Resubmissions

18/04/2024, 14:48

240418-r6yq7agb27 7

18/04/2024, 11:42

240418-nt7lsada7y 7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 14:48

General

  • Target

    mine.exe

  • Size

    6.4MB

  • MD5

    95e4085701600dc4ac9bdb3a643badf6

  • SHA1

    8e8ffdc0a7f474506ca149d9f25c05502ac1b9e6

  • SHA256

    85be8398e06663c33e46420969519fb7fa675102a2277b302b08c396cbcfab51

  • SHA512

    eade4a4c00ee001cb7894263604b208f9e0692213916c9f52a2af4645fba224862d8613ef25a8810a0edfa0d8dd65fe0da3a4245d8421b00e270262c44af6b92

  • SSDEEP

    196608:cuWdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZIegh2f5Bld:nWdQuslXrAZYCuPJOIegW5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 14 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mine.exe
    "C:\Users\Admin\AppData\Local\Temp\mine.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Users\Admin\AppData\Local\Temp\mine.exe
      "C:\Users\Admin\AppData\Local\Temp\mine.exe"
      2⤵
      • Loads dropped DLL
      PID:2376

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\VCRUNTIME140.dll

          Filesize

          96KB

          MD5

          f12681a472b9dd04a812e16096514974

          SHA1

          6fd102eb3e0b0e6eef08118d71f28702d1a9067c

          SHA256

          d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

          SHA512

          7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_bz2.pyd

          Filesize

          81KB

          MD5

          23dce6cd4be213f8374bf52e67a15c91

          SHA1

          dfc1139d702475904326cb60699fec09de645009

          SHA256

          190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2

          SHA512

          c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_ctypes.pyd

          Filesize

          120KB

          MD5

          2abeebe2166921a4d8b67b8f8a2b878a

          SHA1

          21f0fff00cba76a0ea471c3e05179e4b4cc1ebd0

          SHA256

          7adcea3a5568752a6050610cfbe791a4f8186aaaa002f916b88560a1ddab580f

          SHA512

          54c802d532c9ef9f3668d5e9bf23b69a58f87ec545af7fd4eab1055bfb8ee66481f361458076a364a17ddddd6550a70f5442c2bbe6562553472c0839346b1a35

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_hashlib.pyd

          Filesize

          60KB

          MD5

          477dd76dbb15bad8d77b978ea336f014

          SHA1

          3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e

          SHA256

          23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969

          SHA512

          3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_lzma.pyd

          Filesize

          154KB

          MD5

          401eca12e2beb9c2fbf4a0d871c1c500

          SHA1

          7cfc2f94ade6712dd993186041e54917a3dd15ae

          SHA256

          5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209

          SHA512

          da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_queue.pyd

          Filesize

          29KB

          MD5

          8eabd51d536276f3b3257ee975e50bfc

          SHA1

          1a13f707b29b895647a7de254031a6c80eb2cb7a

          SHA256

          24c23d04d274a4c1234f1a1a35b1805e1f17f99968f8baeec0c3b5295f05608a

          SHA512

          cfa027a1e01204078ccab3c2e1910e5806e0294d3ff0225d4713ea3b16cf07589005a0cc342688c3bb0bb6aa31b5401760c3890d46b39038b046072ad7b02b81

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_socket.pyd

          Filesize

          75KB

          MD5

          4ceb5b09b8e7dc208c45c6ac11f13335

          SHA1

          4dde8f5aa30bd86f17a04e09a792a769feb12010

          SHA256

          71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178

          SHA512

          858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\_ssl.pyd

          Filesize

          155KB

          MD5

          dcb25c920292192dd89821526c09a806

          SHA1

          79c9af3a11b41d94728f274b45a7c61dc8bbf267

          SHA256

          4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482

          SHA512

          ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\base_library.zip

          Filesize

          1.0MB

          MD5

          3776cc8e549f868b87b1fac2e89b91ec

          SHA1

          856181d1f2c281818505193f661a5446186da6c1

          SHA256

          e2b3d2cc3f19c054293f09c6f5fdcfcad72fe13be6b7771872e2fd31729ed3ff

          SHA512

          352dfc262d6810908e60936b8bd166bc09a4e902542d2f4bc36b61447937b299958497d620f5171f3dde857e80e25d03b62c8be410528b6e4cd787c80c659bc3

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\libcrypto-1_1.dll

          Filesize

          3.3MB

          MD5

          6f4b8eb45a965372156086201207c81f

          SHA1

          8278f9539463f0a45009287f0516098cb7a15406

          SHA256

          976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

          SHA512

          2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\libffi-7.dll

          Filesize

          32KB

          MD5

          eef7981412be8ea459064d3090f4b3aa

          SHA1

          c60da4830ce27afc234b3c3014c583f7f0a5a925

          SHA256

          f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

          SHA512

          dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\libssl-1_1.dll

          Filesize

          686KB

          MD5

          8769adafca3a6fc6ef26f01fd31afa84

          SHA1

          38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

          SHA256

          2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

          SHA512

          fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\python310.dll

          Filesize

          4.3MB

          MD5

          54f8267c6c116d7240f8e8cd3b241cd9

          SHA1

          907b965b6ce502dad59cde70e486eb28c5517b42

          SHA256

          c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948

          SHA512

          f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\select.pyd

          Filesize

          28KB

          MD5

          a7863648b3839bfe2d5f7c450b108545

          SHA1

          10078d8edb2c46a2e74ec7680d2db293acc5731c

          SHA256

          8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5

          SHA512

          a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843

        • C:\Users\Admin\AppData\Local\Temp\_MEI48762\unicodedata.pyd

          Filesize

          1.1MB

          MD5

          cf1eda3f804dfa64ac00cad29ab243e1

          SHA1

          3b0f08fa679227fa635490725e17460a9de8092d

          SHA256

          a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0

          SHA512

          1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97