477fb4b12e03884dfe0f8485b26bc4c19b6472622c16aa531355cac57d65a110

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Get_info.exe
Size

7.2MB
MD5

eb2d96e41d0d22ac6cf680a18cc548df
SHA1

1ad79839fdfb502c794c6211f245a0f95bf7fd6c
SHA256

477fb4b12e03884dfe0f8485b26bc4c19b6472622c16aa531355cac57d65a110
SHA512

b74d74e4d072517699b07d69668454481849bb7ff117afdb659c7a809445861ab0003bf317f062e53b89162ff53f20b93ba12997e1ff5472fc4ab58d12c3ebd6
SSDEEP

196608:aTqv8ZZ5dQmR8dA6lp48Qnf2ODjMnGydS8T9OrqOSWZVq:bqZ5dQJlpwF3MnG38BOrqns

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

Processes:

Get_info.exe

pid	process
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe
2760	Get_info.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Get_info.exe

description pid process

Token: SeDebugPrivilege 2760 Get_info.exe

description	pid	process
Token: SeDebugPrivilege	2760	Get_info.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Get_info.exeGet_info.exe

description	pid	process	target process
PID 3484 wrote to memory of 2760	3484	Get_info.exe	Get_info.exe
PID 3484 wrote to memory of 2760	3484	Get_info.exe	Get_info.exe
PID 2760 wrote to memory of 3020	2760	Get_info.exe	cmd.exe
PID 2760 wrote to memory of 3020	2760	Get_info.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Get_info.exe
"C:\Users\Admin\AppData\Local\Temp\Get_info.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3484

C:\Users\Admin\AppData\Local\Temp\Get_info.exe
"C:\Users\Admin\AppData\Local\Temp\Get_info.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI34842\VCRUNTIME140.dll
Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_bz2.pyd
Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_ctypes.pyd
Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_lzma.pyd
Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_socket.pyd
Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\base_library.zip
Filesize
1.7MB

MD5
e3e6e5e5b3cd94fccd067f79a476a131

SHA1
a7410ded1df9cd5b28cd33b037c33da431e2fad6

SHA256
abce5c8e60e9335ea25fd5c6132129f3b6e9ac3ba62bf88bc69e39b01223f1d5

SHA512
582a8bb72349c7390d34511b448c6c9105852a2f73846da317df9d88ab269339f5ae5f7c4857fe62b9104a024c54712575c56c4a35e46f6a55bc413b9bc93a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\libffi-8.dll
Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\psutil\_psutil_windows.pyd
Filesize
75KB

MD5
5e9fc79283d08421683cb9e08ae5bf15

SHA1
b3021534d2647d90cd6d445772d2e362a04d5ddf

SHA256
d5685e38faccdf97ce6ffe4cf53cbfcf48bb20bf83abe316fba81d1abd093cb6

SHA512
9133011ae8eb0110da9f72a18d26bbc57098a74983af8374d1247b9a336ee32db287ed26f4d010d31a7d64eacdc9cf99a75faab194eff25b04299e5761af1a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\python3.dll
Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\python311.dll
Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\select.pyd
Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit