13c42d320f8be737c8fcbb72a24cedad7c5bf22e12f09d5775a711d715f5a983

Analysis

max time kernel
134s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Karma/main.exe
Size

9.6MB
MD5

0a3a02ddeff49d3b358fa9f2a0dbc10a
SHA1

683f5415cef48235a4617e3c9ff17834c37422ca
SHA256

3cbe12345bb51f8b87528be5fc3f156bb8e0ed7c855b1740f61fc87bac7709d9
SHA512

92f8daf8456565753602071c9bbb678edc4d902668682f24888c714c9aac7710e35098743e51a12ec92cbdd8652f43a259307a88260e7a9f327d5559c50ef2d6
SSDEEP

196608:j80FzJRL2Vmd6+DxWVuSn80urLZy7YM30Lzaj7XCXpFOoU7Qc8IdXo:PlRL2Vmd6mxWj8J0Gzaj7yXP1jc8CY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 43 IoCs

Processes:

main.exe

pid	process
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe
1908	main.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

main.exe

description pid process target process

PID 2244 wrote to memory of 1908 2244 main.exe main.exe
PID 2244 wrote to memory of 1908 2244 main.exe main.exe

description	pid	process	target process
PID 2244 wrote to memory of 1908	2244	main.exe	main.exe
PID 2244 wrote to memory of 1908	2244	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\Karma\main.exe
"C:\Users\Admin\AppData\Local\Temp\Karma\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\Karma\main.exe
  "C:\Users\Admin\AppData\Local\Temp\Karma\main.exe"
  2⤵
  - Loads dropped DLL
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22442\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_asyncio.pyd

Filesize
65KB

MD5
a3f434f6cfd2f339876e7d345fe178fb

SHA1
ff71d1a2edc691491394517de2c32f2134925776

SHA256
102043b17c20043e4624f60e444131382363b69ff0e683c13fa17af156766483

SHA512
6f2d69627a7f01f295add9f1b333bfdba34eae56b04a574227c2ece315ab803683dc3d38b70b095736d2cbc68b3463dd16e54e9c66b757ecb28ad1297e617632

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_bz2.pyd

Filesize
85KB

MD5
b024a6f227eafa8d43edfc1a560fe651

SHA1
92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e

SHA256
c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d

SHA512
b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_ctypes.pyd

Filesize
125KB

MD5
a1e9b3cc6b942251568e59fd3c342205

SHA1
3c5aaa6d011b04250f16986b3422f87a60326834

SHA256
a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3

SHA512
2015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_decimal.pyd

Filesize
265KB

MD5
ff0bf710eb2d7817c49e1f4e21502073

SHA1
26d4499af20aa2d154eb75835f6729004b4f079f

SHA256
c6eb532da62a115ae75f58766b632e005140a2e7c9c67a77564f1804685a377f

SHA512
6cc6a2cc986c84c00a51e1823de4eb56672b36f6ff4c4b23f43c93fd39d68fd99d5b51df6374e7b7f89ac945c0b421bb6bade9a458dd43c3d9721aadbbcd2315

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_lzma.pyd

Filesize
160KB

MD5
77b78b43d58fe7ce9eb2fbb1420889fa

SHA1
de55ce88854e314697fa54703a2cd6cc970f3111

SHA256
6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a

SHA512
7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_multiprocessing.pyd

Filesize
31KB

MD5
d01d2743f2e38d40722c3f219a4950c6

SHA1
839f4814e9c90726e02d46aae2c9f5139415ea48

SHA256
336d2d5f4e4bebd6b3823dd218dcaec49bbbe902ddeae9ecd66e4cde1b2bda6e

SHA512
931561f1568aefdce5fac02136e49398dbc692157e9f9bd0cf111357d46e3b14b757a42ea97d3539f203c18324cef76680fdf81191b47a2bcd1ea86b3d34b570

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_overlapped.pyd

Filesize
46KB

MD5
fa44f2ac914b98bcec6dd102ec612f87

SHA1
4840ce511f46ff9523fa1874f70463491282697f

SHA256
ac33b6b3aacc31d2db8a502110881b4b711e2fb94983f85581e30953c9ac4721

SHA512
e6d691bc8622a616c7ebe98c362b7b9257c1840bee15161941a1e43a228e48985cb81ecdf41a8d4f60b6bf11a1dec16e81c12576d0ca00e6047e621f7dda3538

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_queue.pyd

Filesize
30KB

MD5
328e41b501a51b58644c7c6930b03234

SHA1
bc09f8b62fec750a48bafd9db3494d2f30f7bd54

SHA256
2782cf3c04801ede65011be282e99cd34d163b2b2b2333fd3147b33f7d5e72ab

SHA512
c6e6e6bca0e9c4e84f7c07541995a7ee4960da095329f69120ba631c3c3e07c0441cf2612d9dcc3d062c779aec7d4e6a00f71f57cc32e2a980a1e3574b67d248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_socket.pyd

Filesize
79KB

MD5
cd56f508e7c305d4bfdeb820ecf3a323

SHA1
711c499bcf780611a815afa7374358bbfd22fcc9

SHA256
9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34

SHA512
e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_ssl.pyd

Filesize
153KB

MD5
70014e88ecf3133b7be097536f77b459

SHA1
5d75675bb35ba6fae774937789491e051e62a252

SHA256
d318795c98c5f3c127c8e47220a92acba0736daf31bab0dc9c7e6c3513bb2aa3

SHA512
aa59b32c9164afca1b799e389c7087e95eeaa543790b6f590f9e30aa13b7fdb8cc83d0ef6351f0b578a4da636f4ca1e6dfe4558dcf3a813b744a80f7392aa462

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\_uuid.pyd

Filesize
24KB

MD5
d7074a9d35ed4ff90b93660ed4f1ba75

SHA1
418f4e62c61b30aece854551a5b629d23eaad010

SHA256
c4ce019fbd541918d3e7ddf7845bf0449068fc7eee3b57da730860fc7741d561

SHA512
6cf06012683aa4fbd85341e496434add21eaa6c72b8100a4ea2539702062860f97ab8b324064ad0689faa81762f4961d956047130d8a14a543ccf0c57a05173c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\base_library.zip

Filesize
1014KB

MD5
24701bb1c0d626cfba95d5b1099fbb6b

SHA1
352a540fae2aaeec3be0530a1f8d798950046484

SHA256
66581b32ba0607999d5dde1b7da676fc36e7a8306b4293cba199c16409b28881

SHA512
bf490defaf78ce3762cb423ba0e6a7cf3d72f3f86f079606c471c7c8b0da8c70ffd0db9e0a13af953e9898b69f8d501adba57c37686bb5a1ad95711159b2a017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\__init__.cp39-win_amd64.pyd

Filesize
33KB

MD5
b4e5891f88ca3236d289f36260d3808d

SHA1
f710439fb54b832d7e69400e13d382fa14f5988f

SHA256
29a120f0e6cde186fdf6038ba9e487e8751659afac438ecc533e3bfd377b3c99

SHA512
5cf61d8413fc4bdd363991b0d879cb67143919a3455635c3f49b3411b7b43f76673533179de7e865724be30675ea921d86dd94681570f4294aea1031ac00fa98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\class_validators.cp39-win_amd64.pyd

Filesize
186KB

MD5
da0f17763cbf3d2c16c5f41e7680cf47

SHA1
6d4d28c16d5406f0bedee103305233b436e83b26

SHA256
1d220da3f7824d88ae987e067fc5274d59eb624014f0d6cb7a873810604dd806

SHA512
a5b93df994a3280f54acae33567a98698bebac305accf96a4cc61e052543a7556de2af213569ffe5643544053ae505150b91ad956bd5a04520887128372a1647

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\color.cp39-win_amd64.pyd

Filesize
222KB

MD5
0a80815d8dd330c49053f1ff96625d07

SHA1
425a6d2d67db167b10a1c0d803a06227c8c1fedf

SHA256
27116258557b71626e22116c4091935b5dac95c8b000344eb1fbce0fbdfb98e2

SHA512
15e93ca446d145e71d430d79c2310f6e68e2d5f3103ae1d0ccf6406c307062a6e2df0e55863dd4637f6a6df7b9dac4c594abdf7b07e2b8e1d5d74ca17dcdb353

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\config.cp39-win_amd64.pyd

Filesize
77KB

MD5
ec31006e382ceff44d7ea67c5cd344d8

SHA1
7baa97769f44285a670bee7379cdeb8333023e69

SHA256
b8c51e11156f036ceb4dbe4bbb029cd0badbf00de6f32f53cc4d5645bc92e371

SHA512
be4ae50e22864d057e06c68c2c3b6651440c2628808e516eeaec4961c4764f878c374e6abc0ae85740c6b8b4581f3db0b1a9474f31a8a578e29b746af4eaa7c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\dataclasses.cp39-win_amd64.pyd

Filesize
187KB

MD5
f999f411203902c09a64cf0b230fd429

SHA1
2d84de61bde077d6e19d8de04d628cb596202ebb

SHA256
7c97af875d0dba23131dda97bfc42cd69a97c8382b174ff7398ebe8e4536d818

SHA512
94f7ec8e3510241a9c041180601b7c313579f7642ffd218228afb82c86169bdb97ecb2e80ef2d5fc850d8b1b879319bf9b328169fb134e62e2ae33a6c62f1502

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\error_wrappers.cp39-win_amd64.pyd

Filesize
113KB

MD5
78f92ae5d1be8462ed7c34f307fcbf24

SHA1
638aaf0b23272bec40e9062b8f62cd02f6042291

SHA256
a2226d4fb43af1661669454f24b78dd5893b0be04c0333cbe282f23817bbae07

SHA512
66244be7dccd8934d1884a3e66bdd22d98cf65a300d87355884f2dab3c1fefac47d2c07cecd60bfa90bbfa66d6e41b3d519617646248a6567f2528b4608d263a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\errors.cp39-win_amd64.pyd

Filesize
174KB

MD5
94f2e4dcdac48d9dc23d25a903866cd5

SHA1
d85a96f7b3cdab7110ce135f96cf04322d986654

SHA256
6a66a26816211ee38b2b63e72abd821345142d6df2f489e809d507a41ac01390

SHA512
9401b3af6b0f048192a6f1c9f43964f4343c40c0d20e6b7e995d3409d1f7e9cdc5290124d8d28006b18d2936547cda6ed493cf0be19deb9f124bc486bd1ed978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\json.cp39-win_amd64.pyd

Filesize
69KB

MD5
b3dd07e9382a01627c4780505f112cea

SHA1
ed5afecdcc9677c8fc3a2bad5982843e1405addf

SHA256
6c61149f8ba5a17ae445d120c7ae9f3386fa60f460256dcf76e6e3decf77dece

SHA512
2c1c676f475f02657e3a50960d365fd6dad03bcc29849603934ee8c422d6d035ef9864bbcbff0d79146337ddc6a3e5149296a28b401d79c31d2f8ed9eb1e1ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\networks.cp39-win_amd64.pyd

Filesize
243KB

MD5
d3556de0ffaeb2e127c8e75aa9955feb

SHA1
2694947e51df65b3d7df57aa2b08a6444b453327

SHA256
296215dfb807aead16d4fedaf64009fbd0879f7684ff81d55f497082e4e8ef7c

SHA512
cc5bd4816f87caedd14a0e7e08e640296734f8c56efe93bd17a2fd3720739401acc0f3d9730c2685d05d98fa892713c602197e06499f09b21d2f865e836bb572

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\typing.cp39-win_amd64.pyd

Filesize
198KB

MD5
bd16bab4301ad671700fa5d4f298c013

SHA1
4ad3d28b93ef5c7f4d1d8f903f1450a4a264a78e

SHA256
b86a4eab7c0b1a8288ab2a6ced9b22f6e9351a2ce7dc8eb78e2decaac662ef6d

SHA512
b649889a3de310e8a4aae3716364ca86125db0c6c3a261cb21e0315facf25671a56313bcffdad93fd474d9608a52531ffd65589d2ae49cd0f71b5bc606e1f6de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\utils.cp39-win_amd64.pyd

Filesize
286KB

MD5
e2e93c355c94f80a1553f049aa2edf56

SHA1
9112f69c4271a831bd3bad637abd98274facf936

SHA256
54e00508d1e90f8d58970e89bd682c9278ca09bec279e05da628fab749132513

SHA512
b7d57996cc4ae1394464804e0cb5c34d61f72705229b394d17e2f92704e4b775c5c0c21a8f10bd725f660b612cff32ea2bb3a077ca70bdc870b91311bd87a03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\validators.cp39-win_amd64.pyd

Filesize
265KB

MD5
3afb519490a5b0f135737288597dbf72

SHA1
6afbbab7869f80623b8a0ebbf9be12952c3cc63c

SHA256
253bfaba44d191fe8757ca593375d15d4dfb423e657b4fda6e5832be96d0c9bf

SHA512
34f3c8818371e293973f9d1ab926c621d6c2ddff237460623403cf85cb675351d710fb677875143a3c985d3520453608484bac6244a42b4407b1c71434a27220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\pydantic\version.cp39-win_amd64.pyd

Filesize
52KB

MD5
ecec157f89f5f77fc92b3a3d13db2028

SHA1
f770aca2e2557aa1ab156c810fcb54e794d04438

SHA256
ccc9bdc1683da9226cf504b1790db93d8e75f32c3bd22b4aede805d86f7698fb

SHA512
1502e7cd0d5b4b40b0593805a8540c1eedff96d8b120e8306dc7108225fa293327f1722ce156383d21467855e27a67c76839e6db6996c57da7f699f9d7e9c21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\select.pyd

Filesize
29KB

MD5
35bb285678b249770dda3f8a15724593

SHA1
a91031d56097a4cbf800a6960e229e689ba63099

SHA256
71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3

SHA512
956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22442\ucrtbase.dll

Filesize
1.1MB

MD5
b0397bb83c9d579224e464eebf40a090

SHA1
81efdfe57225dfe581aafb930347535f08f2f4ce

SHA256
d2ebd8719455ae4634d00fd0d0eb0c3ad75054fee4ff545346a1524e5d7e3a66

SHA512
e72a4378ed93cfb3da60d69af8103a0dcb9a69a86ee42f004db29771b00a606fbc9cbc37f3daa155d1d5fe85f82c87ca9898a39c7274462fcf5c4420f0581ab3

Download Submit