b15e43031731b76a403b2a3caf193fd1ad4fafe77b1e550b473a1f4d4839b29d

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoGpuAffinity.exe
Size

9.5MB
MD5

7ff1b350471b74b4d1761346ced3bf4e
SHA1

f22183fe77d1718350262f70d324c5c6e3872ae0
SHA256

b15e43031731b76a403b2a3caf193fd1ad4fafe77b1e550b473a1f4d4839b29d
SHA512

00304d72dd0ba76c8b11d93e847e69267371bb6b40e082fec91590dbd258427a89272507d64f38883b1248972f5c2ea3f875932582f62ecc8b020ede0164add0
SSDEEP

196608:1sz0sKYu/PaQVBlibbtc19onJ5hrZERkB2WZufOuD9LjjNWKKy1IrpDhm:qQVBl8btc19c5hlERA2WmfDZ3URoUd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

Processes:

AutoGpuAffinity.exe

pid	process
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe
3844	AutoGpuAffinity.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

AutoGpuAffinity.exe

description	pid	process	target process
PID 220 wrote to memory of 3844	220	AutoGpuAffinity.exe	AutoGpuAffinity.exe
PID 220 wrote to memory of 3844	220	AutoGpuAffinity.exe	AutoGpuAffinity.exe

C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity.exe
"C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:220

C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity.exe
"C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity.exe"
2⤵
- Loads dropped DLL
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4068,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
1⤵
PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI2202\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\VCRUNTIME140_1.dll

Filesize
43KB

MD5
21ae0d0cfe9ab13f266ad7cd683296be

SHA1
f13878738f2932c56e07aa3c6325e4e19d64ae9f

SHA256
7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7

SHA512
6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\_bz2.pyd

Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\_ctypes.pyd

Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\_lzma.pyd

Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\base_library.zip

Filesize
1006KB

MD5
b8ed5687a2c94bdc9f296397960a5ba5

SHA1
5df50ccbf84ad3d3e39c9a0268d8ac70a191d919

SHA256
8e842e19cc3584af7009f414189b0f103a34c5f21477ba953869a5abf50e2624

SHA512
f61a8e30ca783fa07ad8bf8fcbe8bf600e674edae9fc870ed4953d43f4b9a8843a1eb081269e98bcc2441b4c9324c531c29e6857a32425c4baf7280fc28a29a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\python38.dll

Filesize
4.0MB

MD5
3cd1e87aeb3d0037d52c8e51030e1084

SHA1
49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

SHA256
13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

SHA512
497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\pywin32_system32\pythoncom38.dll

Filesize
691KB

MD5
597955a07be4ae08f3b09adbf996fa83

SHA1
3817e541646fd3cdd7a8256a1260f6edfe7dd0c0

SHA256
ddfc515aea27ec414cfc84bef385711c82f0618f482df9d262c490226d7fa9d7

SHA512
485efaecb8ea5b2d4644d9ab0927b636f7ab6d660da04b088e26452a28b5b11bccee9724cb625a7d5bde3fa5909aa32f3568909965439a06d3dfc0b7e345c941

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\pywin32_system32\pywintypes38.dll

Filesize
139KB

MD5
f60da44a33910eda70d838d7635d8fb1

SHA1
c35b4cf47349888384729386c74c374edb6f6ff3

SHA256
13934599ff931f97e8eac6106dc67d54609befd0b0e653b46f6c25b18830c572

SHA512
3c57ed384c23c89f99708bdf688ebd28629e84df8756e7b64dfa8b6e0b52beefb0c62de820f2c72e5679b7632279dcb414a781cfd2c5c9654d09d9da24fa17b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2202\win32\win32api.pyd

Filesize
138KB

MD5
57be78d0f2a66700600266ebc86c9b3c

SHA1
a47987d476cb9c76698890405e0b65aa10e07169

SHA256
9ab2b3a63bf2d0ef5ff3412c0b000756677810f3aa60a10bf62bb92c9f9b6ee2

SHA512
98c2a2e48adfae6c7d3c7d6731e688a27fc1eb6675760ab44f78e4eedebf88b09e425d21baf5674d402f9cfc9d7ebc6d643f8c763c8db5f6b1f8bf83681c256c

Download Submit