49a6c879bb46ad0f357a545f6f6577bb418c7f210cac60556f45051a9473851b

Analysis

max time kernel
118s
max time network
121s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 01:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GIE.exe
Size

25.2MB
MD5

44108802f9e0706bd21503171380320a
SHA1

67c5aba6367a4a854cf0dace597ec341ae3a51c6
SHA256

49a6c879bb46ad0f357a545f6f6577bb418c7f210cac60556f45051a9473851b
SHA512

4641f8686121b20d55425eed9bbf00075dc8c80a5260788eb276be8c3d11026a46524644e90de89d8b2ad628137b6224b334dc9b55fb12cb9b4cc599c869f243
SSDEEP

786432:cVNRuVHaA3A4+knX0h0jH3W+e5R0A9MN5qW80hZ:KuxjAFknXFDW+eHyNcW7Z

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 29 IoCs

pid	Process
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 56 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	GIE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	GIE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	GIE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000001605b4b03c92da0198fef4b23c92da01b88628d93c92da0114000000	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	GIE.exe
Key created	\Registry\User\S-1-5-21-891789021-684472942-1795878712-1000_Classes\NotificationData	GIE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	GIE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	GIE.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	GIE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	GIE.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3576	GIE.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1360	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe
3576	GIE.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 3576	3592	GIE.exe	80
PID 3592 wrote to memory of 3576	3592	GIE.exe	80

C:\Users\Admin\AppData\Local\Temp\GIE.exe
"C:\Users\Admin\AppData\Local\Temp\GIE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\AppData\Local\Temp\GIE.exe
  "C:\Users\Admin\AppData\Local\Temp\GIE.exe"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1360

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

330 B
5

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI35922\1.png

Filesize
34KB

MD5
6f564e00ddecbf885ef207b22686d92f

SHA1
9776b39be55224230bd10873bd22c552331b48ad

SHA256
863920cc024bd2a19ef5d2249ddf851b6b1c93259b324fdc1085ece771fa8592

SHA512
665d494030aff9e2c35212f43c3526f54aa074b9bb550b68361dd487ccb037940e01c163137f6ce60b2ac674d6c7b4a83107d27736c284c49d11853c2890bc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\1d.png

Filesize
65KB

MD5
73df2a6646c7f1726eb40da9dadde609

SHA1
c4e7e68090722e8dfa156f53f497c8e04e0a6604

SHA256
900b7dbfebfa867d6ff31abf30d36eda3797876b39bf4ad78f278625fea766cd

SHA512
6899a230cdf3a86b7a14917e5690fc202a1774162ece443c716f71b2998d913d7303d85d254eb917c06eded0341819b93d71782d2578baceeaf48ab75f721232

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\PIL\_webp.pyi

Filesize
66B

MD5
e82ce1a659755bafda7bc3e0e2d1b814

SHA1
7f0b9ccdf21682246966759e4006b013c26503dc

SHA256
cc3f2f0283c2f1a1085637dc90bb45b24456e6c6a255e977fac254036a476867

SHA512
a63ea8c91c8843f16bd7163ce1c570e8708ec5bbda66381cacdd53a53d8e9bf2e4cb475aa957c3c603ee9d9ce7427b137e5d5a188d1953a6ed0b496d23a3a034

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_asyncio.pyd

Filesize
69KB

MD5
2cd68ff636394d3019411611e27d0a3b

SHA1
da369c5d1a32f68639170d8a265a9ea49c2c8ebd

SHA256
0d4fbd46f922e548060ea74c95e99dc5f19b1df69be17706806760515c1c64fe

SHA512
37388d137454f52057b2376d95abcc955fa1edc3e20b96445fa45d1860544e811df0c547f221c8671dc1a4d90262bb20f3b9f114252f3c47a8c3829951a2ce51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_bz2.pyd

Filesize
82KB

MD5
c7ce973f261f698e3db148ccad057c96

SHA1
59809fd48e8597a73211c5df64c7292c5d120a10

SHA256
02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

SHA512
a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_ctypes.pyd

Filesize
121KB

MD5
10fdcf63d1c3c3b7e5861fbb04d64557

SHA1
1aa153efec4f583643046618b60e495b6e03b3d7

SHA256
bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

SHA512
dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_decimal.pyd

Filesize
247KB

MD5
21c73e7e0d7dad7a1fe728e3b80ce073

SHA1
7b363af01e83c05d0ea75299b39c31d948bbfe01

SHA256
a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73

SHA512
0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_hashlib.pyd

Filesize
63KB

MD5
f495d1897a1b52a2b15c20dcecb84b47

SHA1
8cb65590a8815bda58c86613b6386b5982d9ec3f

SHA256
e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae

SHA512
725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_lzma.pyd

Filesize
155KB

MD5
4e2239ece266230ecb231b306adde070

SHA1
e807a078b71c660db10a27315e761872ffd01443

SHA256
34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

SHA512
86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_multiprocessing.pyd

Filesize
34KB

MD5
811bcee2f4246265898167b103fc699b

SHA1
ae3de8acba56cde71001d3796a48730e1b9c7cce

SHA256
fb69005b972dc3703f9ef42e8e0fddf8c835cb91f57ef9b6c66bbdf978c00a8c

SHA512
1f71e23ce4b6bc35fe772542d7845dcbea2a34522ba0468b61cb05f9abab7732cbf524bcff498d1bd0b13b5e8a45c373cca19ad20e5370f17259e281edf344be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_overlapped.pyd

Filesize
54KB

MD5
f9c67280538408411be9a7341b93b5b0

SHA1
ccf776cd2483bc83b48b1db322d7b6fcab48356e

SHA256
5d298bb811037b583cff6c88531f1742fae5eee47c290adb47ddbd0d6126b9cc

SHA512
af2156738893ef504d582ace6750b25bc42ad1ec8a92e0550ce54810706d854f37a82f38eb965a537cad5d35c0178c5eb7b4d20db2a95bebfecf9a13c0592646

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_queue.pyd

Filesize
31KB

MD5
6e00e0821bb519333ccfd4e61a83cb38

SHA1
3550a41bb2ea54f456940c4d1940acab36815949

SHA256
2ad02d49691a629f038f48fcdee46a07c4fcc2cb0620086e7b09ac11915ae6b7

SHA512
c3f8332c10b58f30e292676b48ecf1860c5ef9546367b87e90789f960c91eae4d462dd3ee9cb14f603b9086e81b6701aab56da5b635b22db1e758ed0a983e562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_socket.pyd

Filesize
81KB

MD5
899380b2d48df53414b974e11bb711e3

SHA1
f1d11f7e970a7cd476e739243f8f197fcb3ad590

SHA256
b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e

SHA512
7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_ssl.pyd

Filesize
173KB

MD5
9b4e74fd1de0f8a197e4aa1e16749186

SHA1
833179b49eb27c9474b5189f59ed7ecf0e6dc9ea

SHA256
a4ce52a9e0daddbbe7a539d1a7eda787494f2173ddcc92a3faf43b7cf597452b

SHA512
ae72b39cb47a859d07a1ee3e73de655678fe809c5c17ffd90797b5985924ddb47ceb5ebe896e50216fb445526c4cbb95e276e5f3810035b50e4604363eb61cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_tkinter.pyd

Filesize
62KB

MD5
b4d0a483f8007beabd0d4d5b41070057

SHA1
1dd6a829b9b6e66e4062d7a84e6e0187e828287c

SHA256
06ea475cbb786bd1db1c1bbd62546446e571f717303fcf868148e15612a04a65

SHA512
aa1599f480ba2825bcbcfe79513b53c8c2393b9fbee34947680b0066b9c75bd4a255fccd3a6625dcbd00e2234810777742135375b01abfa1a0f5a3b49d5f72ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\_wmi.pyd

Filesize
35KB

MD5
ee33f4c8d17d17ad62925e85097b0109

SHA1
8c4a03531cf3dbfe6f378fdab9699d51e7888796

SHA256
79adca5037d9145309d3bd19f7a26f7bb7da716ee86e01073c6f2a9681e33dad

SHA512
60b0705a371ad2985db54a91f0e904eea502108663ea3c3fb18ed54671be1932f4f03e8e3fd687a857a5e3500545377b036276c69e821a7d6116b327f5b3d5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\audio1.mp3

Filesize
8KB

MD5
78389e022ba8a910695c9dc483c623cd

SHA1
bf1ce84df8394be6670c9820140399af16edab6b

SHA256
8f4d3150992cf86049b5a7beca5d0e9343b78e8dd9243f6dbe4d03a310ffaee1

SHA512
6e21837ae41f057ef4afdfa714ddb67fd212f2e3bd20b378cfd8f6765652478ca9085e4d743a57ea43842fe27096a93405659cc98ec3f8a2a1373798fdf4b5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\audio2.mp3

Filesize
13KB

MD5
895aabfc82e9dc6e8413cc7c7eaed85b

SHA1
bae3fd3f66470fa478730a72ff872ed1e3d2defa

SHA256
accd7e4d64893669ae4769b7ba00d44d2af561c352afe03a3fdcbce2b7be5c27

SHA512
74d0c5f4e960f45f99deee3746ad6c35995102a8949a248c1738f4a397e0fb83fb288feba0e3232fc06cfe5c4419c4a9d6e0ffb47053e74c54cc62582a0d74b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\audio3.mp3

Filesize
18KB

MD5
0a3cf97819efe4baf102abf789b8d7a3

SHA1
bbc72941837849695b43075d527f7d8c3eb16ed0

SHA256
927f67628de12590305881411146f4a05b2ddb9a7fcafb80a8e97d3de5686540

SHA512
1ff287560feaea65214a762eb6d54ef6bd0d9c0d3f2559b80947226d4593e25970d4d6c46d43fce06cdc385c4c9f2e44c5d0add44b940d7a2f642fb537bf6f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\base_library.zip

Filesize
1.3MB

MD5
c4dcf6023d754daa9a41d6d2da6842ca

SHA1
2b1aca3ffebde36fa31ab9a14a709c7c6c125773

SHA256
3c472b0fdfbfeb7721fac540bf55eec190edf5aea6c370a4c3bff87f88077a97

SHA512
55a9e82b36aadd29ac22811ee295e75fc9ea12912dd6c498ab808a6dc83be4fab40eca2bccb991d593180e2162a456903479810e7b31b848acd363defb15726d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\crypt_utl.py

Filesize
3KB

MD5
c2a946f4c6ee460e40856064cd908565

SHA1
4d7fb15c5b6e973a0e930fd9a1df68072cac7c9b

SHA256
2ccfbe674b97f592c1146074c3b61e09a38aa76d535be42375b337eded360556

SHA512
ac1d233777dcbcb8f8f17bf623e66551700e7a18b426a1fba256f3a19cdf79dceea0d9f1c7dee66514a239aad6ad496cc199b3e1234763de1bfc850df326162e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\gie.ico

Filesize
20KB

MD5
299dee6d62ac68aac1ae180873ac7887

SHA1
17cbccb6530ded91624e3771a20292bfda3533e5

SHA256
2cb1e1b19771ef403d6bc34be0e45e401a1a5ec02b198b34856bb187c9a47f9c

SHA512
36999a96202bb0422e1c50a524c0701b364395b441bcd5448d0dd1edb11d7896b6775dc4c18eb9c18d48841ca7ca1cf02872c5bbe0b06e9d74e7dd5e3b7c795a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\libssl-3.dll

Filesize
771KB

MD5
bfc834bb2310ddf01be9ad9cff7c2a41

SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\messagebox-0.1.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\messagebox\__pycache__\_win32.cpython-312.pyc

Filesize
3KB

MD5
87a1a6106bc70d16f7c4cd5b19b950cf

SHA1
0015fcc7c4e4cc80badfd3d7a8ca18958e0490ef

SHA256
b72daff9f0c0c6d3552840a6f2133b9ae4894e0d69a0c930fe80451e11fa3f39

SHA512
b38572291e0c075e8e773b4409b0bcf4858ddfcc95df6857ac10950973dacecc1498384e26588ef817ed96cc276c1276e55900aa8ceae1e99b9d4d8088a9db69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\messagebox\_win32.py

Filesize
2KB

MD5
a66a6034ca251d5064bd2d25053d111a

SHA1
ce1963dacca87e47f7e78c5190cca7e6d17636af

SHA256
92b17d77f430eef3461d237cf6c341a82164f7fef5210f918bf5146e737da46e

SHA512
e6f2511481fa2a985c5e48d702f4a769f9950e30ce252cc8ec55e3db3842eb31990fa924726a240c52b3bc757891b4b91fdf8d8758268cb22e330a396f154099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\passwd_utl.py

Filesize
2KB

MD5
b6260045363db6dc790761aff88693f2

SHA1
3a8909bbc272ae2513cfde949b7afe982050321b

SHA256
4b2562d14a4f3e705482c470b28a6beeacd635c58bc5424790c3f578b372daf9

SHA512
a449d74157cda946013b03ea74013adf9343c38d723addb71d1eb3ed8c239f1caedb479e5dbddcb4c9a6c868955256f9bac119571a3008300e9db2ae3ef70d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\ps1.jpeg

Filesize
131KB

MD5
80505fa742142ed8ff0d5fdbfa87a372

SHA1
1b5a9f6f6eb5eaf7ca2e598becc938e99d50369b

SHA256
99c4c92a8ab67acd449d470867ad642e5a2c33a7dfd4ae56e0220d3d87eea855

SHA512
7ae3d45a85b545800640d3e478680dea78bb979fc299d2ebcd5710b2ec10b8edf0874df6c2e3be913c70636a8d33ad45e358240c0fbbd59139a8d760546a4dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\ps2.jpeg

Filesize
129KB

MD5
4d0d11e45588ba3718e76e747930af8b

SHA1
e85d31fbe7d194f774f7b5e88bdc49f8cc2c0587

SHA256
9534622dde5f2b707449ca0522e37023fbe6f51506bde5929d5c81ee02f4dcfd

SHA512
55c894c91324e66c6f19657e14931de0db7aa04d5504396a8b2ed40933eae97841fd25d56728cab50900f5354ca94c2f8d41c591e5b5259a2a12a82c573ae2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\pyexpat.pyd

Filesize
195KB

MD5
f554064233c082f98ef01195693d967d

SHA1
f191d42807867e0174ddc66d04c45250d9f6561e

SHA256
e1d56ffbf5e5fab481d7a14691481b8ff5d2f4c6bf5d1a4664c832756c5942fe

SHA512
3573a226305cec45333fc4d0e6fc0c3357421ad77cd8a1899c90515994351292ee5d1c445412b5563aa02520736e870a9ee879909cd992f5be32e877792bdb88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\python3.dll

Filesize
66KB

MD5
77896345d4e1c406eeff011f7a920873

SHA1
ee8cdd531418cfd05c1a6792382d895ac347216f

SHA256
1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb

SHA512
3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\select.pyd

Filesize
30KB

MD5
bffff83a000baf559f3eb2b599a1b7e8

SHA1
7f9238bda6d0c7cc5399c6b6ab3b42d21053f467

SHA256
bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab

SHA512
3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\tcl86t.dll

Filesize
1.7MB

MD5
b0261de5ef4879a442abdcd03dedfa3c

SHA1
7f13684ff91fcd60b4712f6cf9e46eb08e57c145

SHA256
28b61545d3a53460f41c20dacf0e0df2ba687a5c85f9ed5c34dbfc7ed2f23e3e

SHA512
e39a242e321e92761256b2b4bdde7f9d880b5c64d4778b87fa98bf4ac93a0248e408a332ae214b7ffd76fb9d219555dc10ab8327806d8d63309bf6d147ebbd59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\tk86t.dll

Filesize
1.5MB

MD5
ef0d7469a88afb64944e2b2d91eb3e7f

SHA1
a26fd3de8da3e4aec417cebfa2de78f9ba7cf05b

SHA256
23a195e1e3922215148e1e09a249b4fe017a73b3564af90b0f6fd4d9e5dda4da

SHA512
909f0b73b64bad84b896a973b58735747d87b5133207cb3d9fa9ce0c026ee59255b7660c43bb86b1ddeef9fbb80b2250719fd379cff7afd9dbec6f6a007ed093

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\unicodedata.pyd

Filesize
1.1MB

MD5
a1388676824ce6347d31d6c6a7a1d1b5

SHA1
27dd45a5c9b7e61bb894f13193212c6d5668085b

SHA256
2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff

SHA512
26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\version.py

Filesize
124B

MD5
6f3d7d077109b577b7b83b54f390c89e

SHA1
71b53b6d65e65c5a0dae8890d3cdabfbc1c91fb1

SHA256
1243f8b6c5c60ab34ab963d146e33e36f154087bec884cf5d3fa4f5fdedbcb78

SHA512
fd75b98587c3b67ec3b587e58ad88ed22a16484f9f3d7d4c65d8b16ef9bb7b2747f9f08fafa53da947cfb0fe8bf82236f38d6728dacd71f3eec4ebcd2bb03f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\version.rc

Filesize
822B

MD5
e5e3d47b583a2943589227a8606079ab

SHA1
aa4d341b6c12edb4c1b1d3c7663d18e38d60f92e

SHA256
688b9600d95a1f9bbbea0cd717b91a261a9af0d402b20bb0c19ceb3ab663f2ca

SHA512
5f1e95fc9bb4b3a611403641854f8aecea068ef60c4c4abbf2c43ff079c72bd2b5f7fcdb7d591b3332a6ad3291ce9664c145bba8439c7b65aef23c21b88d0c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35922\zlib1.dll

Filesize
141KB

MD5
b4a0b3d5abc631e95c074eee44e73f96

SHA1
c22c8baa23d731a0e08757d0449ca3dd662fd9e6

SHA256
c89c8a2fcf11d8191c7690027055431906aae827fc7f443f0908ad062e7e653e

SHA512
56bafd1c6c77343f724a8430a1f496b4a3160faa9a19ea40796438ae67d6c45f8a13224dcf3d1defb97140a2e47a248dd837801a8cb4674e7890b495aeec538e

Download Submit
memory/3576-2619-0x00007FF85E250000-0x00007FF85E27A000-memory.dmp

Filesize
168KB

Download
memory/3576-2690-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2692-0x00000163F8030000-0x00000163F8040000-memory.dmp

Filesize
64KB

Download
memory/3576-2691-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2693-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2694-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2695-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2696-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2697-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download
memory/3576-2698-0x00000163F8020000-0x00000163F8030000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.