e6c7b104a0a3f8f2f639b767e4be9ab483a1bc57465de106653f211f3b4205eb

Analysis

max time kernel
453s
max time network
1181s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

decrypt.exe
Size

4.7MB
MD5

2c037dd206414acbdf7d08604cb41676
SHA1

a30fef9be32c98a6be2bcfca38192434c1fa439e
SHA256

ab290f1a12bbd4526ef44ce87cd88a3babf0ec604cc64fcc43eb32bf4351b45d
SHA512

3237c9c269fe60ed4ec85ac52220d1f810758ecba0e859794702c11de780c0818915452aa8802cacfd27b790b1d52768fb055b819353e768a9f0bb1826ab6a9e
SSDEEP

98304:DMiKUYtizuTxI6OibE913yyN/R7d64P7W+emKY750J6xiEtZQWsewkKJ:DpkiOI69Abi+RhW+eSGJDXWs6K

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe
3412	decrypt.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3412	decrypt.exe
3412	decrypt.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 3412	4780	decrypt.exe	84
PID 4780 wrote to memory of 3412	4780	decrypt.exe	84

C:\Users\Admin\AppData\Local\Temp\decrypt.exe
"C:\Users\Admin\AppData\Local\Temp\decrypt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Users\Admin\AppData\Local\Temp\decrypt.exe
  "C:\Users\Admin\AppData\Local\Temp\decrypt.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47802\Crypto.Cipher._AES.pyd

Filesize
30KB

MD5
fee0d3b5e4d558b7f50b39a39a6c22fa

SHA1
8de9c523389e6efb8c57dd8cd9ae1ea667b03f1a

SHA256
9072e92e648e4049a3cccb981ac3b5c97114dac0dc69e94daaa5a6b0f75b2fbf

SHA512
a74009f18291ceeed1bfb55cb05ff9fb88d4549f6c82e792f9ea2bf451728989e427efa5e40916dc031e05234dcae8f56c791f8067b578b5e61e1e16167c4419

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47802\_ctypes.pyd

Filesize
118KB

MD5
e15a8623d227db645c00a731f45ff339

SHA1
191997f0ab3fc7b209f8ac948fcb866f2193dc57

SHA256
b21637ce6acd18dfe911a0392f491da9dca3787f66fb8ad0b50eabc2ec37c1f9

SHA512
5d1f24d8c77c66ec055a9ff51366743a87aacedcdfd004f7d9ed75990dd7906a27dde0f432c21cf2d9db4eb0e1968212b71571c47e5f39ba5a04de75aca3a752

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47802\_hashlib.pyd

Filesize
1.4MB

MD5
5af923146b2224a468044e5e215cf3c5

SHA1
23faf7f46072746443c8ef5c5b26d050fd612a21

SHA256
0c9013b02b5bbcd694300c230b310179588191f6154398d10b86f972b5a946ac

SHA512
d1a1029c44f52729cfa066dc19cc927aae7d070a227850a1051da27f08ba7654717f1d35946642ca3af3c6c37249dfa58447fb9544d102ae5d1bccd665bc0da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47802\decrypt.exe.manifest

Filesize
1015B

MD5
bd481c2264befefcb67f14ff6aad732a

SHA1
673c81559df226c9371cfe4abb3cca44a80bec7a

SHA256
c66a6dfd70b89b0bc19b982c0aac52a9626b7869fcba0642308a3aa35de870d7

SHA512
30b21c48e23e923a0634e795296eac35688f386ae34203aaa0c5c8b63b1ee3c1fe821bff745fd1cde0c4c0134c764e70c7e13050bff45b41ed9801c8e131679f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47802\python27.dll

Filesize
3.2MB

MD5
5a1a820dd6db24e28084ce4b2f286147

SHA1
a9c0112f183ccd05fb8b5e423bcd5dd39d49312f

SHA256
75bd6533c64b50ee970bc0484d1c490f4c65b4b30cf734d0778c1bb7ed84887b

SHA512
7bc30495440f7d96c0f6155bb286d2ed35f97266bde7eabac81897e6d4f5d57a1608a865a99412178640e46eb63be4f3dac1e48bff3fa4421edf5371e8d57242

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47~1\Crypto.Util._counter.pyd

Filesize
10KB

MD5
1d2a5bbfe1b75bab56178cb8ad1276b5

SHA1
db5e86f806b4c11c97197a4bde3be2211fa4de33

SHA256
eea2d7e4436e6907fa1db6204ef525e5ea21cfbf3151e2e00fda83d8d860b462

SHA512
3a9984128a7330dfbbf0364e562816acbd9842eca2bf43a54ae42d561770745db516820d965464787b21858b635e41fdaecc2c91abddd733ba345f269c95964a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47~1\_socket.pyd

Filesize
49KB

MD5
d2331f27c43c5bacd203c1a9fbd0057f

SHA1
33f17a65381d1ef0d683c7ccead67c12ee40ea3d

SHA256
4e06766f7679b824f40afe07985dda0c26718ff2f9eddecf412dde5ee4a19249

SHA512
d901cba774f1c0b3e8c221909fab0d8cffeb84c761b92702655900a9cfec735fa19d870c8a5b1ffb326b922b23480fbb5de842d9bc25d260c38f5d46aafcfc72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47~1\_ssl.pyd

Filesize
2.0MB

MD5
c0f47eeac56cf1a8a2e8904ba5344b97

SHA1
11611fa852f241ff73b2df286d60810efb146106

SHA256
a2c27832e0e73aaecb501edaf594a74ccde2c9fe74912607644c664dce0e8c39

SHA512
83cdb282856138756fd7412bb8b40bbc097c1763ab625d73711e9d8d3f7b73ebba66f956ab942b57e59de6e5d9c454ec2d5d90c2ff7e58c68857718e2763932e

Download Submit
memory/3412-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4780-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download