ed847a7ab658c04994fda3309b9f92d100a9fbb7beeba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\python37.dll

Filesize
3.7MB

MD5
62125a78b9be5ac58c3b55413f085028

SHA1
46c643f70dd3b3e82ab4a5d1bc979946039e35b2

SHA256
17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f

SHA512
e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22282\ucrtbase.dll

Filesize
964KB

MD5
cd39b013c2fdc4fce29299b76c1160fe

SHA1
403992e25ec2bc871d4bab918242d3d7be6b281f

SHA256
29a166a9cfb96effd434ab43eacc3059b24cb634b03da5f7325e5e87666a504d

SHA512
011f229591dfeb58de925a6258f0526162765aa150d13113dbc51b877f281b286f6fdb97d72a41347dab321676724a471cd82b349baabfe57f15f666f0d2a860

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads