601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
Size

4.6MB
MD5

dad68fc73eaef312dbc91d9853de4614
SHA1

15584e42e2e2ff9e44748adb3fc9e94328e89e47
SHA256

601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274
SHA512

dbc1e270fef1dc863bca9b3808b09564e1089fd9b1f3434b7fc3e328f150c2e6cd992dae2fadde208eec2c0f0c04637433449a55a832d039424132df7dc33b5e
SSDEEP

98304:/YHHQcsibw8SPLeTtSQo598DERxrfExYzJ4W6HxE+KZVniE:QHwcXMHLKyqtx64o

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	1688	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 1688	3868	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe	86
PID 3868 wrote to memory of 1688	3868	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe	86
PID 3868 wrote to memory of 1688	3868	601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe	86

C:\Users\Admin\AppData\Local\Temp\601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
"C:\Users\Admin\AppData\Local\Temp\601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Users\Admin\AppData\Local\Temp\601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe
  "C:\Users\Admin\AppData\Local\Temp\601da086340253dbc9de9c79cde8504be3ec85db73255aecda547a59a49d7274.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI38682\Crypto.Cipher._AES.pyd

Filesize
29KB

MD5
3c4ab2e06feb6e4ca1b7a1244055671a

SHA1
a4c3c44b45248b7cf53881e6d8efa8d557e100a9

SHA256
c7e4194470a677304fad05c771654e6986c32bc29a04c3c4c52594172d83cb23

SHA512
7531b4ecf3c2a37b33b790e403cf69c6c90c33b0236ad65996fad6e5fdd0e831935126ed96026f612d6fdd2847f2d7b01823f49fbdbd8c95b434fbdd9aaf557c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\MSVCR100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\_ctypes.pyd

Filesize
83KB

MD5
5d1bc1be2f02b4a2890e921af15190d2

SHA1
057c88438b40cd8e73554274171341244f107139

SHA256
97c3cdef6d28ad19c0dacff15dd66f874fe73c8767d88f3bc7c0bde794d857da

SHA512
9751f471312dd5a24f4a7f25b192ddcb64d28a332ff66f3aa2c3f7ef69127cf14c93043350397e9f884f1830f51d5e01214e82627158d37ef95ce4746a83bbd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\_hashlib.pyd

Filesize
900KB

MD5
82ae4e8208d58bffc95f68c2c1d8f280

SHA1
8874b66dcaf142cfca6b72aa46f2247ab6d96e8c

SHA256
2c905f0809749f5494b2a638a8551af3d914a148d282fc3da9d68ce12d067eb9

SHA512
737109f330f1ab8302c5f73ead54dfa53b39d73a806054ba725f7f1e9be82adec678e08fc127b6b5658daf465aea34d0c4226162f6e067b8d4c461b3d051ce37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\_socket.pyd

Filesize
46KB

MD5
ebc931925d333427e182eb58eb4cecce

SHA1
90a811fa23c1ea1244eddef5f3371411af354fd6

SHA256
e29cc2340a9577f82c45abe6707e2817575ee02ac374f4864885410d411e6bea

SHA512
52767f0e49a600ab6b025265cd0220dfd84c24ccec24f7268974123cad41a287a015021357ec4b88eae0dc0dd2517bb5d07f1aaaf08fd36e7bedd0fab8047ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\base_library.zip

Filesize
717KB

MD5
6dfb9cc8bdc8b545f903822506adea9c

SHA1
e2277c93bbab9d31e3559031f0b553e33988aa35

SHA256
51608d2f6bd13ec880902fd2a6773c8c5f257252f7cace53e8e7d779ffe51594

SHA512
4736100d5a292266a61e359c203876214ffee0fd79cfff559f9646d6b637d79735407504a6a17d6752d58d497e86a4baf3d008f44d89a6eccd54def29047bf20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\p_2404.exe.manifest

Filesize
1KB

MD5
b00ab8237ebac501049394f1796a714a

SHA1
ae1aca791ba5b34c368d57f0dcdad52932f5a8bb

SHA256
9f736a7c00076e76cb5d9ae58bdb4a29c74e5c50868bc71ef486959aed8624ba

SHA512
4e39aa995c4a28f8f79c852ed1b54da2a32981801662e0a0dd55bd1666182218b628f21c89fb3277682acb3d8f305c717a9d44c20d4f8e244f46e82ae804a9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\python34.dll

Filesize
2.6MB

MD5
2c2ac2e9fae2fb751c811fd13ef152ad

SHA1
90de83c48babd5382b2b1ebcd99b763da47c9d0a

SHA256
f5457684348b29cc74690938d6cabee2147568c82e62883759b368037bb90c30

SHA512
b7a5e44414680de8f29c3daf27bd35e00284d3f2fdd03dff0d5fd382642d36f281c720c8db40c4ad1a9f4f6416f2cb689e66654b5b9aefc9133f11d573ab8b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38682\unicodedata.pyd

Filesize
741KB

MD5
f66cde98ca47f122710e4008246d45e9

SHA1
5cc592c03be31f5d99d69a6eb83fae44d2e1e8de

SHA256
5df0e5e83be746d46db28da04b5936e0f178be1d2f0b3c3a9cfda8cc1553480d

SHA512
e2898a96243108ddcc3c07dec7db2ced1a995029d710f860c6cddf4833e8bb41372939f96f7a0a23749c44a1c88ab5722764907024d1af3cc3cdbd74fccb17b0

Download Submit
memory/1688-32-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1688-33-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3868-31-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3868-40-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads