Analysis Overview
SHA256
6e24b5e42e5e004e77f4096d6d72d6b2d1a9d10e3692e24b740cb4b0751ecd36
Threat Level: Shows suspicious behavior
The file main.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-10 19:16
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 19:16
Reported
2024-05-10 19:17
Platform
win10-20240404-en
Max time kernel
34s
Max time network
18s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3636 wrote to memory of 4240 | N/A | C:\Users\Admin\AppData\Local\Temp\main.exe | C:\Users\Admin\AppData\Local\Temp\main.exe |
| PID 3636 wrote to memory of 4240 | N/A | C:\Users\Admin\AppData\Local\Temp\main.exe | C:\Users\Admin\AppData\Local\Temp\main.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe
"C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe" -ServerName:App.AppXmpqgjpqgts651yxn6z102kvq6a194074.mca
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI36362\python310.dll
| MD5 | 63a1fa9259a35eaeac04174cecb90048 |
| SHA1 | 0dc0c91bcd6f69b80dcdd7e4020365dd7853885a |
| SHA256 | 14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed |
| SHA512 | 896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b |
C:\Users\Admin\AppData\Local\Temp\_MEI36362\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\AppData\Local\Temp\_MEI36362\base_library.zip
| MD5 | 12b6386216e37da51b581ae7de243ec1 |
| SHA1 | bb26f738491d4638adf35438a626a9c5b514f411 |
| SHA256 | 429b7e7bb8419b151addb1e417f38d37b4194f40f06459a3f21996a053e9c634 |
| SHA512 | fb295e1fefe4267d0af3bd915bc72f8784e32376a88143aadc2b1dce917144dd70297abb0a9b513bb4d72f6ef93f21ae1f0d472cce1bffadd2d77f14c7bea014 |