08b1f7f575e70eb26e502e940e107aff26c85fedad5f71919ccca855eeaad6a1

Analysis

max time kernel
25s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 18:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PageViewFlooder.exe
Size

6.6MB
MD5

f379569c86b6bc411b188d23f5049fb8
SHA1

701a98de87c44c523bca1352f445aaea7ddda1f8
SHA256

08b1f7f575e70eb26e502e940e107aff26c85fedad5f71919ccca855eeaad6a1
SHA512

89fc1245cd2e571ae3b6e0a4854b4469c51c0bdc54f54340bf874f72d01898f4cd0af9f09b3b1cb1cdce167e3abe5f1dffc4c9904f9130c40e9112036b63a7e6
SSDEEP

196608:rYieIs9onJ5hrZERlyiU8AdZYJERurTEtrdCXXoQ3qbPe:Ews9c5hlERJAdZYygro9dCXX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe
3844	PageViewFlooder.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1548	taskkill.exe
4076	taskkill.exe
3100	taskkill.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1548	taskkill.exe
Token: SeDebugPrivilege	4076	taskkill.exe
Token: SeDebugPrivilege	3100	taskkill.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 3844	4000	PageViewFlooder.exe	92
PID 4000 wrote to memory of 3844	4000	PageViewFlooder.exe	92
PID 3844 wrote to memory of 2092	3844	PageViewFlooder.exe	99
PID 3844 wrote to memory of 2092	3844	PageViewFlooder.exe	99
PID 2092 wrote to memory of 1548	2092	cmd.exe	100
PID 2092 wrote to memory of 1548	2092	cmd.exe	100
PID 3844 wrote to memory of 4168	3844	PageViewFlooder.exe	102
PID 3844 wrote to memory of 4168	3844	PageViewFlooder.exe	102
PID 4168 wrote to memory of 4076	4168	cmd.exe	103
PID 4168 wrote to memory of 4076	4168	cmd.exe	103
PID 3844 wrote to memory of 840	3844	PageViewFlooder.exe	104
PID 3844 wrote to memory of 840	3844	PageViewFlooder.exe	104
PID 840 wrote to memory of 3100	840	cmd.exe	105
PID 840 wrote to memory of 3100	840	cmd.exe	105

C:\Users\Admin\AppData\Local\Temp\PageViewFlooder.exe
"C:\Users\Admin\AppData\Local\Temp\PageViewFlooder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Users\Admin\AppData\Local\Temp\PageViewFlooder.exe
  "C:\Users\Admin\AppData\Local\Temp\PageViewFlooder.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /im chrome.exe /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2092
  - - C:\Windows\system32\taskkill.exe
      taskkill /im chrome.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /im chrome.exe /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Windows\system32\taskkill.exe
      taskkill /im chrome.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c taskkill /im chrome.exe /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:840
  - - C:\Windows\system32\taskkill.exe
      taskkill /im chrome.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI40002\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\_bz2.pyd

Filesize
83KB

MD5
6c7565c1efffe44cb0616f5b34faa628

SHA1
88dd24807da6b6918945201c74467ca75e155b99

SHA256
fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a

SHA512
822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\_ctypes.pyd

Filesize
122KB

MD5
29da9b022c16da461392795951ce32d9

SHA1
0e514a8f88395b50e797d481cbbed2b4ae490c19

SHA256
3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372

SHA512
5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\_lzma.pyd

Filesize
157KB

MD5
b5355dd319fb3c122bb7bf4598ad7570

SHA1
d7688576eceadc584388a179eed3155716c26ef5

SHA256
b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5

SHA512
0e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\_socket.pyd

Filesize
77KB

MD5
f5dd9c5922a362321978c197d3713046

SHA1
4fbc2d3e15f8bb21ecc1bf492f451475204426cd

SHA256
4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626

SHA512
ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\base_library.zip

Filesize
758KB

MD5
67d863a39e90cd2fa3c20f4b06ce8397

SHA1
98a2e831f22a29d72850d1e7a3de863892dadf5f

SHA256
02cb3daf59557ea5b992663a29eee8e9ac3241f55d3f34a3fc829be19a381b1b

SHA512
ac0536c7138325ff311fb6b7dcaaea0629c3535666b42097232a80046bbc8790b0d84e1b4164f7a4f675e47cd5fd4a28d0053714f44a3452297f05f30109fd3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\python39.dll

Filesize
4.3MB

MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40002\select.pyd

Filesize
26KB

MD5
7a442bbcc4b7aa02c762321f39487ba9

SHA1
0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83

SHA256
1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad

SHA512
3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads