63da41f48018b8e66cf9d81a4f144ccc008f527b7134617c1a885fc2db18daa7

Resubmissions

10/03/2024, 12:40

240310-pv6ljsda6t 7

10/03/2024, 12:34

240310-prr9racf88 7

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CreateStudio/CreateStudio.exe
Size

6.3MB
MD5

7235f1d04f41d635dedcf6795c9fd286
SHA1

3fe3eb8d4cdbe2cd059e883f476a5effed813ac2
SHA256

4a74e3ab6273d6efb2ed30159879fab136177eee62bbcfa0863105b0868fcabf
SHA512

bc5d016fa6e8e7f1142ab495fc12ca08962890ef9d28e51ec79c8ab976a52ca7ead6220e62fb208347f085f613901d1fb308c15d4af6a049802f7628458874af
SSDEEP

196608:FR4jYdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZIeghiBV7I:vWYdQuslXrAZYCuPJOIegR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe
1456	CreateStudio.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1456	CreateStudio.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 1456	3300	CreateStudio.exe	88
PID 3300 wrote to memory of 1456	3300	CreateStudio.exe	88
PID 1456 wrote to memory of 1576	1456	CreateStudio.exe	89
PID 1456 wrote to memory of 1576	1456	CreateStudio.exe	89

C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe
"C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe
  "C:\Users\Admin\AppData\Local\Temp\CreateStudio\CreateStudio.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI33002\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\VCRUNTIME140.dll

Filesize
71KB

MD5
4f174a1036cadc4165030fec9ec7d11f

SHA1
d66057e883c7593e559f9410871781bd3e89a038

SHA256
97318e5271ba7c76d510c35141187deaae92dcfaf92c855fe77d16d2e05ac6e9

SHA512
2abe257425983db6ecd2a4c302cb91ae7b7d928d6854a27c6d2aa8c5492340be62c47798ec569f9f50d02ae627411a2621846f1c303e9331071c8de4dd1e05e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_bz2.pyd

Filesize
81KB

MD5
23dce6cd4be213f8374bf52e67a15c91

SHA1
dfc1139d702475904326cb60699fec09de645009

SHA256
190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2

SHA512
c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_ctypes.pyd

Filesize
120KB

MD5
2abeebe2166921a4d8b67b8f8a2b878a

SHA1
21f0fff00cba76a0ea471c3e05179e4b4cc1ebd0

SHA256
7adcea3a5568752a6050610cfbe791a4f8186aaaa002f916b88560a1ddab580f

SHA512
54c802d532c9ef9f3668d5e9bf23b69a58f87ec545af7fd4eab1055bfb8ee66481f361458076a364a17ddddd6550a70f5442c2bbe6562553472c0839346b1a35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_ctypes.pyd

Filesize
9KB

MD5
ab757a4a64cabd0486704a5884276309

SHA1
6395a32c13fc70a8c605052849cd964bf2941ffd

SHA256
f258b9b178f087951eff007e77b5ba29cbf359e3432e519c63732fa693efa02d

SHA512
994cb7b425b150d84cdae9475f84c7dcad0c4b557fd96f229d49dd005fb61d1ba945e50a8b1bbf10716240f79c9471f054057111a00578150fa02201fc385d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_hashlib.pyd

Filesize
60KB

MD5
477dd76dbb15bad8d77b978ea336f014

SHA1
3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e

SHA256
23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969

SHA512
3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_lzma.pyd

Filesize
154KB

MD5
401eca12e2beb9c2fbf4a0d871c1c500

SHA1
7cfc2f94ade6712dd993186041e54917a3dd15ae

SHA256
5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209

SHA512
da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_pytransform.dll

Filesize
1.1MB

MD5
352364081ca2bc10f3df4469f85c2867

SHA1
57afb0cd49df30d9cd88ae3df5b900e063f2d84a

SHA256
8d8f34f18648f880ee2e1d679197ef1421f6e809ad860943bd1ba37b5f683437

SHA512
55d19ac0daab1e7109e848d33e8613b771d7ca68219fc3aa043ae63360b546db3c60f4aac22b2ac0d718e8ba77effd3d2b5770b1986416a40470c941d47c4138

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_socket.pyd

Filesize
75KB

MD5
4ceb5b09b8e7dc208c45c6ac11f13335

SHA1
4dde8f5aa30bd86f17a04e09a792a769feb12010

SHA256
71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178

SHA512
858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\_ssl.pyd

Filesize
155KB

MD5
dcb25c920292192dd89821526c09a806

SHA1
79c9af3a11b41d94728f274b45a7c61dc8bbf267

SHA256
4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482

SHA512
ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\base_library.zip

Filesize
132KB

MD5
7da9da08f8c6671933ca78fe77be3a9b

SHA1
e994e6a6103ac2e6a316ff8067a5d3405ac892cc

SHA256
684455092236d70df4c076bdf096a037b4f011519f31344b228a3f02646a023b

SHA512
6ca20a42e19f94420833673a7738dfb69c2b318519df61360f6f0ec0871b82763ce4f11b4168db8de80559f92e6f1eb449bb7227e4343791bd717d4ddd031cb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\libcrypto-1_1.dll

Filesize
2.0MB

MD5
b17fbaf40608078c0f2a524ce940611a

SHA1
02939c134bc94361084451194b6025604795d7ba

SHA256
12a069d3ef87db3bd4e6b165f991bec51ceb426f955a852b8b047609eb2ad92b

SHA512
89e3110b9b4a0277c6a251a817ec87de8e017d5121ec35939d0ecf06807ed90d192bd08970860da392ee0026cefd9aa37377c56b0fac4598eb36cc0fe8960ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\python310.dll

Filesize
2.5MB

MD5
40260cc0c72afc132e23b581d76d3c7f

SHA1
50387c393f65f8a1773efa7e846e95b49b95c7cd

SHA256
59387e49bb7eacd204209f4cc3e480e4af047787d57596dd635105be964311e4

SHA512
d2bc8739983e9336d888ff8dd3f54980b61326ef13e3ec8c2213407ef7243a879ce50cca1c32df9ed2c650a295c3f2c870176729f832dbe4eef0bba5d8e22770

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\python310.dll

Filesize
223KB

MD5
de7a3ade246de448b2c55fb6551b1c38

SHA1
0693e6cc30c63029d7995e23249b07660a79cc7a

SHA256
ee9ba4734a49d42984674dd9649b447c0027ad30ff6ec902907e7563ca54a6e4

SHA512
e3b4d7100b2e646db179abf17b86d60b28495afd57174374eca61c633ec943c0a9fd14fcd04f004b5c1ab9d8393f65d8de4f63ec696e840089cc847b218ed2ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\select.pyd

Filesize
28KB

MD5
a7863648b3839bfe2d5f7c450b108545

SHA1
10078d8edb2c46a2e74ec7680d2db293acc5731c

SHA256
8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5

SHA512
a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33002\unicodedata.pyd

Filesize
1.1MB

MD5
cf1eda3f804dfa64ac00cad29ab243e1

SHA1
3b0f08fa679227fa635490725e17460a9de8092d

SHA256
a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0

SHA512
1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97

Download Submit
memory/1456-60-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-82-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-52-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-46-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-54-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-56-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-62-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-50-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-74-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-78-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-76-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-90-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-88-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-94-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-92-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-86-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-84-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-48-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-80-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-72-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-70-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-68-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-66-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-64-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-58-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-42-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-44-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-36-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-38-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-40-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-31-0x0000022D30690000-0x0000022D30691000-memory.dmp

Filesize
4KB

Download
memory/1456-32-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download
memory/1456-34-0x0000022D306A0000-0x0000022D306A1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads