a7d378ce817bfd39d72bb5490612e9d0e0131c84172498dba51798a946949edb

Analysis

max time kernel
1s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27-05-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallet.exe
Size

27.7MB
MD5

0c5c44ff25692bb044036662ff9e9f24
SHA1

bc5b62197445431293ba6164f659247b9325dffc
SHA256

a7d378ce817bfd39d72bb5490612e9d0e0131c84172498dba51798a946949edb
SHA512

6223058a6f6155aa6cf41b7cc1d1cb9f7618c14fd5bfae007beffa21594913fa3f339f35f0a4ae0e959adb130d75334ec302f7182cd9e4fbdbfacdbd30bfcdf1
SSDEEP

786432:IF8WWxUdUd1LRphkc3FphBWGlso5EYW8GU8VM3WydH2:IF8WWxUUddRzFphBZd5E7U8VM37V2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

Processes:

wallet.exe

pid	process
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe
2284	wallet.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wallet.exe

description	pid	process	target process
PID 3180 wrote to memory of 2284	3180	wallet.exe	wallet.exe
PID 3180 wrote to memory of 2284	3180	wallet.exe	wallet.exe
PID 3180 wrote to memory of 2284	3180	wallet.exe	wallet.exe

C:\Users\Admin\AppData\Local\Temp\wallet.exe
"C:\Users\Admin\AppData\Local\Temp\wallet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3180

C:\Users\Admin\AppData\Local\Temp\wallet.exe
"C:\Users\Admin\AppData\Local\Temp\wallet.exe"
2⤵
- Loads dropped DLL
PID:2284

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\Qt5\bin\MSVCP140.dll
Filesize
443KB

MD5
eceff9c92e14b580ea84365f3d60f7de

SHA1
00699126456379fa48cb122e21b7f4731a72c57c

SHA256
265591a709a5db413d73c95b538da321edeacb40059bdceb142f997a3d458b49

SHA512
fd325d77eb2c30e1cd1b2d871986e057318c1be911793521c7bf79fb2c5dc359cb7db90c6d6c5711fedd734b6b03117b8baf241dfbd78585cf55a25983ec8727

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\Qt5\bin\MSVCP140_1.dll
Filesize
28KB

MD5
7f71f19f30be3942ee0efddc145d459e

SHA1
863048cf8a9692bf43317326c5aa918389546282

SHA256
b8cafc52b903ed0824882365b0a0d438460260b4ddf2487849eb3bd2241f7e8d

SHA512
4fdfbc7524445eb443e189f64d9732c5c28ace689c9556b67c8f3647ba7f18b02521deeae4fb8138f5f550ee34efdb2ab2b6ffea3a43d184a26bdfce700b2dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\Qt5\bin\Qt5Core.dll
Filesize
5.1MB

MD5
7d180286e9c071c7bc3a6bc2ace792ac

SHA1
f5947d69aeaacc8a378721f3750b049cc41dddef

SHA256
4f8dc460162407cfccb1be6ef9cce45c4449de838aeffa3fd33378f01a3f9cc4

SHA512
9b30d5dd48e736da770e71622b79da294829621565cfc4d995ca31c8cfbbbe2d577677f4240e0ff2d995deeeb5f894018412596c141e8360dd77bf12596ce167

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\Qt5\bin\Qt5Gui.dll
Filesize
5.6MB

MD5
5b0f3d5b1b29b5e650375093c7afa243

SHA1
1920cbc98bd46a3a72bcfb45caefcfa2649a92e6

SHA256
80016776efea2b2a838c3ffa4c82e5f146baff68c36073c0c34668809d1c4297

SHA512
9db9a90ab5a1a768e079cf9b10f1da868ac7dae774e90e139ee047c9c8fb43cc5b3e01ae3724ea74efd64409eeeafbcda4f04da3e86265575a3831a4fc69cc8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\Qt5\bin\Qt5Widgets.dll
Filesize
4.3MB

MD5
da70580648a398ab1c5336ee9ec631ca

SHA1
fa67a8a2d7f7930a45974dcb7a12e56914bf0a57

SHA256
600285754e7eee7239b9d252dbed5c9d2c9c4c432751b8953dcb2e8b45e0408a

SHA512
83d85df1717a5b1dd5b31f5ab33e73d1442027a719af7fdcd20d578598f436d63e7cf58287cbe34dbee8d5b0464a68dfd471d8ec6a95a3168eb8639864a7adfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\QtCore.pyd
Filesize
1.8MB

MD5
b73acca94a2141dc10a1715cbdae271c

SHA1
d43f3251670d627704c70c49be10697ba6582f6d

SHA256
dbd2ff2fc6e6f4e3a2424d4de34c2552b33f4a4d33487cbe0acd0e0960627688

SHA512
cdd9c3ab660d25aabd67247a58f63cd84aa72798afa32fa072d0b984276d708eddf082bedce2ffdb9424d19cd3753f1bf1619dcaf7fdf04a09a6c8d0536bd6cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\QtGui.pyd
Filesize
1.9MB

MD5
18d04794162f1a74d0ecc976e2a83401

SHA1
80e218d09340cd6e184b61af58f2b653befb3d4c

SHA256
cec60d4882a55057fcf4f50d03c27932363348f511dac2d80c5fb4db1ea16198

SHA512
c2822914bd13d53fbe97d991e92f99377e5e1172465b3f95a4cf968d3a4e3009bf7f3c348d65d4ea227a53aeff8525ea35c5fce919566a8ef6fa842cb428e500

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\QtWidgets.pyd
Filesize
3.7MB

MD5
830dcf2394bd0422395bacd7713e3590

SHA1
fa723c1fd742fe8b3b4d8d7476abe3c977f76438

SHA256
110d29dffdb5ce78a750da40f6c29a39f2cbccbd979c7ef2ae49ff876e1ed396

SHA512
09406e6dc5aa9db243ed137dbca13c7df432b36353425bfc37b8e01bb86d1dedd5a76176826bed909852d5d3d1f077590e28e775b0ad336db7a3ad871a4b8f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\PyQt5\sip.cp38-win32.pyd
Filesize
91KB

MD5
37a80322f19b167aa84eb55fb5d06d53

SHA1
caa428a8530eb2b7d8cb1b3971ff925cd064945b

SHA256
aee5688fa665f82196fd0d4e868c82b1fe868edf9e86df648c07ad608da35fee

SHA512
86a165eaa3d8993ccaadc3c9f8f65d5888025cfb2192bcae9b3e0b2be643c8627b1f632cb7fe252288b66e4ee622cc2e381a4381dd0c75f65d0c99ffae07d4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\_ctypes.pyd
Filesize
108KB

MD5
36bf6ffd59c04075d50f245ef5de2ab9

SHA1
be48f0e161f2c4c3aec50f46ea8f4dd030aa561c

SHA256
7c11a5b8cbaeb0cd34544a7e4949c1b2a61cc78392c0155c0156306e6ff602e0

SHA512
da3851bbc88d16d142d9401b3c0eb238405b711aa047d183f02b4991880f7c33eaf6f5f137dc301cb5505f7aea849175987255518086e674b2964ab153b92969

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\base_library.zip
Filesize
1003KB

MD5
1a103eebe434013dffd2df1f6848b225

SHA1
f4b8e304356daca79acbcbb250363344e4ac7d9e

SHA256
bf738e24e09035f3fb83751313ad4d68719173d991e45c58500b6cfd28a0b760

SHA512
0c5c7a834961c13e838b8b86b6f8a8ca827e15d3835ae93fd0624f55e1555c668f3579f09c108fb1f479122b19eee7d2aca9c68c95436dee14d914d8d98a13d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\libffi-7.dll
Filesize
28KB

MD5
64fd05751201bbe3e29fa3a8aa600b5e

SHA1
9e069feff5e961b60c2aa57f0e5265ec898ccb7e

SHA256
8f88c66fd8e046a57deb7d263efb9d79092b1a55fd7f08df7f430654b47ace09

SHA512
79eddef381db46d858a211a9e6167a0504f880a0207a01183834ffe5c762ccd4faf436e55fba22a28a4fd0c8ccfd0e63534fa971a8136e564ed5f7206630aa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\python3.dll
Filesize
57KB

MD5
eb1eb76f5a9964173d7f6e0fb4ab95a7

SHA1
788b9c85e650d9d0fa286728cb1484d3408e9d5b

SHA256
84a6926d212d1cbd2ddfad1134e9d02a32076d968b9ddcf7648e1c839281b6f1

SHA512
8772abd8e1d5198cc8acd20cfc7f078fc42148c33d04d1f211f6999210965996d3d97453c7336885b8ae347929099905b701d941d070c2568b86e93b57da0b86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31802\python38.dll
Filesize
3.7MB

MD5
5eb4227ca3526a3c287a3fecc9a91b92

SHA1
35e1cb934a88d1fea2a595b1b48033804d9beeb0

SHA256
c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31

SHA512
515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679

Download Submit
memory/2284-104-0x0000000073630000-0x00000000739E7000-memory.dmp

Filesize
3.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads