Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 22:43

General

  • Target

    Text%20on%20gif/text_to_gif.exe

  • Size

    10.9MB

  • MD5

    febe7172c9c619467603e18f34f5d6a8

  • SHA1

    41398c0a759c5e8b5d3daff60d61bcb6463a875d

  • SHA256

    d3869682b9b53c2781e2b1ad9b610600ed25f390ce144d7212743896dcdab463

  • SHA512

    f3d52b01820d010a7e9e662bcb6192268f6630f89223da83724e7b3b6af792bfe81d01514d5c45de86ef9abda4171af2d947e343289cc8c22c2769708720d45c

  • SSDEEP

    196608:AHOgSJR1FIPfXa6uWJysVYvsO5okRMPdXVJECGNQ2eQOTrX1iCE3SbbNI944utjT:kE1F8PGWJOokRCXVmrNtwQCE3SHiI5T

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe
    "C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe
      "C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\text_to_gif.exe"
      2⤵
      • Loads dropped DLL
      PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\PIL\_imaging.cp38-win_amd64.pyd

    Filesize

    3.1MB

    MD5

    b684a867c543afa326e50f0baa1ecb6d

    SHA1

    4f20d3b8c647fc424bf61ea48a3d275838c99f3a

    SHA256

    44fd0c580d2ebbc7899f52fccae53c36cc89f502d593a8341007d21316350b26

    SHA512

    45883d15c042b2e85dd74cd61306d8dd0fae5084f8971164ea1a7716f095036ced0b892a946660e2b68603362186946f9cf2de04f95ae0d46994a01f86b95e18

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\PIL\_imagingft.cp38-win_amd64.pyd

    Filesize

    1.4MB

    MD5

    6447dc0adb8dafc7cfe790366ee0d6e5

    SHA1

    e69006d5cde6eae7132e1f639abf54107dd4afdd

    SHA256

    ea3cd8c3f3e6a1bd76eaf7abb1b3d329bf78b2bd0f716ef5fd47644c56c822d3

    SHA512

    8ca2b3ce7bee04b04f26121144c77407c37439ae3d3c590799ae7ce48171b71e97b662bd1f14e7ca7474d9a280a2cd365f428a1ccfca0cb205ab8228a2b039d5

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\VCRUNTIME140.dll

    Filesize

    87KB

    MD5

    0e675d4a7a5b7ccd69013386793f68eb

    SHA1

    6e5821ddd8fea6681bda4448816f39984a33596b

    SHA256

    bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

    SHA512

    cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\VCRUNTIME140_1.dll

    Filesize

    36KB

    MD5

    135359d350f72ad4bf716b764d39e749

    SHA1

    2e59d9bbcce356f0fece56c9c4917a5cacec63d7

    SHA256

    34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

    SHA512

    cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_asyncio.pyd

    Filesize

    62KB

    MD5

    8c28ec788e715e3ca5dc2dd42cf9d250

    SHA1

    16e1b4c324f6f2fa7a206b5fbdd652477756825a

    SHA256

    91a6cb5ff61c48cdfff369341aa7ad85cca7a3cd32e714f6e80187f7ee399d3b

    SHA512

    be67d56fc6c7b672467626a30ae56943e6a9f1fbcc66c9edef5a67935bf314c7f745e6029eade27c4acd525e38ffcda77e3f229a7a5f4ada35547d39f2955a00

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_bz2.pyd

    Filesize

    82KB

    MD5

    70a3a9e6d086a965bd164eb171f3f537

    SHA1

    a85dea115761d8a85ea08004fa65d975bbf37fdc

    SHA256

    5294b29c8130bad79b0a4ba9007f076843ebd35df6317b90ec9822f0ba3d8b57

    SHA512

    447937793cbbe64025db3f3a51cc2124fc73a418aa690db1ff5290edd4deac6a34d894653a33356e1d7ea3fdfcde801c9daa00873c0409d2223217d403c954a0

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_ctypes.pyd

    Filesize

    121KB

    MD5

    9082abcff2c89a406e7eddc1a1d4afd9

    SHA1

    b114950c87dd1c544cf02704f5164a315993a716

    SHA256

    591392e5c488defdcfb179bc0db96504577e2122370ae480e840a90d53ce3f44

    SHA512

    3176d9898c77bb766679242c9667516868b25eadf59d7b92fe751d3bb81a9f4b68472df0d6234b159f27ca1503de29f574bd09b072cd38f503c8d5348d9dd4f5

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_lzma.pyd

    Filesize

    246KB

    MD5

    24919c42c43d9ef08d4e372c339d9e47

    SHA1

    4ed83cdab8830605a7bb75cb03a5764b8ee5c886

    SHA256

    d8e4150517435b30913f4016df052dc7409d0e2b69b5f24333c274d504c4633f

    SHA512

    d2b8a9eed20e27390b47b23140feac340cf448c5c4b5deefe3e42f91e1b3482be1cffa5499b0c062e36ecea8990bea2523dbbef58acc816d3a0f89eddbab5ff1

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_socket.pyd

    Filesize

    77KB

    MD5

    458f0f0ed8d16019d7c2d157bddea94b

    SHA1

    d21848e4ebafac0b9e9ca8d71e4f8cd2b5aaca57

    SHA256

    e6bdbe5d5d66c9790e490f6dbb695ca87a9acffa51c4a37d2948b7f1ba2c8b42

    SHA512

    00eb3c535a0074765f146523b0bb6f16360609a13a38579b19a2635590c2d947c5eaa7e78e7a9324b3670c505d6310e75e78f7e6fdadc23aa12ad165bdfccc69

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\_ssl.pyd

    Filesize

    116KB

    MD5

    486431c1032139d202565800a0729a3b

    SHA1

    0c43a02f1ba3162033410926fe4b22fe79ed81f1

    SHA256

    3dce8bd61cc46761033cd1457c64fe66ff306ea77aadf5543834a9be3b50c074

    SHA512

    4906d70e76ee1dc308027662613b29872f1c97f3e6390c913f1bb456c7be172989f6d1c5671500c23e7d5d054281e10de8d822350aa5606b73d7518b7c4beabe

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\base_library.zip

    Filesize

    775KB

    MD5

    ef85fd90311ad1d32e5eb93e6195a2da

    SHA1

    34b356978571872f6ca3b7779ea9be265db65894

    SHA256

    50b2065fb651a5935816aca199e0dc8eeaaa73363428c83cdcdcb49da4940163

    SHA512

    03665836836bf5f1c29fd270628d86f8b6cb5bdb3d43eb36894853a40dfa533abe76c5c74466d3c636c8f9323c323f50725ea569bca8eee495f71fd1677248c3

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\libcrypto-1_1.dll

    Filesize

    3.2MB

    MD5

    bf83f8ad60cb9db462ce62c73208a30d

    SHA1

    f1bc7dbc1e5b00426a51878719196d78981674c4

    SHA256

    012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

    SHA512

    ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\libffi-7.dll

    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\libssl-1_1.dll

    Filesize

    670KB

    MD5

    fe1f3632af98e7b7a2799e3973ba03cf

    SHA1

    353c7382e2de3ccdd2a4911e9e158e7c78648496

    SHA256

    1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

    SHA512

    a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\pyexpat.pyd

    Filesize

    185KB

    MD5

    b9927b95ff204d9149b6ef7430e70220

    SHA1

    502e0311a32bd5ce2dea87ffce21ddbaf255b07f

    SHA256

    e383225fd8917977fe16f628f9bc9c9cfaf346feb3a90f1f0615dbfb64cc1496

    SHA512

    fc5e879dbce1585cf2726c7db480e81b7180276c8c537b43e33b74e47a0c6d7a292b9843cd60b45046d3dabc9b165891e3ac57b7bd39a391bfea1b9aae51fb30

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\python38.dll

    Filesize

    4.0MB

    MD5

    9e3ded73b6263b671a1d6c98256b721a

    SHA1

    814045f7a2be0ab7a8d34dc8156ba9ca06253ab9

    SHA256

    215e4f42658a1ba952197a3973ebafd2cd1d40a41c335ae376feacbcf5b04e87

    SHA512

    8323ffb40bbaee89b1a3f1a160a24776394591ed21dc63ccb82bece7b9a1fdc2c10404eb9f3f94bae730c57bdfd99210f67a532f789f5e5c5ea14fe76b3ad05b

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\select.pyd

    Filesize

    26KB

    MD5

    ac8caceeaa28137a14784563d126ed7e

    SHA1

    4dcbe48eaa53d5c7d91c420df823dbff54f4da5f

    SHA256

    8e6d1a33b16dcc3922f7159a30ff596194a59b4a8fb5f9864517f03fd19f2c78

    SHA512

    b67bff989af102f5087d95993e9bd57c6808e401979707bc2d33b386326b964abb71f497d82747725fb040a1d337ee453a1d57c37b72fdc06f7ea7687dda8f12

  • \Users\Admin\AppData\Local\Temp\_MEI22082\MSVCP140.dll

    Filesize

    553KB

    MD5

    6da7f4530edb350cf9d967d969ccecf8

    SHA1

    3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

    SHA256

    9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

    SHA512

    1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

  • \Users\Admin\AppData\Local\Temp\_MEI22082\_overlapped.pyd

    Filesize

    44KB

    MD5

    3306d52d49aa0107495e138bf5f64694

    SHA1

    ddf8a31cde3e34fe2ba4f8ba57ab1f47a379046f

    SHA256

    3f3032201cc0e94e73d227f905a99cbf5c117b16fdd29eea210fe6cfdeed38d5

    SHA512

    6fe3d3ced390572cdc874752b095c7adb0b2c1a5251d614da47c8bfd20dce1fc1a32c7b775dceaca5633cbdf33b4e47941c95a8a3c80a1341debdd6882275f0d