42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040

Analysis

max time kernel
126s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 15:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
Size

6.9MB
MD5

c9495045b8c457118f07eda21656d5f6
SHA1

b3f8e40b61ae70e67fce3e4e3cad91500d5c9e00
SHA256

42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040
SHA512

80fc44852ec1ce7db040b659c678838a99b008867ac5d15eae8cb3c23bc0a0e117ef39a4d604000ff5c23b4ba3b559080124ce7727d4f40ac2908a1e109f88ae
SSDEEP

196608:WozEs/FZR/4uWJysVYvsO+oyMxxvjDDAxbHSORb0RNR:hEQFtWJtoyMxtDDAxbHxUNR

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2160	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
2160	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
2160	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
2160	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
2160	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2160	2972	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe	96
PID 2972 wrote to memory of 2160	2972	42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe	96

C:\Users\Admin\AppData\Local\Temp\42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
"C:\Users\Admin\AppData\Local\Temp\42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe
  "C:\Users\Admin\AppData\Local\Temp\42a12cde222a3ea38c5e3c6c68ba446424ef6a9ee7b07cc6c956cb607fd29040.exe"
  2⤵
  - Loads dropped DLL
  PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3916 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29722\PIL\_imaging.cp38-win_amd64.pyd

Filesize
2.3MB

MD5
e00c1502373aa08b45eb79bf20745c96

SHA1
19b55cf37cb1d87e2124e863fde4c368af831953

SHA256
4e20a5599cbcc4fd09986de721f12d56fe4552351d735525c98561bd6777ec01

SHA512
b0f4617b217945b4968b0c08981f10b41084d35d67350a3787946937f3f67dd07729822c78c8ef9ec5cab77acdaed19209a39724859ebe695c6c1fed69f05377

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29722\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29722\_bz2.pyd

Filesize
82KB

MD5
3dc8af67e6ee06af9eec52fe985a7633

SHA1
1451b8c598348a0c0e50afc0ec91513c46fe3af6

SHA256
c55821f5fdb0064c796b2c0b03b51971f073140bc210cbe6ed90387db2bed929

SHA512
da16bfbc66c8abc078278d4d3ce1595a54c9ef43ae8837ceb35ae2f4757b930fe55e258827036eba8218315c10af5928e30cb22c60ff69159c8fe76327280087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29722\_lzma.pyd

Filesize
246KB

MD5
37057c92f50391d0751f2c1d7ad25b02

SHA1
a43c6835b11621663fa251da421be58d143d2afb

SHA256
9442dc46829485670a6ac0c02ef83c54b401f1570d1d5d1d85c19c1587487764

SHA512
953dc856ad00c3aec6aeab3afa2deb24211b5b791c184598a2573b444761db2d4d770b8b807ebba00ee18725ff83157ec5fa2e3591a7756eb718eba282491c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29722\base_library.zip

Filesize
1003KB

MD5
ab7bf9adc3336131e08ac55d0745ace5

SHA1
54ed64f3a3e4f89faca9d50613b81c1c19a2acfa

SHA256
3842b714f05a244ee3a845862f8103f84f88c97c4bf1411fae595d0626fcbd19

SHA512
eb954d498526ba90df4029a877edcd8f79b07b615a2b2ebf3441487e16d18231e9fc9494f8202361a0625c3063c626b63484dcf88152134f1cd663312b6a2f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29722\python38.dll

Filesize
4.0MB

MD5
d2a8a5e7380d5f4716016777818a32c5

SHA1
fb12f31d1d0758fe3e056875461186056121ed0c

SHA256
59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9

SHA512
ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads