016efbce5a0ba08f7f37050539ef46d078ac7868668243447da97638a6da1751

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

seraph.exe
Size

11.7MB
MD5

1d8baa7670f611b4c4cb4184f01cfbe2
SHA1

2c5e6122b39b9b8643a52691db740efc5309cc0f
SHA256

016efbce5a0ba08f7f37050539ef46d078ac7868668243447da97638a6da1751
SHA512

9f920d1b98e1349daac613d7ec55a964758feea5df91d5c6e6535f49b3d5623eebec09851809e38fe4b6d6275261ec74276d5b27b32d07b3753feb26a92313fb
SSDEEP

196608:PrDev/D9onJ5hrZERdW3q+09iq2pPefB2WZufOuD9L0KyPgVFccckLQuOHGvitfx:/evb9c5hlERblh2pW2WmfDZDkULvel

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 24 IoCs

Processes:

seraph.exe

pid	process
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe
796	seraph.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

seraph.exe

pid process

796 seraph.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

seraph.exe

description pid process

Token: SeDebugPrivilege 796 seraph.exe

description	pid	process
Token: SeDebugPrivilege	796	seraph.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

seraph.exeseraph.execmd.exe

description	pid	process	target process
PID 3892 wrote to memory of 796	3892	seraph.exe	seraph.exe
PID 3892 wrote to memory of 796	3892	seraph.exe	seraph.exe
PID 796 wrote to memory of 8628	796	seraph.exe	cmd.exe
PID 796 wrote to memory of 8628	796	seraph.exe	cmd.exe
PID 8628 wrote to memory of 8644	8628	cmd.exe	mode.com
PID 8628 wrote to memory of 8644	8628	cmd.exe	mode.com

C:\Users\Admin\AppData\Local\Temp\seraph.exe
"C:\Users\Admin\AppData\Local\Temp\seraph.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3892

C:\Users\Admin\AppData\Local\Temp\seraph.exe
"C:\Users\Admin\AppData\Local\Temp\seraph.exe"
2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls & title [Seraph Sniper] - Loading & mode 70,20
3⤵
- Suspicious use of WriteProcessMemory
PID:8628

C:\Windows\system32\mode.com
mode 70,20
4⤵
PID:8644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI38922\VCRUNTIME140.dll
Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_asyncio.pyd
Filesize
62KB

MD5
8cf9a316051bfc50f6dc343128b9c4e0

SHA1
3659ba74d2bc5b7d7ee806b95af71ec4dec76c13

SHA256
f934719bea056a98446e786de88cda8f76afe9a29e67121950b17caafc2799c8

SHA512
ad0e1fbf6744ae6d58768301e5ddc93eb2bf24f33bc49588097a03af915d51b296d815a36d9eefd671701289802075b1c850e8a5f4f453a81f0d53b28e65d6ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_bz2.pyd
Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_ctypes.pyd
Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_hashlib.pyd
Filesize
45KB

MD5
496cde3c381c8e33186354631dfad0f1

SHA1
cbdb280ecb54469fd1987b9eff666d519e20249f

SHA256
f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

SHA512
f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_lzma.pyd
Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_overlapped.pyd
Filesize
44KB

MD5
724c5f1347a77318bdfa4942a71ffdfd

SHA1
a284eeca1d336e9148de2a69d3728971b6cfa43e

SHA256
03ef0f32653e78901649b3207340c914786e0455369412ca160d76f553f81faa

SHA512
21463a489524eae93c4b734a56e07096a5620e48946d6c459e0ac5e451bf397130f022e4c5d8e26a5a9880d250a5d7ee0e4f508d66a174efb08d870c62a2d497

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_pytransform.dll
Filesize
1.1MB

MD5
064817ba66850b2e03f21d6dea576fbc

SHA1
5eadf36996381f3e3aa37a8275ff97e8e9d03057

SHA256
ff5e84aca9fbab071bb5b6a0841c1e06ca25a2750bccb43a7a6db80f56bc1356

SHA512
ec446325ed62222f0c0dc858a5e1c35fee89c272908a9657f4321e3756494a89da3bf8ea54f963f2d3d9cecf59d10281a56a72fc0498c9b1eec2edab82ac658f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_queue.pyd
Filesize
27KB

MD5
1707a6aeeb0278ee445e86ee4354c86c

SHA1
50c30823b1dc995a03f5989c774d6541e5eaaef9

SHA256
dd8c39ff48de02f3f74256a61bf3d9d7e411c051dd4205ca51446b909458f0cd

SHA512
404b99b8c70de1d5e6a4f747df44f514a4b6480b6c30b468f35e9e0257fd75c1a480641bc88180f6eb50f0bd96bdcafb65bb25364c0757a6e601090ae5989838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_socket.pyd
Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\_ssl.pyd
Filesize
150KB

MD5
fefbb91866778278460e16e44cfb8151

SHA1
53890f03a999078b70b921b104df198f2f481a7c

SHA256
8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

SHA512
449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\base_library.zip
Filesize
768KB

MD5
83892d53f470482ea0096abe9b568de6

SHA1
c3ff63b58f05908b8a018c021532839080bca0fc

SHA256
2b5a96134fda4439a4f9b4ba1ac9298ee431a7a0deda69caa859dd7f0ab60b61

SHA512
bff745508fb925cd386936fa1c79be4a7444319078ea10175ca2f04868165dde27576bf09414ea3291772f07adb41f2c126f884607f2046cbde801745c666196

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\certifi\cacert.pem
Filesize
257KB

MD5
1ba3b44f73a6b25711063ea5232f4883

SHA1
1b1a84804f896b7085924f8bf0431721f3b5bdbe

SHA256
bb77f13d3fbec9e98bbf28ac95046b44196c7d8f55ab7720061e99991a829197

SHA512
0dd2a14331308b1de757d56fab43678431e0ad6f5f5b12c32fa515d142bd955f8be690b724e07f41951dd03c9fee00e604f4e0b9309da3ea438c8e9b56ca581b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\libssl-1_1.dll
Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\multidict\_multidict.cp38-win_amd64.pyd
Filesize
43KB

MD5
4d07e807a855be02a94c292dc66cb379

SHA1
2d8d742a1179627f1fd702430c3ee106b72988aa

SHA256
6ccb02ca328a9df23d5f5c7ce58fbf7b9f84474c801230c6c42eab171ed83744

SHA512
1576744a545abc7158525ec0e0e7930a7ed14016ce4d3ea157261e6be204a5e490937387718fe9b444f0d5ccfff866cd3426c1481ec31e293f59928d097895d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\psutil\_psutil_windows.cp38-win_amd64.pyd
Filesize
76KB

MD5
81467ae2ccfd303b3ae249b271d02393

SHA1
025316c0ffd42bb6085731596b5e5cf36a2ee400

SHA256
b8dfb9df359c67334c017a8bdcad257e4ed5ef1637761acf40d19c4df040f8e1

SHA512
3d4f02a97298d894e351514c9d719730b7de4baace38fcf395275bdde399158d35d10533a5ae762c24b748594e64109112a8d88f1b76b15beb2af47bc7db272e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\python38.dll
Filesize
4.0MB

MD5
3cd1e87aeb3d0037d52c8e51030e1084

SHA1
49ecd5f6a55f26b0fb3aeb4929868b93cc4ec8af

SHA256
13f7c38dc27777a507d4b7f0bd95d9b359925f6f5bf8d0465fe91e0976b610c8

SHA512
497e48a379885fdd69a770012e31cd2a62536953e317bb28e3a50fdb177e202f8869ea58fc11802909cabb0552d8c8850537e9fb4ead7dd14a99f67283182340

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\pythoncom38.dll
Filesize
559KB

MD5
5aaf39c3dc5d37ee70d0f8faa0de695e

SHA1
69b7cc9c612af39ee1dabdfb6e84c81a22d08c10

SHA256
b53b1372b4f48a5bee76b6354823a6f8e9a9b7b8b3cc25119258451d032261f7

SHA512
236decda868dcfa617d538a2876a06d0e40ce6889f1284d92d9d1e3c3d16f31aadac269d6ab9266fda6afcc8b691cb462bd747bb8f21f98e44eecf11014fc9a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\pywintypes38.dll
Filesize
139KB

MD5
4e2d48b0e2bc0d1b0a61be486b865fdd

SHA1
95fb013f66c28578dbe9db06e93e6085828a7324

SHA256
bff7b09303260eaf01ba73687d979ce6d1d50458426686bea7b01dea5db446d4

SHA512
d5aa94805bf97b51ba986c60e1401608bc547f1fed0e07f25f6b3ca2bf86167002830aa18c74cb68cf6f51aa60912036678a276971af56754753a1f01ac8d13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\select.pyd
Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\unicodedata.pyd
Filesize
1.0MB

MD5
84fb421643cab316ce623aa84395a950

SHA1
4fba083864b3811b8a09644d559186ecb347c387

SHA256
5578c3054f8846be86e686fb73b62b1f931d3ed1a7859b87925a96774371dba4

SHA512
a2132f93b0e4292dc9c32da2a6478769ec4f58be5c36ee2701e2a66154ea1dc2c0684fc7698e7c3ac04f5c1d366cb9633a9366e5a38b7ff7a964ff25ea266f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\win32api.pyd
Filesize
131KB

MD5
87a1f5111634f5531efccfdd931b4d42

SHA1
0401252123d36f932870cdeabe5d75db9d432ffa

SHA256
9a562e6431427c52d213c17af815c82ee704ab9fced76837647cc1838126d96f

SHA512
a15080f2cca0dae4925d0ac246966c433ea8847502c880ec784102de3bc1daf949eafe34ac9916bb7b072a7d86ab7da7f55ffb31d9cb4673067a42049ae7bf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38922\yarl\_quoting_c.cp38-win_amd64.pyd
Filesize
82KB

MD5
5e21f62dac88940f71ac4565f638d9ab

SHA1
413514697329983802a0901025b9ea07a56e6a1d

SHA256
ab58b179ebf608f205b78cbd818680e002fba9f7fe5d3996f2321778e1293e37

SHA512
399efde2a81db7cd432f29dbc5c601b9496fce53d9bde59ea3bb0d33cce18857d620d15d2a003eae837e6374d6e501080ce69010f3d59670aebf648abf36f07a

Download Submit
memory/796-127-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-99-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-129-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-133-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-125-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-123-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-121-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-119-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-117-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-115-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-113-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-111-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-109-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-107-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-105-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-103-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-101-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-131-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-97-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-95-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-93-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-91-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-89-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-87-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-85-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-83-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-81-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-79-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-77-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-75-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-73-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-71-0x000002A4C8B30000-0x000002A4C8B31000-memory.dmp

Filesize
4KB

Download
memory/796-70-0x000002A4C8B20000-0x000002A4C8B21000-memory.dmp

Filesize
4KB

Download