091c500a3915a00219843026b7e33c287b1dfc1381230d51e427372fe61587d3

Analysis

max time kernel
33s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

migi.exe
Size

7.9MB
MD5

3d0163d0b6c5db97fddc5c219c84d5ea
SHA1

637049d8ec68eb2a49bb8087a1b63c9469e610bb
SHA256

091c500a3915a00219843026b7e33c287b1dfc1381230d51e427372fe61587d3
SHA512

c23f6272c345d3904088ee55866a3ba8cbcd23dc9375f2836332e8770fb7c11d35703c7a1517bd6fd65c6c3128636406d8af6de00a2a57e4a4f3cec2107abe7d
SSDEEP

196608:O+X2ce61oP1HwwG93wXlLjo2nWvSHPCxjvhLuXwRD2Cbm:Oq2AKP1QwrXVmSCxjvhiy3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 13 IoCs

Processes:

migi.exe

pid	process
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe
1540	migi.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

migi.exe

description	pid	process	target process
PID 1788 wrote to memory of 1540	1788	migi.exe	migi.exe
PID 1788 wrote to memory of 1540	1788	migi.exe	migi.exe
PID 1788 wrote to memory of 1540	1788	migi.exe	migi.exe

C:\Users\Admin\AppData\Local\Temp\migi.exe
"C:\Users\Admin\AppData\Local\Temp\migi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\migi.exe
  "C:\Users\Admin\AppData\Local\Temp\migi.exe"
  2⤵
  - Loads dropped DLL
  PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17882\VCRUNTIME140.dll

Filesize
81KB

MD5
55c8e69dab59e56951d31350d7a94011

SHA1
b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

SHA256
9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

SHA512
efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_bz2.pyd

Filesize
76KB

MD5
ab43ce9d54c10eaa959dba7dfe4e43d3

SHA1
8ce521029029eec97730c497c976891edf12d758

SHA256
a6af2196c3e73aed881bf5b4acb79009c42cec43ac022716ae760827263f31a0

SHA512
1c389e5756e32034adaccb466a0414ffb089ddc3aac2ee7b394cf741bf6b52a8e3be13e4b6c0ccc7a100a3bd15567ee54e47b4880bcd07fc8ed79a13c66f39bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_ctypes.pyd

Filesize
113KB

MD5
2b0168f33b801295e5ad2f305d93c5b5

SHA1
96c0f89a00455a927eb681fe92a652f4fb00025b

SHA256
dfa3ff393adc61acb74eeda611b6f1dcc42153efa4bacaaa0df31c98dd580a67

SHA512
d185b990e7ada71aaa5b8b5171cd5123a55c5d4ea54038cc9d9fbfdaef003dd1741f1d223a544aefd097e0e84fb306882ca6184b874805206e66c9dfe9aa599a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_hashlib.pyd

Filesize
37KB

MD5
6fab5e7f933460bdaaf576a784aae8f4

SHA1
0a0204b74f205adc11a66d580ccc9d5fb08c4453

SHA256
5481444a5c431c26300f9f281bf9bfa5ee233d45d33bc60050dcd987b207bf48

SHA512
578f01f9506072dc539a6f2d71ae48b61d5b3004ceff70843df58cd53618fa5ecd24c04327cd8bfb9fb6c5dd2775fab066facac2abce6b0a42bbf24df13a31dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_lzma.pyd

Filesize
154KB

MD5
a30d3b49e2a7072974f76654eaeb83eb

SHA1
f5cfa8bde3850dee80eb583af8930dabee964e2d

SHA256
600f70916cff70385a751f079fb857c9880d577f3e94255959180cbfa3ad4610

SHA512
4c0019206882815b375719d6ba09a44bf2cd3b820719de15d3b1763d1a2ca4425734cc9ee1bfbf3c0443c51ab58fb92acd1ed8cc8cadb485906c1c82e20fabd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_socket.pyd

Filesize
67KB

MD5
8cbc7bd28cbda6291aa3d8cee8033f7f

SHA1
8a15cab5bab1ae988ec89e71c93039b0cfb77b59

SHA256
f0e11401b417aa7402e93a1eb4b9c594f5bb4522c31f345c28d62752da09b232

SHA512
f3993a3845e3095915524f960fc8da0ef87eaf278bebb62c0721d0c7a387e5a06a21fe65d4f73e4cdf4716f8862b6cff3ed2073c020bcfd80cfeedeec508d0af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\_ssl.pyd

Filesize
139KB

MD5
6c7a408c9eac9f6aef099920bda456a5

SHA1
85cdb7bc727ec764cb864e79b90b80de62b23b23

SHA256
0df59391b76171424124490a63bc9ffc3dd3cd489ce8d32855a48ffa2cf6b543

SHA512
13dabf8bbaf67131e780e62cb98f9a7e9332cc66b9cadde4bcc28e02dcdfc34f4a77a8a1e7990be317c1e128cdd30e9d060213c2c3e74c7ceed7a0c94778d292

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\base_library.zip

Filesize
768KB

MD5
a498ee98182942a60ad36299fcae2793

SHA1
796d5afda93ca65db46f22a9c793f2c8f34f511e

SHA256
226ee9c71106034605502108271361241dc537ea5438c0e0160a01140da2b790

SHA512
baef43c0e9ae7173db6a470f45cc6890f39413f7c9ac00dc4f6184056f01568723c5c96ba302853c30659ada5f6745caaf81d11e65be3343f1ad8e966e5234c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\libcrypto-1_1.dll

Filesize
2.1MB

MD5
aad424a6a0ae6d6e7d4c50a1d96a17fc

SHA1
4336017ae32a48315afe1b10ff14d6159c7923bc

SHA256
3a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377

SHA512
aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\libssl-1_1.dll

Filesize
525KB

MD5
697766aba55f44bbd896cbd091a72b55

SHA1
d36492be46ea63ce784e4c1b0103ba21214a76fb

SHA256
44a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b

SHA512
206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\python38.dll

Filesize
3.9MB

MD5
e6c26b255a9189af3154ee9b2f5993b6

SHA1
4fc4672c0befa7cb057f775893b270507d02f4f0

SHA256
9352ad4fd0dd430457aa608dc981942bbef6bc8bfae52cf1fc48d89377129903

SHA512
20270205c07e85afa7594e26b167523fb8e6868b1a5c3719fb118e7c7da435fc0664deae39688f97cd0c9012a3c8fdbcfc4877c56d6cab1dd2a5d043edb226d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\select.pyd

Filesize
23KB

MD5
a5406b942a9a9f374398269ce717d014

SHA1
53688e98867cce2b430485af4648b822cd9d6a1e

SHA256
e56ec0da1d4a50bebb24bccb4cf32125af9b3686a93f22ed6fd39a155a0bb9ca

SHA512
72c7200b6ac6f4975d28183722068ba4eee8d3c3d4a85844b7c547d4eeb3689ac434ea8f1596b71f3b9708e728e0b3be8d3356917dd563333b0db9444280133e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17882\ucrtbase.dll

Filesize
879KB

MD5
3e0303f978818e5c944f5485792696fd

SHA1
3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d

SHA256
7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1

SHA512
c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

Download Submit