4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe
Size

1.0MB
MD5

836bbf125151cb56114b18c61e491555
SHA1

f67bebc1dc0e9e565485606dd1e7a9d7828cc21e
SHA256

4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc
SHA512

5b17a57c5a8fc54ec12b6a077a590a3e845cda9106009e8a8e72ba2649304dde2bd0ff9c2914a7593903e6fa12d48c868921e653126dcf9e03e714a7515fd01a
SSDEEP

12288:0X7Q74JBdBS4msNUCe65frHMnz2R94JBdBS4msNUCe65frHMnz2R9Cm2P/J:6s0bdo4mz1U8z20bdo4mz1U8z2m1HJ

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x000900000002338b-40.dat	pyinstaller

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4072	4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe
4072	4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe
4072	4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe
4072	4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4072	4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe

C:\Users\Admin\AppData\Local\Temp\4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe
"C:\Users\Admin\AppData\Local\Temp\4f1d28e3587b62e01569a925dff6e7b0dc03ba612021ed09551c0ef1064745fc.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\updates\20240514\Microsoft.Web.WebView2.Core.dll

Filesize
244KB

MD5
e2d03260da2c5fb8a89adaa9a8dd23ab

SHA1
82b5cb1646114966d7a58d35926692606e47a6b6

SHA256
ea380c28836d3a3c4827f16e5bd49e2558ed8abcda9dda0637e2f58aaf0557f4

SHA512
a2c4567f511f59161d87afe7f3f86ff98e57882623f75b1a445b903a8ef1a1284a4c931a73b6f1906613219046fb1b9828052f4b265a8a2ee4337a13142dc89f

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\Microsoft.Web.WebView2.WinForms.dll

Filesize
31KB

MD5
d0f40b776870e25322432840c08cce3a

SHA1
983c9e0421e861a179d06da31febb287753bd434

SHA256
ab1116d2e5c988ea33af58249cc34bd98e8d88a0f45f2e1f87d05a106e8dc4f3

SHA512
a2cd4db840f348383cca4c5c89380dd4616bf4ef811bcd09c3759ac247d14aa65eaccce39649847844573a507435b9cf7f35965a8fe43c97a2fffb32a10a0fe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\MicrosoftEdgeWebview2Setup.exe

Filesize
1.7MB

MD5
dbfeba592e9f941330885e5874c77c26

SHA1
2de12a79ff928ece46d45e26ba789395cf085331

SHA256
b60153b20df65cc518f6e4f96ca7609e597b36480bb8acae430d838bcf74d27d

SHA512
d75e15d6f61a1ed237f1429d6662c4bb6d0ab679cc56049026e4e06b35256ddf30cea3988ef76f1c2217df82111bd6e1abd692ea865ca2d51fc3d66c2d8fc0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\WebView2Loader.dll

Filesize
104KB

MD5
29938d9e2f27e281dd8545ad364e6fa8

SHA1
25aa113097aa11e13442b7c8893631d7f5fe2f06

SHA256
49c0650616eadfa63394558cd1d3ed9f64918d5ed38ab3ef32ad0249283df0ef

SHA512
6dadd004471554a160528b509bc2b3382d535e9b06208de22ad4d1079cece9a3f9948ed005730195f1a40f973017ab0c3312bcb2de16dc7dcc199c741e082672

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\adBlock_list.txt

Filesize
528B

MD5
ef54fb0de458ebf4c42758ecb5943119

SHA1
13fcadf7f2e9b7708d32f5e1d8c89440d8275041

SHA256
172641ec8841c107e7896787493f9888ffd548c6c699906392338ec215812427

SHA512
a832b6776864d25bfb16fdb868fdc5acaa730c76df45c39ca0f513a0b7c1772a424bca927b24ead1fe06b50cea267fc01d7d34ee92c068f918bbf8917cbd8a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\inject_script.txt

Filesize
135KB

MD5
958744189369248ffb1bfe9db5452473

SHA1
0c6ac31fb2bc43387da7f04b0a4747462e83e62c

SHA256
248fa7efdadfbae2a98e1452d832e2a20a19fccfcbb96c29f14a210741f25718

SHA512
36696839dd5ad67ecb523b7b502e1ad5286a774edd00c8ccf80fddbdab40ed2d45c7a822aee5503a482d4b9e813f775f1b95021a75c4c3f39a3ecf6a166d4968

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\js-32.dll

Filesize
145KB

MD5
05935c4e88a07c1c72a4dee78af4ab9f

SHA1
2cc423d40386680216cb48762418326ef8edf45e

SHA256
307fe088240c12463df1a1531c86e95b5d0105fcfe807dd4d665728361b60272

SHA512
d7af62be4259a3ab394daece54e73ade69815a870b3a337851204e78e7a539d222c8c0cf649e21c9397bfd14637e0a6e42a45dad3d3344d70301426c47f49150

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\youtube-dl.exe

Filesize
7.8MB

MD5
5c5a893e04df40f909a2ccabc0b05288

SHA1
b728a32e64b537a76e5b31282c64095fb98022e0

SHA256
78c009f4cf8ae56db150800d55faaac97c127c76c89715b23fe406d85c3c0628

SHA512
8f0fd27419ef340d64bff928567b0e4b03d47ca19094b409605ad71ec2b5293a79f814dd2cd4591719a7e386b4041973353fbe90124dbfd4d004b19ea31457ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\updates\20240514\yt-dlp_x86.exe

Filesize
12.0MB

MD5
cd11b52cb5f41654b4665337f58a5731

SHA1
9b112b4d8f335f66f098f4c3488892e3a48b34d5

SHA256
e85a5fd5bc173054b93f84edb3cc01fe3595d9151e0f3088b2851cafc626b9ab

SHA512
205b40554b2b5cdcb2ab360f36d9a28f1adb230ef1dfd3e1fb2e7c1f3e40aedceca4d3d2fc84445952b9012b11a041f068b04a231b6270144d93d3eb1af0223f

Download Submit
memory/4072-21-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download
memory/4072-8-0x0000000009610000-0x0000000009688000-memory.dmp

Filesize
480KB

Download
memory/4072-34-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4072-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download
memory/4072-6-0x0000000009A50000-0x0000000009F7C000-memory.dmp

Filesize
5.2MB

Download
memory/4072-5-0x0000000005A60000-0x0000000005A6A000-memory.dmp

Filesize
40KB

Download
memory/4072-4-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4072-3-0x0000000005A90000-0x0000000005B22000-memory.dmp

Filesize
584KB

Download
memory/4072-2-0x0000000006160000-0x0000000006704000-memory.dmp

Filesize
5.6MB

Download
memory/4072-1-0x0000000000F50000-0x000000000105A000-memory.dmp

Filesize
1.0MB

Download