c458d88feff8c68b10549bcc9e678234a0656f1009aca0bb5572076b32fe85c0

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 20:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Tuer Pinger v2.1.exe
Size

10.7MB
MD5

59fe9af3425b2ecf3e96a5b444b6e4ee
SHA1

94d98d4b72acf66cd5ffd3e4be239c73927726c7
SHA256

c458d88feff8c68b10549bcc9e678234a0656f1009aca0bb5572076b32fe85c0
SHA512

666fca4ea8e232c99d0de80b35d1a3fca584ea9bef8bf245fd3b937450b3388407ed44921bc610ea5dd8d5f98462729a7ad1f865b830f52b230e57e54ea2ac8c
SSDEEP

196608:Cs2gV0AjZA1HeT39IigjvKub75bcjWgbwau5p0W8/LQhoANNB5/mgzf+AkjKW8p:wv1+TtIiavB5IjWqwau5qW80hoA/FzE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

Tuer Pinger v2.1.exe

pid	process
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe
3452	Tuer Pinger v2.1.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "237"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

Processes:

taskmgr.exe

pid	process
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	916	taskmgr.exe
Token: SeSystemProfilePrivilege	916	taskmgr.exe
Token: SeCreateGlobalPrivilege	916	taskmgr.exe
Token: 33	916	taskmgr.exe
Token: SeIncBasePriorityPrivilege	916	taskmgr.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

Tuer Pinger v2.1.exetaskmgr.exe

pid	process
3452	Tuer Pinger v2.1.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe

Suspicious use of SendNotifyMessage 61 IoCs

Processes:

taskmgr.exe

pid	process
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe
916	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5632 LogonUI.exe

pid	process
5632	LogonUI.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Tuer Pinger v2.1.exe

description	pid	process	target process
PID 4388 wrote to memory of 3452	4388	Tuer Pinger v2.1.exe	Tuer Pinger v2.1.exe
PID 4388 wrote to memory of 3452	4388	Tuer Pinger v2.1.exe	Tuer Pinger v2.1.exe

C:\Users\Admin\AppData\Local\Temp\Tuer Pinger v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Tuer Pinger v2.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4388

C:\Users\Admin\AppData\Local\Temp\Tuer Pinger v2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Tuer Pinger v2.1.exe"
2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:3452

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:916

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa393e055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI43882\VCRUNTIME140.dll
Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_bz2.pyd
Filesize
82KB

MD5
59d60a559c23202beb622021af29e8a9

SHA1
a405f23916833f1b882f37bdbba2dd799f93ea32

SHA256
706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e

SHA512
2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_decimal.pyd
Filesize
246KB

MD5
f930b7550574446a015bc602d59b0948

SHA1
4ee6ff8019c6c540525bdd2790fc76385cdd6186

SHA256
3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544

SHA512
10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_hashlib.pyd
Filesize
64KB

MD5
b0262bd89a59a3699bfa75c4dcc3ee06

SHA1
eb658849c646a26572dea7f6bfc042cb62fb49dc

SHA256
4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67

SHA512
2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_lzma.pyd
Filesize
155KB

MD5
b71dbe0f137ffbda6c3a89d5bcbf1017

SHA1
a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f

SHA256
6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a

SHA512
9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_socket.pyd
Filesize
81KB

MD5
9c6283cc17f9d86106b706ec4ea77356

SHA1
af4f2f52ce6122f340e5ea1f021f98b1ffd6d5b6

SHA256
5cc62aac52edf87916deb4ebbad9abb58a6a3565b32e7544f672aca305c38027

SHA512
11fd6f570dd78f8ff00be645e47472a96daffa3253e8bd29183bccde3f0746f7e436a106e9a68c57cc05b80a112365441d06cc719d51c906703b428a32c93124

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\_tkinter.pyd
Filesize
62KB

MD5
a7929fd434e8803dde0951e6aa306d6a

SHA1
b0cb108be0616678d68eb8328c065aa1fd38e563

SHA256
5c400b4bc0367e1eff93955973efb3f85ce5970080bb1953f4e80bdf6f23c5c7

SHA512
b8a83fd831ae393ae7bc23d86af79d224142af41837002883296d62b3fdc059a3794f1bb2ecd7714ca75003bd07cb3fc0617d99ffa3867068bfb3a44bf5cf215

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-console-l1-1-0.dll
Filesize
22KB

MD5
cc47d44fe5a8b2c6e3803eaf44a7bd6c

SHA1
b61148a1f6a9f7c210fb4a00b1a72b48ccfbc0cf

SHA256
df7740f66342fe64c64c2528f6d9bd6d3094e4b3c1fdf1752f96b49b1b873373

SHA512
1a6a032acd6c564c32cfac3a190ea161bb36a854ff414a89d01eb7fafb3609c2c20d8e9ceeb5ed7ce2d04a247b38735b1447784b3857e2a4f1302f3e5e5afcec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-datetime-l1-1-0.dll
Filesize
22KB

MD5
e4ffebb7269e9e4a22665f8f87b0ea4c

SHA1
36d0de65c45d3608cdabb8f92aa7bc91895a5eba

SHA256
f883c7905ee208d3fc37ad59152e7a04dd1c8be2b16a0d53ca6848ac06de9045

SHA512
a96fdf2f2563d9ee70093fe4af7795fffaa0eb6186f633437a22251ad45845418603554cb712649dbc71c4326583b2a22eafb6b80f23052b9253d95963c50d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-debug-l1-1-0.dll
Filesize
22KB

MD5
fa65d5ae1cde12924850517df5fd7984

SHA1
278b6d95540fe94fe11495b735197ea9df4272f0

SHA256
da26aa79dd2a06013bec1cb99c539553cb8a242e156523be2ddb50fd344bb401

SHA512
bf50c96335437e7aa8f5fdbb7700ac903f8c0231871f8579d25f2e0ee18c8a0200dd4ba42f29ce47942071accf1a094e8f9babcbaf976d84ef4885a99ce9a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
22KB

MD5
4206dd6c74a9dad4e077c08a22146a71

SHA1
04325d096a32f08f8df324e4aeebf34dbe8d204d

SHA256
8939d2c96c965e4698aad32de4a289a13a938d4cbf492805cd1ed1e9244c3d61

SHA512
325b599bc2e453cbd7917ad083c1bb3019122d8cf1af24ef6eb2efa4fbaa11791e434185dbd280e798c2963c688162b4374ef211b90223557c399ada7deff23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-fibers-l1-1-0.dll
Filesize
22KB

MD5
5884c20ba6fe6f4162eb8af3045281a8

SHA1
5f7586468e4e71d14d9a8cf2247989d80add94b7

SHA256
8c08406eb7d78c31ebf521a8261eaccb54236a152f612c967f4ea50bd01199a1

SHA512
c7ceefb369351fef52f77d51301868d150fdaae090c5d8841223fd84aae680abf698086c122ce3f104ba2439bc7791df6f8d838acc9b99a2afb889e6dcbab02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-file-l1-1-0.dll
Filesize
26KB

MD5
6974f5085c06e7cd96d791223fa34df5

SHA1
d4565193c2d142edee8ded5e731ab5b889e48830

SHA256
0a6e49c6c106ede2dca306b1409d304cbc8028e7fa5d9f381dca7e5dd8e96103

SHA512
3fcf6d843ba11c9450ba06e6c4e3d57a82cf66fbc5daee8ac346bd93b110b8b62d6b4c141fc795c78a6dfaf691dd7fea8ee69912c8b988178917f4e2f69a1c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-file-l1-2-0.dll
Filesize
22KB

MD5
ed5be31d94e10df1af37fad4604770b5

SHA1
f6458eb3f290bbfa9a5f24e1754fb07a654885f6

SHA256
946d6143572774b4fa69804637064bfc209e06b43859d48ab4b001d7615eaae4

SHA512
f107a089b96ae0b62ed76b0b8d5be77a5756837859c4d31199a172fc3bc64de7bc2053175948af6c9e779af0a2483911627beaa9ed079526db2fa19292f986b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-file-l2-1-0.dll
Filesize
22KB

MD5
0bac0d006e4fcc5aee4119fa4b52197a

SHA1
a6f1b4c9652ac92ba56e28bfe8877a3000d892ba

SHA256
0d290cf027a69595ec492a6a31bdc8d3743b75af8d3e2977852ee795730110ab

SHA512
6f5f1b891cde12c378f9c540497631f6187ec62da9d332774edfa42dcc7202b0d490e2965a24038099607f91cf6f8b4b72e41a087d0766d5177817cbe9cf4cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-handle-l1-1-0.dll
Filesize
22KB

MD5
38d83628d8699636667a7c1dc4aa714f

SHA1
b23e59c83946bf9838dd3f3cabfd5e04505e8950

SHA256
f01d6a7be0aa11e4254204ab3dbbf5a16ea9237d54c01a2f30a49825a8bf1cc3

SHA512
584d1d4212e139928c3ce4d0f3bdeff9580975d210033003218cd1d57cafc317cfa117c0149a90562dfb7e99d3af96827fa57a92067f40fce01ff41dce646b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-heap-l1-1-0.dll
Filesize
22KB

MD5
4714b22e4beca91b8278cc92a9001cc0

SHA1
c27140aaf2d4a35798da791f74766c6e8f05a4b7

SHA256
d4d582ca5cdc187f98cee74bbb6b68b3c6f13b7d9890a606822525c944bcb1e7

SHA512
63e905106bf35169ef1ecfeb239cd1a89d469d778c022b9c41b5036edb7160bb60a4cf10c89f6c65cde74db8c1bbf8dd5759c7723b48aa23c7d2fd1238e11f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-interlocked-l1-1-0.dll
Filesize
22KB

MD5
6ecc6f98dedf6937e655aa947c5370ae

SHA1
ebdb42ea46863547d4bf54e557426bbc86041ecb

SHA256
51d74d18dd4307a2c467819f3302f6517e284f1234a31aa21e65aee932dbffc7

SHA512
d22b54cbe24044824640d28a3934a8880882042b3fa4cdd1364c329a32aa05cca279d0565728c541b8bf6c0bc4b9bca894291a11df8f7a5cc73bd02db703f68f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
22KB

MD5
a228592304ca05591b3b425b34fa9105

SHA1
d5208c2b31c667def5821f5eb596565a2774c07f

SHA256
f2b38db4157ec64906ce5786ea692080100279936070997e62180d8941d0b3ea

SHA512
d5b8bcb3aacc8a4f2e198173d269502db4c33b87615904232e581b39226d429f4456dc00c88ce019dae242b053235dd55314f77b05befd85d1d9232da147daf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-localization-l1-2-0.dll
Filesize
22KB

MD5
20bf471cb827deb38c05541295a34318

SHA1
4410909bc6fa6e88c30ee08f5fb03ea03afab22a

SHA256
57b447577c0dfbad077ff8439f4e3f00269824b2436bd2b3b228aa02e55f29f6

SHA512
5ec0e8612cdc4add68dad1c202adc190795e87c7c3e38d0a3ae25571c6a4f0bd47403e6f7f2f5f1c9fcaf30751226394a3265a4aa76d91f027a7c8e26d78e3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-memory-l1-1-0.dll
Filesize
22KB

MD5
695163b5ffc2e208ba170b8d3a5cee4f

SHA1
7cff2aadf94ef0eb6797e6981d88c43b6ed5e2c1

SHA256
e7db9f29388ee14772dc520fdde85947ca0cc127c7a9e9dab3d3534ab59fa117

SHA512
a0cdd2acda761235c6f955a2e3cb86fee240597b01a38b7bb5a4fa34bdbd45a6749b72d6365432f08fad6e72a1110008b77ac13f62e22f745004c4454607edef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize
22KB

MD5
f586754cb299b00787842444c12dc0b2

SHA1
9c4fd12b5261b62480ad91c2243bcb3988779a1a

SHA256
9aa37c93f66243f97279cf8d6b744ff4e8ff761bb5300e1d9e0cb8455faaf629

SHA512
63ff1c5f6619b5773b773777d1bba8cdab0c1f085e289eff955ec1d2e81b5ee8dcf8b4e08264ed09d586c63130dd31e7f5295e581bcece119a58b100478a236c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
22KB

MD5
04bf6ddcbe0d76616ef47bfb8b682fc2

SHA1
d29bbec8147e16f5738ab451f15259706d5d71f7

SHA256
6e5b3b2cb335a165684a2a9fb5929dd7549698697653d87b944dab8083f3d820

SHA512
924b8bd8e4e1c2c1b089cbb60b47f873472fdc73cbc9f9b32d893752c0164507559c03716bcb0410ad0d06a4bd6d0bf32491b256389bb51d175f1e9fe98291ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
22KB

MD5
d34111942392b69a9d067240b762e664

SHA1
9a74d5c1ed7ecf0c4128bbec7db8391f92aad08f

SHA256
f65fa6979b60f36292672789f4aa93968d43e138d7426cdf7faa83ed76aebaeb

SHA512
65b69c62b322f73fe88a86d1b63d2c98bc8693bb26e8830343d396c93609f8b95bdbdcbff007f6bb93961f3a45d7c593168c28b73188a2ed3c3d0f865ee887eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
22KB

MD5
e5f624217aa3580fdd5e7873ea89ccc1

SHA1
5e32aea2cea67dbda98b635068a93a4e6665fbb9

SHA256
fc1636ec583b9444580d9037bc3120702abffef0d5c67390363e50ec6ea87d86

SHA512
3f4a237bf3fe4b3762acc99b3154426ce53e6de2ed46ed54ccfa0aeef2ec16b46b4f6491c166a5bb4ea1f52a29373d0448d141f48894aa7171da869056197aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-profile-l1-1-0.dll
Filesize
22KB

MD5
125861e611931b1135a312e4c27f613f

SHA1
c7cead9052c52c6c30020be4e071adabf441991b

SHA256
d6b1ea9d7a1db99d326a1d5dcbecb0dfd9d7ee168a5e64e5bac6c0c2c64df4b2

SHA512
f2679d3c0244debc97da72f8b8365501e5056537b38cafc8ae7fd56cbe0bcfec582924971dc5f46de550d1710574396c90ccae706f1499e11976c907bffb7266

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize
22KB

MD5
19393f3330ede3d8cbd085eecf2294db

SHA1
86cef59fb3a0ec2110f3224306cd82bbd186f918

SHA256
01624a02a54e3b13ed829ea3fa1a4c1ac7dd9e0bb2b5e80f2a7740a3e018b375

SHA512
cbd4bb9da5926e3143fbaa1376fc78bd3398ea6fcce53c4feb71751bc48565b677c6ce1dc99a9343cedd50fc516f465aec92799e6eddd4fd545b19b503266071

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-string-l1-1-0.dll
Filesize
22KB

MD5
296d0825c61446af51511865b2c2d1ac

SHA1
45032ba94b9973ffacee284107505645841300b0

SHA256
c17c693e2628d3b1af1ee6763863ed4c24d8c1b770f3a1e48894dcbe256ae820

SHA512
5e08b338f0463415c4f3175d32157c125d333330accff7720c88df21d7731ee881a36c37f84353ef4d09bdb63ce012c744a6a507f908d8a6b26c7544acd77c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-synch-l1-1-0.dll
Filesize
22KB

MD5
69b283034869510dd79b6b205e2e64d7

SHA1
94c1e69ff1b7c3e04236b7165ae46db4fadd3740

SHA256
79915502d54cb22835201dccbbb32fa68fb9c09547a682e5d2c260f84bb8c007

SHA512
0872668e89cdfb54c6affbaccb91d2c86dbde77916cee8ef51b0e29bb87c64d5a8c366fdb8e05f219d24269e717e2c11842ddbc4ba9c842d2df329d4e2c65160

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-synch-l1-2-0.dll
Filesize
22KB

MD5
b5f087b3cbe26c71ca2cc0799fca5074

SHA1
e178fba39b966b8553a493307790b94a09806c9d

SHA256
34c5986aa7ff730c67a85bc3bf0b144be2145e354b32cff47ce3c13742ae8727

SHA512
bba872ae88be30ad7b7892e5160d40911e4a8c8f97846bb6059738f163aa9d6a57c1cb9f560bc2590e5c33b40ce7e2b8659e404f5a00f9e24f171f8c2d03fe55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize
22KB

MD5
89e7cf9206845db0d05df91dab0d35f3

SHA1
678415b21e6e95324de10cbd141f7d99aeefebc4

SHA256
ee5274fd1e524ceeda2da4a03a456c7b6dfaa854824ce6b40a9602c86bbeebad

SHA512
d963214d57baab9ba37c1a2fff75aa6f1b41bcb4152019bb2bb0bc6e586c50b6508fd8363fa53b1f2c104b10d70cedaadd5185284b308a00d79ea5a004c14de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-timezone-l1-1-0.dll
Filesize
22KB

MD5
50427f5c7ff2fd7498ffc1448ebbb842

SHA1
65273390f7a29293bab562f0960459889bb934ba

SHA256
583cf4c4303ed783ed295595d0dd2ae0ca6ca7927e9221dd0fb705aa5d0ee866

SHA512
7f6e5ff3e9486363fd57c6ad3e6bc37a4f5f6d579eef02725a83c210c0e4782ab1499d049fd288dae312724c1a509a48f0fc9c19ebb66bed6c7e3f588f817439

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-core-util-l1-1-0.dll
Filesize
22KB

MD5
a4140d09b8ed3337888af6170ae0dc56

SHA1
a9ee441551f4126d240bdf1de222a471703433a0

SHA256
39b234718ef24a0a5f43616fb01b3924082f40379f7477cdb7e06146818d4090

SHA512
4adc3bf78e22b318ea32eb10b4d1c40087d1aaacf40756c2c2e8d5f2b2707685dbac6a87367329e25fd7ee539982b1a9975846e3e41d6db084e04f4d4a3efd8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-conio-l1-1-0.dll
Filesize
22KB

MD5
b18687e72fe66390829043980365a491

SHA1
2601b1b9b876e59f054a548c992bebf42a925a73

SHA256
bcd4d8c6bc6657202e4002edffa356fabc22f0314653076a2154579a7c87cf8d

SHA512
61d9bc0979a39abea5763d3c1ba868a350d95eeac14d74b590fc321208dd9207571ba920ea039556632118ada6a5e93df802f52a245ec8f6ce3a8fb2606001be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-convert-l1-1-0.dll
Filesize
26KB

MD5
5face7b4adfcd0117a26e168ebd71111

SHA1
8d5346a702efa3fe3c48481807d77bd92afa7e87

SHA256
e45d2ce250f7ef53ad4719390ebabd3d9784bc2e603a5c767a26211f3ee5751c

SHA512
2967c105cf6536c741ac544b73ecf68e7c2a0d93af51ef0abdd08a9ed3c9bf45c7497b6a76e054c711acb7970a945906999662ee437c9cb2308116ff8f8459fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-environment-l1-1-0.dll
Filesize
22KB

MD5
a670ce2037ff0ee59a8e9291491a4057

SHA1
f660fdfa16237524766c700b46b675fbf1854843

SHA256
3e0de63a4845898d4b32be8b5fce16db5d4060a100768a528ab6d7991ef867e7

SHA512
f3a50590b14e172bcc077d2ed1248c3cf0706f084e6e455408721791acd84a285fc378e2e95065d906fffd3bdd9daa31822fd27c83f482eadc954f01387f6fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
22KB

MD5
f20e38625244bd6d03734665330d8ab7

SHA1
78f53d001625047ba14aa0c52e6cb444f7486a55

SHA256
349341ae357a907843d7efb635b7ed700cea40ac3dfd02b941cc9f4c10a5124c

SHA512
85ec9a8f4ee3bbb8b1484706903a8f5bb193a92a6535ad4b98b289f2e708673cb68d43a4579d8c0ed746ad43a8d6394e1b96ab8bacbfdb1eeef82d8b07e82160

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-heap-l1-1-0.dll
Filesize
22KB

MD5
2c9432a53905230b8930a9eb3163dfc1

SHA1
d6149e8b4990c37a35b46f9d7225eff85235df12

SHA256
725bac7fc0625c3226f7aa59092af2a0c7e004c91660ab91b71962a54526311f

SHA512
f7f56a5aa398273ce85469ff13051c54658320ec8dd69b3ef16804865696640b58cd9e8c68b80d53e2e8a167140ff3dc2dfa766702b8ba6715d7c45241023992

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-locale-l1-1-0.dll
Filesize
22KB

MD5
074c1baa54ea468115c15b0ba57cc3a0

SHA1
1a72221679947f3fc4b3310d7e5abb1d4a50b3ce

SHA256
43aded5d470d00bb7727900674a97a804d26f523326a7841c4fb659a61aaf3ed

SHA512
ca46b4bde2d9b360789ca11ac897012cd663c291d49148478c2d06c5e2ea7c30d5de7358f26f31fb2f7934b82a4fb8c211a4ca7160f62a564bd56c08edc10a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-math-l1-1-0.dll
Filesize
30KB

MD5
304f54cffda2847cb45f920b610b0e4a

SHA1
6fab632a3efbdaf51a4e9947ac77c521a4fb84df

SHA256
6035c5b1127c934aa493857bd81ce185b1ed4a930782a9f7a90b409133c98917

SHA512
c932bb461a161c52c9c934daf5dfdcc7ef083c4fd2aced7dd849fb9053cf9884cd772c77a8404b2647c4442eb0815aa4005c1af2d81379680f426c5c1d432a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-process-l1-1-0.dll
Filesize
22KB

MD5
e52d6be3cc998b12b016720abf3aea35

SHA1
7a59711bdc6824713530f5b333646f2c40a3c2ea

SHA256
98ac6c5603f7d72edb3394793d1f6dc7d3c21e7cb947b78635595b89229bee43

SHA512
3874e1877eac654f868378cc4a1dd053f208cfa6dc716553532e196b41722721c495ae278d5065805d1754fd32d10e8760362fbb9ab0b6a6d22c3794d2dfdd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
26KB

MD5
7405646a0c52832d925c227ac788f8e7

SHA1
f8c8587bdffcc698034a5e087cd9dc2a36a5ff74

SHA256
85767ad4b5bf3dca2cf17c6f5f89aa624155dcad9259bb0f579c226d8a9b87ab

SHA512
aa6d36c982b9792190e1e6ccfd90f86b484c661a909223e505583991337ee4fc46ddc2dfd62d8627176d12e8e98dcac8ac26e70ad4e49912b21b38ff1be4bdb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
26KB

MD5
4474ef9d4fd748ff42a15c99f9c73fe9

SHA1
d7fc5c059ad34c06a670c8b22fb3baf7de31f6a3

SHA256
a45705e7bc01ef61dfdf15e3b9653801632b08d8be31bcb4542ac99e7fb0cc61

SHA512
a52ce0e828fb2b45aa9c7530abb8472afc7a6492cf7f0906f85809b139aa4f2e7be91e38f16a9e4272ba3da363c67886918575d6485b2fdc4ea3a08b8a467c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-string-l1-1-0.dll
Filesize
26KB

MD5
33b8ce73f08598016120b33e4ceeefce

SHA1
b4d41e03543761803e95ca80a3c992216f2115ec

SHA256
ede0b631a414e9caf3bd749a9e47eaabed726343b0a0924dd3f1c3c68cf05ab7

SHA512
a4e798581274a1dd931a62c07b086d5d34a1d829f25357bc30ff5555ac5ae9d792626fe47edcd7609b08a477bdc6f476ab40a6129f6effcfc1cb640475a586c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-time-l1-1-0.dll
Filesize
22KB

MD5
e4fb1306fce8b1c7935ade1d3dc8ab1a

SHA1
9cfaeecb0a7dc2f90a01ad81b88f1903cdb39cd8

SHA256
fe28de3831eb8da673cb9f0e46a8acc4fb65438fda1c41f14e47885ecbaeabbc

SHA512
bb2dc4cabe8c85c38661e4746fb7e65a4915e52e222aa660d8f95369b2d0ff27c974b259a65036fcdb89ad32be1ccd12b692840b9ea12e9c5a23b4bdc4053376

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\api-ms-win-crt-utility-l1-1-0.dll
Filesize
22KB

MD5
9402bf4821a3ddf7ced7b064cd7f19b8

SHA1
5f686653118d939dc3eb370fa04102517069f92a

SHA256
b6b9468b503303f22b74c5dfab16cee0c39ae0231de9c8411d9eabb298c56efe

SHA512
f5cd4ab7eedd098cd200ecd9bd9231080a8949ccaca81f5bf51044f9e040c358b2c5caf5bbafc19f4654d30ed8bf5b6dc184b9f6d85eefeafca56f3dd37885c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\base_library.zip
Filesize
1.3MB

MD5
630153ac2b37b16b8c5b0dbb69a3b9d6

SHA1
f901cd701fe081489b45d18157b4a15c83943d9d

SHA256
ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2

SHA512
7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\libcrypto-3.dll
Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\python312.dll
Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\select.pyd
Filesize
29KB

MD5
8a273f518973801f3c63d92ad726ec03

SHA1
069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f

SHA256
af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca

SHA512
7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\tcl86t.dll
Filesize
1.7MB

MD5
b0261de5ef4879a442abdcd03dedfa3c

SHA1
7f13684ff91fcd60b4712f6cf9e46eb08e57c145

SHA256
28b61545d3a53460f41c20dacf0e0df2ba687a5c85f9ed5c34dbfc7ed2f23e3e

SHA512
e39a242e321e92761256b2b4bdde7f9d880b5c64d4778b87fa98bf4ac93a0248e408a332ae214b7ffd76fb9d219555dc10ab8327806d8d63309bf6d147ebbd59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\tk86t.dll
Filesize
1.5MB

MD5
ef0d7469a88afb64944e2b2d91eb3e7f

SHA1
a26fd3de8da3e4aec417cebfa2de78f9ba7cf05b

SHA256
23a195e1e3922215148e1e09a249b4fe017a73b3564af90b0f6fd4d9e5dda4da

SHA512
909f0b73b64bad84b896a973b58735747d87b5133207cb3d9fa9ce0c026ee59255b7660c43bb86b1ddeef9fbb80b2250719fd379cff7afd9dbec6f6a007ed093

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\ucrtbase.dll
Filesize
1.1MB

MD5
515421ddfb75fd1cd224edb6d765abb0

SHA1
9343f37828b2cf8f83b246e59681e635950c02d9

SHA256
1617fcbcf7da6373c49ea27075e879a06a05eaa2d523fc035aabb7daaeab7f27

SHA512
b7a3162a3473b668d26df1d4d28ceb12de61b671b05bacb42dfb45a17127698ed22281d244d2c13b232396dc01f1bf6d39d007b207444aed5fd3e0a45b813ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\unicodedata.pyd
Filesize
1.1MB

MD5
04f35d7eec1f6b72bab9daf330fd0d6b

SHA1
ecf0c25ba7adf7624109e2720f2b5930cd2dba65

SHA256
be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab

SHA512
3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43882\zlib1.dll
Filesize
141KB

MD5
b4a0b3d5abc631e95c074eee44e73f96

SHA1
c22c8baa23d731a0e08757d0449ca3dd662fd9e6

SHA256
c89c8a2fcf11d8191c7690027055431906aae827fc7f443f0908ad062e7e653e

SHA512
56bafd1c6c77343f724a8430a1f496b4a3160faa9a19ea40796438ae67d6c45f8a13224dcf3d1defb97140a2e47a248dd837801a8cb4674e7890b495aeec538e

Download Submit
memory/916-1933-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1932-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1931-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1934-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1930-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1935-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1936-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1926-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1925-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/916-1924-0x000002E55CC90000-0x000002E55CC91000-memory.dmp

Filesize
4KB

Download
memory/3452-1044-0x00007FFA4AC60000-0x00007FFA4AC8A000-memory.dmp

Filesize
168KB

Download
memory/3452-1042-0x00007FFA4AC60000-0x00007FFA4AC8A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads