5968f58ef7ba110b7a74507e15b0b03ccc9dbceaab215404b7379f1232bd6083

Analysis

max time kernel
30s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

burial.exe
Size

8.1MB
MD5

7455c1477831102fe315f7d0096772ef
SHA1

0d265d8e4872b302a0bf26e8db3dcbcd0d494aef
SHA256

5968f58ef7ba110b7a74507e15b0b03ccc9dbceaab215404b7379f1232bd6083
SHA512

224b0df77339d717a0d0faaedbf9efef1f92c44076bcd68173e8cfc67bdc5fd47230d6c92ccfab68ce2ac32f068cdb9ef57e84256e2375876067677eddd3b8f9
SSDEEP

196608:G5hQWfSCsXDjDyf8ZkTMU9ZqlRASPrRIq8G:shQ9CEDxZkjIRAErqc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 24 IoCs

Processes:

burial.exe

pid	process
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe
2012	burial.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

burial.exeburial.exe

description	pid	process	target process
PID 3948 wrote to memory of 2012	3948	burial.exe	burial.exe
PID 3948 wrote to memory of 2012	3948	burial.exe	burial.exe
PID 2012 wrote to memory of 512	2012	burial.exe	cmd.exe
PID 2012 wrote to memory of 512	2012	burial.exe	cmd.exe
PID 2012 wrote to memory of 1776	2012	burial.exe	cmd.exe
PID 2012 wrote to memory of 1776	2012	burial.exe	cmd.exe
PID 2012 wrote to memory of 3308	2012	burial.exe	cmd.exe
PID 2012 wrote to memory of 3308	2012	burial.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\burial.exe
"C:\Users\Admin\AppData\Local\Temp\burial.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3948

C:\Users\Admin\AppData\Local\Temp\burial.exe
"C:\Users\Admin\AppData\Local\Temp\burial.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c clear
3⤵
PID:512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:1776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title 愛
3⤵
PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI39482\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_asyncio.pyd

Filesize
63KB

MD5
86c1fa7f84e05043885f0e510508d409

SHA1
397806fdb6dbf7c513c18b0e56032e0eddf4a250

SHA256
69a7e18b4284aee2d796320cb81079ed4419d643dc58f342e2bee83eef1f215b

SHA512
9be67af77324add7641d1d8717a8037abc7d71573310b2df593b6d502193ce07f7a17496ed6b01546d3b9428eac1d043f8decf25be663f14d20c1402b162c76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_bz2.pyd

Filesize
84KB

MD5
e91b4f8e1592da26bacaceb542a220a8

SHA1
5459d4c2147fa6db75211c3ec6166b869738bd38

SHA256
20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

SHA512
cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_ctypes.pyd

Filesize
124KB

MD5
6fe3827e6704443e588c2701568b5f89

SHA1
ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

SHA256
73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

SHA512
be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_hashlib.pyd

Filesize
64KB

MD5
7c69cb3cb3182a97e3e9a30d2241ebed

SHA1
1b8754ff57a14c32bcadc330d4880382c7fffc93

SHA256
12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

SHA512
96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_lzma.pyd

Filesize
159KB

MD5
493c33ddf375b394b648c4283b326481

SHA1
59c87ee582ba550f064429cb26ad79622c594f08

SHA256
6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16

SHA512
a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_overlapped.pyd

Filesize
45KB

MD5
0d41b13272bdf3655470f280009a67e5

SHA1
47285ca0a012fa747ec0f441266c88792847842b

SHA256
8cd7e2c9892146816357c3e045ab7571959f6355f17a2cc6d8e72c184d67be2d

SHA512
2db7d0f2210798bba2fd416876ee2f212c1d153d839f38660e7d0c6e2b5e51d96c7d400b3a477da02aa5027a3701da4341bf96a393997851c79a2ae9fb686945

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_socket.pyd

Filesize
78KB

MD5
fd1cfe0f0023c5780247f11d8d2802c9

SHA1
5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

SHA256
258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

SHA512
b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_ssl.pyd

Filesize
151KB

MD5
34b1d4db44fc3b29e8a85dd01432535f

SHA1
3189c207370622c97c7c049c97262d59c6487983

SHA256
e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6

SHA512
f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_uuid.pyd

Filesize
22KB

MD5
71ab50ef5e336b855e6289b0ac3e712d

SHA1
e06c3b0d482623393d2e2179de0ff56eb99c4240

SHA256
6f1cc2d6a770f1b441dc6371decae414ea1bd509b0e37b423faa33fc98a28b7e

SHA512
345b4d664f3bc29cfb743a95f78898651f8d3d1ac1365b89690068888202ee58f59f341466f26bb94bd568b67f2d3fcf2e5f022c9c25f2ca25d5baf0aa514682

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\aiohttp\_frozenlist.cp39-win_amd64.pyd

Filesize
52KB

MD5
521899119d79a4a5e764d6f4186d63cd

SHA1
1454da694c851999cfbee6b4284e16ffe6658ae0

SHA256
f0fd2401d1218ecb3c07019435fd231685b3778d1dccdffeb509057e7a326559

SHA512
d218ced967d7b8e3e5111cdbb9a55ac0b6c31033769b40568f12bb730f75b03291956f9dccf0bba9496d484873541b99d9c7c93495e8b99e51fb0f700d205eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\aiohttp\_helpers.cp39-win_amd64.pyd

Filesize
39KB

MD5
0dc988da2bfb6c784d5a853a8ff4c2d7

SHA1
3301d813d08871d83d9745c705bb5b231289ee38

SHA256
78da0880c0fc9fe48807d98f88c40f8f6b1c351612b1858a2fd48ef172a3d5dc

SHA512
d508569e4871660c1cd4312d7664aebd63b6cf86204f69e7efd802c9a8a29d02255f412c098addea5a5d20d36c74679cf994b2e2dab7fd0abf8c92a2e20248ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\aiohttp\_http_parser.cp39-win_amd64.pyd

Filesize
221KB

MD5
b467eda1eb4c8cd13aa2d280f4b1e974

SHA1
d29dc9259f781acc9630b3e7d7ed1286b72e24be

SHA256
343c8bd75d42fb11665d998dd6ebdca86fe145ddb9b9fc0a55c5d144e905c481

SHA512
af471abb7921f1850ad9cab29ed329f487f8d67dee5804fc2f635e4aa4ec2f5ac8d66951dead4310450226b23d93360d5277eaea04b8478092fd98c39062c2d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\aiohttp\_http_writer.cp39-win_amd64.pyd

Filesize
34KB

MD5
aa98ebfae5f4b3ebd264aa844f719eef

SHA1
3dedf0e36c44b0983e6424daa42836bb176afdbc

SHA256
4b1eeac992e239ba4b5b24cb278f2a3537851da595cda5f2fc9200dee5276be9

SHA512
515e65c60191ffb30eeff358039e1918163d834dd89c69f2ca688df03acd0471e744d9eba8cd82188bf94c11b6fedb79fc56171aa413a34f54bf9c052cfa1633

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\aiohttp\_websocket.cp39-win_amd64.pyd

Filesize
24KB

MD5
a30594d816055c4abd2e2959c4123b49

SHA1
dc7edf537ca76718d7ffbefede649cb181023964

SHA256
1f34c7a790a0009a9d411ac8d65a119bda37b3cfe4d4ce02f5660e350fb963f9

SHA512
8e50179304d9c8e80d850d26183e0658b70d94dd3e175bd667f8b9757df7f896cb66448e9082b5f2d5fe8c6434cbb3b983e0ecc8eea7b0015fffa7950029f69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\base_library.zip

Filesize
763KB

MD5
dc1b529c08922e4812f714899d15b570

SHA1
4aae3300cb3556033e22cdb47b65d1518c4dd888

SHA256
faca55ba76983313bc00e8044be99332c13b58398c377c09108999d6bf339a6a

SHA512
2aed265d4723a8e97ac2fbed6bae1475605631f67f7987ca464b7c582b45d4cabb82ae0928396c0f756257e2c09c9b583b08bf36622f7a7694ea856101fb825c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\multidict\_multidict.cp39-win_amd64.pyd

Filesize
43KB

MD5
f42412b90e07256e49c16897bb66c5b7

SHA1
8aa12a06270f9ffe8847e572148a335ac2fa464c

SHA256
e05a22aed0ee3f1d6c4e77cb65e83413a429624850c578fadb03a6e0fb1c36c6

SHA512
d04677711be79f20ca81d88dcaecb930bffc4c596cdeccb02466ecd304f6b85c7ec44652baa903f9e384869c162dd8e97dc9fac2fe95f7289f67e5f034d4b1e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\select.pyd

Filesize
28KB

MD5
0e3cf5d792a3f543be8bbc186b97a27a

SHA1
50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

SHA256
c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

SHA512
224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\unicodedata.pyd

Filesize
1.1MB

MD5
7af51031368619638cca688a7275db14

SHA1
64e2cc5ac5afe8a65af690047dc03858157e964c

SHA256
7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6

SHA512
fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39482\yarl\_quoting_c.cp39-win_amd64.pyd

Filesize
68KB

MD5
ff84425cce8fe6916a919d580db41524

SHA1
cfb4acba038d39659dbd28533da543caab4ec085

SHA256
66f96a18db54c106523948c61b6fd2d61c444ceea2c4972afc530ce652b14b0b

SHA512
2c51aa7af5cdff70752f8a69dd17243ca9a05b3eefc3ca6c0edfa8d2dbc31dbc30be033817c1018edadb87a4b134de6e4512740d50c69848e051bd01e4cfddd3

Download Submit