cd76a354a02015517a2b50d75aa3b68dd0e3164adbb040f6317251016bc62b21

Resubmissions

20-03-2024 23:00

240320-2y4btadd85 10

15-03-2024 20:34

240315-zcmqtscf84 10

Analysis

max time kernel
453s
max time network
455s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
Size

24.4MB
MD5

fdd59dfdd103f79e4b2916e5f1e0f885
SHA1

1a49240419811b8164236a0e2944b2f0cbb29936
SHA256

1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf
SHA512

e28c8629420d9b51463c4ae68d75551f0998b8019447748a2e63619ac4bffe373a7307d140555f241abdae37809683284655ba7a79dee596fc8b474a2d77a058
SSDEEP

393216:32vf9QDD898p1TxNneyhOSBvF1LDddxXE3pQw6sVUDg6s9gUSkhVMhwS9Q1:Gvfz6h3hhOOF1l7ebSDgJ9+kC9Q1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

pid	Process
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 35	5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
Token: SeDebugPrivilege	5548	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 5548	3624	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe	84
PID 3624 wrote to memory of 5548	3624	1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe	84

C:\Users\Admin\AppData\Local\Temp\1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
"C:\Users\Admin\AppData\Local\Temp\1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Users\Admin\AppData\Local\Temp\1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe
  "C:\Users\Admin\AppData\Local\Temp\1d801e2756c864d01cd456f68752a86c52981576839625759ae9e400f0d2a2cf.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI36242\PIL\_imaging.cp37-win_amd64.pyd

Filesize
2.3MB

MD5
60fc03643951349707407ad15232bd09

SHA1
3a9eb002accf26775846801eb4556b23d68fdb5c

SHA256
6b1ebfa19581985ecac93fa7256c8efeca79222f017ea7c3b2c6cd28890e4782

SHA512
61de7b68a9e8176a35b7a6ca94160514b963e2dc455d6bbdec0b1668a4013960a523434528b4cc8f73762416e486d421ed0989853eb2a9be360a4c1b2e117906

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_asyncio.pyd

Filesize
69KB

MD5
286d53da430eea9c2f570fe87c9c43bd

SHA1
bbe6288c328218567ae83566c7e42af75054041c

SHA256
5429b4acff0c3feb1e3e63c393a61dbad944bfd04538a8e48e3c579f55cb6dee

SHA512
03ed27519537599299ce24a8a5341e8722b3716d650398ab101e59dfdae96ce289e1c303577fcd041c9b252f1f8659619cd8276c090906b1fd45eb6da7a84fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_bz2.pyd

Filesize
87KB

MD5
dbe4148e566f853bdf8ee8faaf5184a0

SHA1
d374dbd751e5cd1893d2f54d19303b7521aea3df

SHA256
a7f59f60b84bb49ff4b9a6b4beda6dc33148de902492a097103a044c471f41e0

SHA512
5576f32e463912979cc617e805f59385d26663170d9e6f490e30180a4936fbd1fb608d060770f40403e10c83b9172f81667d7298d69d834a9f818517542c6fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_contextvars.pyd

Filesize
22KB

MD5
03dba24021633f3f05051b370c5def87

SHA1
faa798fb4028483ebdf60fa049001f975e7c9ba5

SHA256
937115a224c3900e12cd23681a5170ee885b10bc8559f047bcde7bc0141a6273

SHA512
124aed7eeab42273ecd1b91d877c7b172fc7b068a7540564083a7197856b643785c527c6cb703567a59c4edecf2b5c9cb6851c4260a95360ca820223b07f2c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_ctypes.pyd

Filesize
129KB

MD5
c33c65f70d34aa900e903d7129de24a8

SHA1
d4e3f15593ce4e331a851678aad0971e26cfc523

SHA256
e4380415eecc99ed387c30fccbe36687c3b3aca1c2d2336cc51705c658229a2e

SHA512
272b1d915061d8da1ab3edd3703d23a5340a1673c46235b6501c978712e2673df632ddbe7e822988c92604106372d8680f074166230b97adf4cc78708efca38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_hashlib.pyd

Filesize
38KB

MD5
4fae65aac546648d4ea085ca8f9d4772

SHA1
db5ad4047ef200560265ce4c3d62a77ee8566b3a

SHA256
b67ce2bb6ab1882e4171c8b823bebe4ee7210018ffcec62936a1f75cb9cad97d

SHA512
8198cead53a2dc4f077cf678e93d5d89324bb8c950d32a24ec7a4f4f0c31dceab1930aa81e53fdba1af181938008aca669cd29ba959e581928030c32491d46d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_lzma.pyd

Filesize
251KB

MD5
974cd774adf72baef351ed2f2c2e0d2b

SHA1
796958082b68b64399fd68d445cbcca8409d0c91

SHA256
799ec9924a1eb4d1b9906e2759062dd3864af9e8a71d07303591dbcb9cd7fb4e

SHA512
947249e68d1567c3c06a1dc4407a287e45c1b535981935cc1265dd6fcb7f8853c7f9d4ca3f85a18bdf472451b639f83c812a268258f7f64d74b41a00f2391876

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_overlapped.pyd

Filesize
43KB

MD5
66dea8fe1ac821c94cbb88cafa2a2f34

SHA1
ac28e9c9246b6ed29d1cf21c461e0959eb810651

SHA256
9ef7b9327948ce8d585511079a3b558714cf34c7bebbea4e758fd3e460ad5057

SHA512
fc28860f68c71203875520865d72aae3aae9b1604209931975eae06e4ac2a89fbe568655d2fd2f716f4543e86ede17fa97e90c7f7b1e153469bc3e7c75e1ea3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_queue.pyd

Filesize
27KB

MD5
ef0919f8297277c2f6730753a53fdf57

SHA1
1819fbb29296f7a6567942db8e50923d73732bcf

SHA256
1e40c9a90d54f7ccf1d645f27ed09e9068d9188f8e3c0fcab8c7c622d4062b77

SHA512
5214aaa7bfc5bdeb9d17e27ecca5000280336590ebae140d2176eeaaf31777fcc9b4de3a15143af43fc93e8ea26f2a58cc39ff200778596b5f4d282194343453

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_socket.pyd

Filesize
74KB

MD5
0f476bd38eb1d6a79b16c73f48caec17

SHA1
52184c66c24f3bc477685c78b52a691d6e17b3e6

SHA256
09fc679658d08e680db0dc5f0cc733b3459249b8b3135abcc403305edbf6a10d

SHA512
e218bb21ab846cd869ba17f0a521d09a8359578dc3014d873edca6a2040120d12f755ef02ea4203e7f5cc9127f68d15c975770b5250363da06c3bd74fc675d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_sqlite3.pyd

Filesize
83KB

MD5
e77befea1528d481518da22da6884a1e

SHA1
07fbd1e828aab72a9efcb3402071cb4f801d85eb

SHA256
8e9fbb17621e52dc2642d0697ac417916c815234c74aee8c1bf9490c3efb9cf6

SHA512
b1113ee194cbee7306f4396f2c0ee16ffc5a80ad5c50a2e9e2f014d1df79c104f00e32c416d794e78b064da14a5263dea61615404db219b79a5f723fee8a0248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\_ssl.pyd

Filesize
120KB

MD5
eb3c2ff3543f6ace1ac31ac144059806

SHA1
cb1dc6aa93b784a51c666e6929beb8642cce0f82

SHA256
f58c8a11166077e128d159acd98ad98f74278f89d517cc07a49b53676b999ad3

SHA512
99f41d129d237c4ff82a5256138c7c357ced5a64f2ddd378f13f0ab71eec41f2f67573c8ef09759f2843a5c5507e5fd5ec062c6ccfb5b2898421aa88c926721d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\base_library.zip

Filesize
995KB

MD5
a845bdcdc599d84c455c993a2a7cde61

SHA1
4d06710507a3aa7cef37be05a7dcb9dac9b5aa32

SHA256
176b430c1fce1c39aeef9acdb4deb4a879b4ff992ec606f69535ca54d7a6c68d

SHA512
3b70762ea14c7a41a61aa53add403c728ce2e979019f7c96a4a3564ea89436ca4eb9be79f04042f65c5ce4f9cca3699af527a2420444392356f98a9d3042e91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\certifi\cacert.pem

Filesize
257KB

MD5
1ba3b44f73a6b25711063ea5232f4883

SHA1
1b1a84804f896b7085924f8bf0431721f3b5bdbe

SHA256
bb77f13d3fbec9e98bbf28ac95046b44196c7d8f55ab7720061e99991a829197

SHA512
0dd2a14331308b1de757d56fab43678431e0ad6f5f5b12c32fa515d142bd955f8be690b724e07f41951dd03c9fee00e604f4e0b9309da3ea438c8e9b56ca581b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\charset_normalizer\md.cp37-win_amd64.pyd

Filesize
10KB

MD5
41faf2b81c7c924058cbf5958e78c59a

SHA1
2eedf3eb6cd23f348c9b2b8d3266ce3a2e870532

SHA256
1f89f89eaea2ed28946d825d260cb58a04ea4d8c0023619460bace2cce8309d3

SHA512
99f1254f111f8aee7b7d4196c4a7ee8363e1ba1d7edbb292c06c477ef76c2316a315a4deb42fdc8494471d9eef09ae237ccd40040191e580ccd1af6c26d02d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\charset_normalizer\md__mypyc.cp37-win_amd64.pyd

Filesize
113KB

MD5
6974a4c4397e3e3762309e0f2594ae1c

SHA1
4be596e2ed1cd4425681e6264544f98654d29200

SHA256
44127eb24862b27056d7d8b66077a8f40d2f4876bc6ec679b7fc292775b6d329

SHA512
8173a3dad5c2368ad4033f14e9d759cd58e9fa4b98b20abf72be0629ae37d92270d6b102150c49a4ceadc852529a9f12319dd9b4066996940d1eda9e1b9cb7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\libcrypto-1_1-x64.dll

Filesize
2.4MB

MD5
8acf7c9fd65ed2ff7c5b4c8d4a12a0b2

SHA1
747319e93621acb9126990f49567faa72a344463

SHA256
cd7186f01edebc906f09694af0e4dd732b6d80fabc92814ac0ad7951b8c0d7a6

SHA512
b6c4fcb04850b558b549662d55c952915e91b00e205d7f782edb61f65a0d492cc3b1e08762a3304ccb1bd2e17fa9e00f57ccab1f8fce17e3c1cecb061994846b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\libssl-1_1-x64.dll

Filesize
514KB

MD5
9783d27a3b09bfcf7aa9f50d43cc9024

SHA1
35f290d30bdf64f5bf9ddcd5cf47beb5a45d1c11

SHA256
33dd512032b6bed1f7292a419abd1b8760fba84d7a43f66c7112fac6deba4b6e

SHA512
b30fd974a47f97f3108a12b424e5c03c862257303afaa08a1638a98b6add00f57541ff981d2a20b2457007e05dea766204476a757c02095dd2c7fd707a63a3e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\psutil\_psutil_windows.pyd

Filesize
75KB

MD5
5e9fc79283d08421683cb9e08ae5bf15

SHA1
b3021534d2647d90cd6d445772d2e362a04d5ddf

SHA256
d5685e38faccdf97ce6ffe4cf53cbfcf48bb20bf83abe316fba81d1abd093cb6

SHA512
9133011ae8eb0110da9f72a18d26bbc57098a74983af8374d1247b9a336ee32db287ed26f4d010d31a7d64eacdc9cf99a75faab194eff25b04299e5761af1a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\pyexpat.pyd

Filesize
195KB

MD5
b70a6b7b9fbcdac967a11882ecbfc652

SHA1
b605810d68ee851511033386a0a6751d1fc73c7d

SHA256
1ba7774c0011fb0e3f49a3c08bb765aa82139173df69bfeeb9d01aa8d0f9ad5b

SHA512
07c87163fb16f867f6aa40dd761055636cfe98b391a89c11b6a1809437707c056167abe2261ef1a1612c3f22db864014d2077d92d6991540adaf0948bbd52ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\python3.dll

Filesize
57KB

MD5
944db71444771e6a9bf9124463c932bc

SHA1
9e20edf37aa0b9857ec270702326bec66094b02e

SHA256
69a7e5b91dc5317d47795ca132fa90e7119c09a60e81a8587638d3b4addc5c04

SHA512
3a60676e739c4dcd678381466a1e0d43545c040022246ffd29abd2befa6f1837cbfea49ab4485476252741f75265dd7510c532901617a05f862b236eea2f216d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\python37.dll

Filesize
3.6MB

MD5
22546a966149e4f545e00d0c0c294a53

SHA1
3d51c13be6cd7f115934bfa9ef8a3ddd3f571949

SHA256
b01884bced504e81edb83da4c0e6c3098d87c1512d60bb85e88ecd1a937ed2a0

SHA512
1a62a837b42e6ecb149d034826929a9d818571ac7b830b380899bdcf3b72307025d2f47b7d6013cab2725ccbdc1af9ad4b733be75dfe030ecd674d7927b90eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\pywin32_system32\pywintypes37.dll

Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\select.pyd

Filesize
26KB

MD5
590a8782bfaab2425672f366cc78a070

SHA1
b4535b05b91e72e10c28f59bd042dc174ea71759

SHA256
0e537f93a92150483966435e8a102014014cf38c7edb7f7703db3b253108951d

SHA512
c1d39dbbf35400423142fb656287b11a309f4fc3f3931a5daf0040c81658c1835103aea540bda75c88c57f739cbd9dc90221659958fde6ca81010a9f5e945ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\sqlite3.dll

Filesize
1.1MB

MD5
59d52779cd734a92ed53adfc70012924

SHA1
79d873fe1cef7f73d47dd5b4eae8d7b1be139bd9

SHA256
7c3d55907b6364963e90b460af6e85a9d5780009b4bb19dec34a876398787917

SHA512
da2795a7aa8256c6c07675253ae0d7c6c6bbfe5fa5411ae57cb7e4df49c31c6f507f46da555b6b9caf72ed3d873d1312c764061b150fdcea183620d49ac71a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\unicodedata.pyd

Filesize
1.0MB

MD5
c5fdc3ccd042bd4e291a83be2eb288c0

SHA1
3f5d48a902a2ab5981f70e1deceaa72c2f4758f8

SHA256
a6593c09fdaf1a29ca5d6a69188020dfdabd65fa61b26003bd6e38e4ba148b03

SHA512
0a24bf0189108a08240c25a7facdc3b9c789aafb6e6e224927f001ca3dc430663db811ceb6426d63e15d47515dc8d04b3589021623c16f45bd8abce53cfcdce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\win32crypt.pyd

Filesize
129KB

MD5
696d46880a69c16cc63d3b60f667b2ee

SHA1
7e11d869f0058f49426a60db6d0ffbad17b66620

SHA256
60dafd56d258c7fd01e3f0cd9b93d050c3e45f2ef85c114c1744c580295136e1

SHA512
96494f7705c4809b7d7fa44740bee890dc669f58cacd04970f0c94a9ab7231c23434b111a518db9f16f13342d2b12f6304de596fad98c0f7293cd83ca08938ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36242\win32gui.pyd

Filesize
237KB

MD5
dc365814f995d8c94de8539124f50e36

SHA1
38c66112e1c532c2e83debd2d2e9a9caaaa73b7d

SHA256
2d695765418db5cde334b9e36658a44408f165c93c6777ec2eca58e4a58fb288

SHA512
1ed50823c129d35cd3ac3aa2e3041f10c9fba2b34fc84763e631fd7874707aa0693371ad98a3da1105a71d6c0aa9279dd10bade44ffa093bc0dd1f44fce667df

Download Submit