d312dd4594de24e3c0b5258cde070351a63d7d16dd373a01fee695c34db56191

Analysis

max time kernel
315s
max time network
396s
platform
windows10-1703_x64
resource
win10-20240404-it
resource tags

arch:x64arch:x86image:win10-20240404-itlocale:it-itos:windows10-1703-x64systemwindows
submitted
30-04-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

valchecker-main/wifi_anywhere.exe
Size

5.7MB
MD5

4fb2ed1baf52e323acebb4aca3003e53
SHA1

5ce84718e911e1d3242fe27dd321245b88ef57eb
SHA256

c276362ccdd36a07c85bc88f601715a894c7e93c5ad41b2f4886574c5dec03db
SHA512

8f04f6cf2013f4211d36ce13f1f308c31adc241fec1cc74a3d5c23d8bd3b448836c1c58acb6c1365c5ae51fffec96316b14be5130eaeb388d2fc102a75171ae7
SSDEEP

98304:r5pH6P2uW5MI0md9g+DgeFahftplflf6dUwOEH6d8e6b0kCbhjm3OxJfIxVkN0BS:rbH6eL2Vmd6+DgTNfwZHYY0kOxJIv07

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4668	wifi_anywhere.exe
4668	wifi_anywhere.exe
4668	wifi_anywhere.exe
4668	wifi_anywhere.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4668	1404	wifi_anywhere.exe	74
PID 1404 wrote to memory of 4668	1404	wifi_anywhere.exe	74

C:\Users\Admin\AppData\Local\Temp\valchecker-main\wifi_anywhere.exe
"C:\Users\Admin\AppData\Local\Temp\valchecker-main\wifi_anywhere.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Users\Admin\AppData\Local\Temp\valchecker-main\wifi_anywhere.exe
  "C:\Users\Admin\AppData\Local\Temp\valchecker-main\wifi_anywhere.exe"
  2⤵
  - Loads dropped DLL
  PID:4668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14042\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14042\_ctypes.pyd

Filesize
117KB

MD5
3fc444a146f7d667169dcb4f48760f49

SHA1
350a1300abc33aa7ca077daba5a883878a3bca19

SHA256
b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68

SHA512
1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14042\base_library.zip

Filesize
1.0MB

MD5
6df297eb28f3b5f23d50769ff061d0a9

SHA1
861f2e5e0e6c69af9f148f95767b23050767a445

SHA256
68ec0f5bfc0a36af258d49b60f185eb279a19ec238d749f392f7018f059c2ced

SHA512
493f313d2ff6f2d9fa206365d3dd99eddfdff581a96bcc5d0010bccf8252df5fb88ae62ebffecd58354d6304bdf7f85b0521f389d6e4de9cc3ddae6b31ce1aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14042\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14042\python310.dll

Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads