Analysis

  • max time kernel
    139s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 22:10

General

  • Target

    lable.exe

  • Size

    4.0MB

  • MD5

    7851bcec68bf355b070529967cc880c4

  • SHA1

    3fd1cba625c224a1e23796f9378ef20326362d5e

  • SHA256

    285f9d4a3d5511e68ccc9ff14f209ac6cfdc0c3a51063d217190d5b8d49c2e47

  • SHA512

    62ad357602c63129397c8dc31aa7a0107841fac0625f0187c7398eff4debc7aff3265d4654eb1014470174e5b0cf34d7970fc4dfa25cb757961d3b50bb850481

  • SSDEEP

    98304:5oMydBAEoDCqpDMwc518vSo5QAXZx7SnmG7Q7es+iRQJ:aRxCz9Mwc51ISSQ+x5Gqes7RQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lable.exe
    "C:\Users\Admin\AppData\Local\Temp\lable.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\lable.exe
      "C:\Users\Admin\AppData\Local\Temp\lable.exe"
      2⤵
      • Loads dropped DLL
      PID:4988

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI21282\nmap.exe.manifest

          Filesize

          1008B

          MD5

          0b2c7a6cfa4ab98d30d90edff0d6ffad

          SHA1

          5a01176a73222692b8de5260f79ab43835e04617

          SHA256

          17e3c6bb3e94a33a45c10f936cbfac0ccf2f278bf1b45fdaca51848b85126ed1

          SHA512

          60236f3029c1034d603ff68b1b9e453fbd116e31f363e77fbae9f727fd77aa28f4a5475333baa049519d9f3d4852fbcad74dbd96770a28257062fd33f1cb904b

        • C:\Users\Admin\AppData\Local\Temp\_MEI21282\python27.dll

          Filesize

          2.5MB

          MD5

          0e900097c62c0a6cc257af1dc175040b

          SHA1

          a6d7d03c1edff05c1718b02fdfe07c62540bcf6a

          SHA256

          a75b37bcd5b6a93a1e5c9bed640e9cfc0e2bfa12e2f91edb9affc557d3c45701

          SHA512

          38f0ae89d9904c0e05e858914cd27444cceb5135874d7e37645aa751b48e03cbd9a9fedb3a12f4e44d9eefa2c83d20729fc0ce3555fd59149cd5c084eaff447e

        • C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_socket.pyd

          Filesize

          45KB

          MD5

          a9cc2ff4f9cb6f6f297c598e9f541564

          SHA1

          e38159f04683f0e1ed22baba0e7dcc5a9bc09172

          SHA256

          36a7dd2596598916384044b680d62fc7369d246703a57178c27c74214a78585f

          SHA512

          9d99f546e5fa8c235fef007d8eca990350f35d11cd903c5d91611c133166845834c27b1c6a9132c71776754580d9e62fb5072ce6ada1f48feecbf408ca39026f

        • C:\Users\Admin\AppData\Local\Temp\_MEI21~1\_ssl.pyd

          Filesize

          1.3MB

          MD5

          d0e36d53cbcea2ac559fec2c596f5b06

          SHA1

          8abe0c059ef3403d067a49cf8abcb883c7f113ec

          SHA256

          ae14e8d2ac9adbbb1c1d2a8001a017ba577663322fe7606c22bc0081d2764bc9

          SHA512

          6cc4a3ede744f81a8e619ee919dfc25e3d16bdcdcf25ec49699d9c1b5511e29d88c67bb7f6936363960838a73e4417668fe6a18220bf777baf174bb8278b69be