64a0f7c332584085cebe594904a747a0d3a6061599d109577e6d392bcc66afb7

Analysis

max time kernel
23s
max time network
16s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3rd-person-hold.exe
Size

4.3MB
MD5

e0e0396281db5fc74aaa1ae5b6321b2d
SHA1

4d76ef538e971897b721e9ce126c9f570f3c052a
SHA256

64a0f7c332584085cebe594904a747a0d3a6061599d109577e6d392bcc66afb7
SHA512

8abbc64b7260daa76f7be61a4305eaeecc489b1e9d255be69ec4f40c2d59645b204b30a1db4c4789352a4a769b9e613db5cd6ae71f7e898ceae54369d93e8d50
SSDEEP

98304:lF6qXHirMWMJPfW4O/7JN+GGJo95d5BU6TDynHDIxd0dpg84P6xEqJduvx:RXirMWM1fw995dLU6TWHyd0dW8EaMvx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

3rd-person-hold.exe

pid	process
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe
2344	3rd-person-hold.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

3rd-person-hold.exe

pid process

2344 3rd-person-hold.exe
2344 3rd-person-hold.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

3rd-person-hold.exe3rd-person-hold.exe

description	pid	process	target process
PID 3028 wrote to memory of 2344	3028	3rd-person-hold.exe	3rd-person-hold.exe
PID 3028 wrote to memory of 2344	3028	3rd-person-hold.exe	3rd-person-hold.exe
PID 3028 wrote to memory of 2344	3028	3rd-person-hold.exe	3rd-person-hold.exe
PID 3028 wrote to memory of 2344	3028	3rd-person-hold.exe	3rd-person-hold.exe
PID 2344 wrote to memory of 2632	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2632	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2632	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2632	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2884	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2884	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2884	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2884	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2444	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2444	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2444	2344	3rd-person-hold.exe	cmd.exe
PID 2344 wrote to memory of 2444	2344	3rd-person-hold.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\3rd-person-hold.exe
"C:\Users\Admin\AppData\Local\Temp\3rd-person-hold.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\3rd-person-hold.exe
"C:\Users\Admin\AppData\Local\Temp\3rd-person-hold.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2632

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2444

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30282\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\_bz2.pyd
Filesize
72KB

MD5
852cac1ac7232c5788cba284c3122347

SHA1
377720ee26532775b302f28f27e5d7a26e8429fe

SHA256
94d02cbcfac3141ca0107253050d7b9d809fea04b42964142bed3f090783a26a

SHA512
352cee5b66556d2ea87873cbce7b04b22d65288f3df24e9c162dff465ec7d31f3d5e283edcce7bead4f3892ade009c629860d21e59bb2b6c7896371684bc9b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\_hashlib.pyd
Filesize
36KB

MD5
9aa769efac1446db1d2e4e1c39500a20

SHA1
8b99c60f749fa83bb2ab79fde561a119c0da8d3e

SHA256
de7c71c90c7f58dcdc3da159d08dda7dc297e39c5f309849290238baed7e230f

SHA512
cef3c7f56675c85669d05b72a9dc5abc3f5dc3b82c5c648c6965a25fa6e013ddccbff5adb57423b2bbee17b09ffcc79d29911d3dec73011786fcd65d13a9a237

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\_lzma.pyd
Filesize
181KB

MD5
52e990da9f33d0ef2b83a0b52d42dcd6

SHA1
bc498f0cc9056cb0061d96559c2e3b4f7af95e61

SHA256
17fd3a2750e61fb164f3a9e8e021a0a3b5de107a3cc4c798e127618034e09d6f

SHA512
ecf1462e6ca6422a0d405227aff615ca8876390cbced54c3b46d5c94b0e55f63bf0f99b9bc2c684d90e064fbf52a62f27f96b2502d2c2ba1511c03a280d3f34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\_queue.pyd
Filesize
24KB

MD5
bcf5440a884ef33df02ce124557d0c2c

SHA1
dc2e7e3c1d6f730b1b5e3f9487ceef755a033282

SHA256
2f2f30a6b697b7ba7c09db16ec04517c85cdfab13f142b9c810fdf9983522129

SHA512
fc2d9b6c6b3c619cc13b24021dff37f94c057ded40630938c2b3777d9e48d212541c58b6f070af65bb1d0185077b360143fb4a86e225c6ab052a1841f8d0f204

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\_socket.pyd
Filesize
67KB

MD5
f7d2fe8cddeded1210b06af09b0fad3c

SHA1
1c54bb73326dc04a34e81c10efab52e5a9a485de

SHA256
c56088832a09820abfd45135ac3874117d0cfe669e982314fdc3fe73ca195dee

SHA512
a8e1391add36b29968be7dc8500bf1c7cefa301e2a45c88cda2158e9104635fbb00320b25b142c1177abd3ba7a6d2f27d7d257d07236067b5c0b0be4a3f62c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\base_library.zip
Filesize
821KB

MD5
a3aabd122c0100e172a431b1b1b1b4c5

SHA1
470647b419a8060c532f75807ed2512d9ed813a9

SHA256
1cf02be67852d09da401de5d78243aa8dec00481729853a0e8d3d0ce1444139f

SHA512
26d3bb1351a7bf1d7694ddc43b0046062e88a288d231f8d5b39c00dd14961e34e4d829800b2663c3f851b3288f02d1d2535b3ad5ebd545d535a32ffed100eff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\libcrypto-1_1.dll
Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\libffi-7.dll
Filesize
28KB

MD5
64fd05751201bbe3e29fa3a8aa600b5e

SHA1
9e069feff5e961b60c2aa57f0e5265ec898ccb7e

SHA256
8f88c66fd8e046a57deb7d263efb9d79092b1a55fd7f08df7f430654b47ace09

SHA512
79eddef381db46d858a211a9e6167a0504f880a0207a01183834ffe5c762ccd4faf436e55fba22a28a4fd0c8ccfd0e63534fa971a8136e564ed5f7206630aa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\python38.dll
Filesize
3.7MB

MD5
5eb4227ca3526a3c287a3fecc9a91b92

SHA1
35e1cb934a88d1fea2a595b1b48033804d9beeb0

SHA256
c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31

SHA512
515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\select.pyd
Filesize
23KB

MD5
92e930e2c79c7eb898a9843c118cd20f

SHA1
027faf19a7fff169d4e1dd4ff6cb8ef33713b9d4

SHA256
a32041001a74d80482a6f7fa252bb9ba916435b09cd60d3700f6af049b819500

SHA512
a1edb95bdcd847940c9640e346b4fa757acc90b96e6d7676a0a68d408dce612be61ca2e16a7bff6aceb3571ca831f609100e8531f94a7a2ea085fb8d7b62f23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30282\unicodedata.pyd
Filesize
1.0MB

MD5
95985535fb076ace3b57f55d0131b741

SHA1
3e6e2e898436d75c05a4b8aa2e952271a64ff877

SHA256
1766a0a24b3ddd0bfa45f2c631325b05d2b3102a61c3ed73a8f6485d18f6fe94

SHA512
c10e196a654db57de8194baf181e23644945074cb7e86fba4d0675545b0f139b46e4af0ab0e96064fd5ed0c649e574eb5e8b2c16fe592a4ea41b68570abd07e6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30282\_ctypes.pyd
Filesize
108KB

MD5
36bf6ffd59c04075d50f245ef5de2ab9

SHA1
be48f0e161f2c4c3aec50f46ea8f4dd030aa561c

SHA256
7c11a5b8cbaeb0cd34544a7e4949c1b2a61cc78392c0155c0156306e6ff602e0

SHA512
da3851bbc88d16d142d9401b3c0eb238405b711aa047d183f02b4991880f7c33eaf6f5f137dc301cb5505f7aea849175987255518086e674b2964ab153b92969

Download Submit
memory/2344-34-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads