b557839f4cbd5619a508e85ead1e99fcc56cead43ef1b817ee083ccac0ca3db7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

7.1MB
MD5

a256c2e15e8f49b4df4d5def951d4ea8
SHA1

50f32d65df4722991463ea7bffc6bd3a2939c306
SHA256

b557839f4cbd5619a508e85ead1e99fcc56cead43ef1b817ee083ccac0ca3db7
SHA512

632a36234529fad1eb0030861376c971a7eaee5e4d08f7c4c00dc80e5f8fe09d726431c22790c1cc3721e6a5f382060304d54cbad9eadf393a68beaaeaee7106
SSDEEP

196608:VdMymH0n/tS2VAVe68/vkMUUdJ+P3+NxDppx:rMyucA2urSH+P3+NDp

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 20 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI42282\python38.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ctypes.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libffi-7.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libcrypto-1_1.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ssl.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_hashlib.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_sqlite3.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_socket.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_queue.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_overlapped.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_multiprocessing.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_lzma.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_decimal.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_bz2.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_asyncio.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\unicodedata.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\sqlite3.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\select.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\pyexpat.pyd	acprotect
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libssl-1_1.dll	acprotect

Loads dropped DLL 6 IoCs

Processes:

source_prepared.exe

pid process

1812 source_prepared.exe
1812 source_prepared.exe
1812 source_prepared.exe
1812 source_prepared.exe
1812 source_prepared.exe
1812 source_prepared.exe

pid	process
1812	source_prepared.exe
1812	source_prepared.exe
1812	source_prepared.exe
1812	source_prepared.exe
1812	source_prepared.exe
1812	source_prepared.exe

UPX packed file 30 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI42282\python38.dll	upx
behavioral1/memory/1812-34-0x0000000075230000-0x000000007562C000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ctypes.pyd	upx
behavioral1/memory/1812-39-0x0000000075170000-0x0000000075192000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libcrypto-1_1.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ssl.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_hashlib.pyd	upx
behavioral1/memory/1812-60-0x0000000075160000-0x000000007516C000-memory.dmp	upx
behavioral1/memory/1812-63-0x0000000075150000-0x000000007515F000-memory.dmp	upx
behavioral1/memory/1812-64-0x0000000074EF0000-0x0000000075142000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_sqlite3.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_queue.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_overlapped.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_multiprocessing.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_lzma.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_decimal.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_asyncio.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\sqlite3.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\pyexpat.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libssl-1_1.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libopus-0.x64.dll	upx
behavioral1/memory/1812-69-0x0000000074EF0000-0x0000000075142000-memory.dmp	upx
behavioral1/memory/1812-68-0x0000000075150000-0x000000007515F000-memory.dmp	upx
behavioral1/memory/1812-66-0x0000000075170000-0x0000000075192000-memory.dmp	upx
behavioral1/memory/1812-65-0x0000000075230000-0x000000007562C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

source_prepared.exe

description	pid	process	target process
PID 4228 wrote to memory of 1812	4228	source_prepared.exe	source_prepared.exe
PID 4228 wrote to memory of 1812	4228	source_prepared.exe	source_prepared.exe
PID 4228 wrote to memory of 1812	4228	source_prepared.exe	source_prepared.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
2⤵
- Loads dropped DLL
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI42282\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_asyncio.pyd
Filesize
29KB

MD5
7703a42fb1f1f3afb50aab029ff3da94

SHA1
d7413fa82fc9ec998d80900a12a2256b2730b488

SHA256
c57d57c5cd943726705e131a81061ccda7b8b7e9ed4ac511a819abd181e89864

SHA512
7447e04236e2d3d77cd1489d2c10f2c8b95cbd7ec3f78d172c255dcaefc951ed4fc6e8d54580f67066d51b84edcfbde7016a52a85530023eec3cd79b847564e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_bz2.pyd
Filesize
41KB

MD5
b5fe02c90a8dab9bf1def31356d4d404

SHA1
111cf8f6da1856d042dadc354fca41253c07a980

SHA256
0838679e8c3680a94b9e980b16ad894c20bd0782efdb5cd24bb925cde5da1346

SHA512
ffe4e0f979f0762588f6fc99b4d32285290a3990bd5d4c5e9f7d6838468e31b09beafae30018a6e06709bfd0fc9046b07976ef8085a4c5c1781cdae6bd581370

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ctypes.pyd
Filesize
49KB

MD5
22363de575467d30e94b1ebd77dbde97

SHA1
39c1d0ac327f2f006d846aa1156eb96d742f9d8d

SHA256
7c49383319c1d970348b6a86302373cdc0a20fffeca1468abcedd90e83dcfa34

SHA512
96f3e499ba548c86fb25249a9b2fae92594d1a1a1c43752223ced65529a7c8bdbcebae620bd5a52afa7b48acc0ee2b3380b0711194a1ca19f8b090e3e37b86a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_decimal.pyd
Filesize
81KB

MD5
9c595179a352d128b181b57f521d3ef4

SHA1
379c731913ec4a9dd434cf538104f2c540e3affa

SHA256
e155fb86adce526de7c598ae3e071c062086e438050ed1ff47b1cea4b9da4f02

SHA512
ee43d64d195cee1011e8da0b3de85f662a36716642ec5bc017c8c0b79b8f166c8d7878da173c4435cbd32f21ec71675776e1e31e23659ece3193f853ebe814fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_hashlib.pyd
Filesize
23KB

MD5
d37bb357a6925c850e33d11aabd801cd

SHA1
9ac215dca21675fab0b9cb91ec49ab8517dfecf4

SHA256
c1cb1bc088be544232512a5965d0134ddcf8961799ef756a73c02177ddd5f13d

SHA512
1d34e73d38b628608b9b5353dc08a79c48b83426ca871081ed169984b47c68fbb688f5de0863fda92bedd5db4773a98f7b25cc6959008f68b97998ba794590f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_lzma.pyd
Filesize
76KB

MD5
59dd53517c9c41d7d8807e6fce03a487

SHA1
596ef04c924030ab98958e466871c91ae97ff321

SHA256
75161e65cf2b1cb375ae20e998be956f4c2f9ee0ce8db9521b1b0822d83f3a38

SHA512
650be66e69f1444dbe27c80e544f0a6278763153e6aea98f2792b61fe153e2d08c1eabe68fce802d9743b5dea2c53dc74cf3054704ea51ce2c691ef6231f801a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_multiprocessing.pyd
Filesize
20KB

MD5
e3f5fedb0d9b3477733bd550d786bd1f

SHA1
0e19e85365ea70d8c4fdb034b1e01c3d8426021a

SHA256
76463c6d1c623d7a025869a95072e35090652f8c0ca12b8eef7eb2112d36ee6c

SHA512
9f7fcf14c8754f2676dc69a5b95a6ae78b7f2c00dc7232ab33f255c0202771a52db5fd033c2102aba96b2480256e0a160aea99c6a028ac9ac6485e5c59b84ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_overlapped.pyd
Filesize
23KB

MD5
d9bcd3f24495a5373d1fc683cddbd767

SHA1
db3e44292502d13d73b2b1d067058c5f719800ac

SHA256
298ef595cdef2b1bd408c49cb180b66e70ec4a77647218b5ab8f6fd502493862

SHA512
d0eca910a80ab0824ad7fb4920522e830da5495d99e417c56a3dc5041d5669d9db149d60d32960c93dc71590f89afe6bae1b438164ca3ecbc87f5ce4a0419c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_queue.pyd
Filesize
20KB

MD5
a6a224be31301d99165fb1be3563c0e2

SHA1
0e8314ee7153ff684e2c3dd52a60efec8ece3f46

SHA256
c455742b742dcbf3f0d5b19dc6c3feaa665d89cdf77fa3d88d75cfa8e3e408ab

SHA512
fb35c403638636f081432c1d8a4edd630c0d527f23f45513f4eff8b13ea6a70822f532d3daeab02e085f997c6796c195ed9fbe2bee7703603ab168b62919cbfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_socket.pyd
Filesize
34KB

MD5
1c1f6d42de40c9a55cb6d0774cf348a5

SHA1
1b936b0fe510f46eff6b7d2eb0489eeaf957d2fd

SHA256
d7ea26ad1d242c00846bc82b4c1c8820b5dc8c63d07f97358b01b917949376e1

SHA512
fab5063c9afd35818cea65677d402b136c0841a52e05d8e18de7dcbe0fe4a32ec320568a26401fe0b6e0df2fcec7e90ed57fd56d91c078a67c2c275d4d33cd3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_sqlite3.pyd
Filesize
34KB

MD5
28f5dbff537b1d8a1e0d7316753b9110

SHA1
0bad80f466b8104192a18d65844e90dc4f835ac8

SHA256
8edbb9f5484e2c149b6a7e32700cb611ac0420e1ec895607bbdd0b32620f8f80

SHA512
9a775161a151c500e5c6c499875944fa169d5a811f79362c2fcaec0bcb1a438a8f982db3353359ec35d40b86c0bc9b4ba636546f7aa36204cda98a57179cf818

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\_ssl.pyd
Filesize
46KB

MD5
4e9de64a8d77e78de4622fb916dfee25

SHA1
fe94023debd8d775de640ff368dc9fbf51acceec

SHA256
419de64b2c08c8d905b9912f391ac3a449adaf0abadf942dbc40aced07bbb73f

SHA512
d18d985467438c6939b5576b1a369e1e8189e54731bb88408513f7d793e04e17176ca607e6f8496b4b23f2758c8c279d0abf91d4e04158dcda486649b176b175

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\base_library.zip
Filesize
821KB

MD5
3e7a5a119b815c3d88da0f44287e7d9b

SHA1
4500998273be44ff898390803d4d9967db9ecb01

SHA256
f67e8b14c238da24c5d27768eeecbfb37918c63cf348b89a4201b7ee09806007

SHA512
a688936d3683590d4714ad5bb1e5c2dfa5e02cf227ddfadbce84dbcfc91eaa0a0d85a0913d288f50d9c3162a7721fb1bf9503a76f5651d4742ba4726425386c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\crypto_clipper.json
Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libcrypto-1_1.dll
Filesize
734KB

MD5
01c45d86b0828f3c391f25ea76edc47c

SHA1
4d8f1925b1fcee693ca7804995c13867fa2a5238

SHA256
e0ec45ab69b4c16f11d6650f5d67e7766293ed32355f8c5ea68699ace726090e

SHA512
841d6fc4229479586e778802a71df2013f60a0c9ce824ef23fbf1abfeebd193cf275cfa4a17e23697138945d108f15980f94c45b88323209576cda66f2852851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libffi-7.dll
Filesize
22KB

MD5
4cefa38c700cfba50badfc4af212baa3

SHA1
ac150dec57a4d33dea58684d1549b029a16ce01a

SHA256
61a641458d1f27a72d12a9734396980086d3622e238750cbf5d08b393f3fbdd7

SHA512
540ad8e7bb3c5562b1978d3e40e1181319e2bd5cd3616e9b2b3796a19200a9c6a7813cdf39fbf23ea7d3f43febc824efd49bf3f569ff8dcff97ea27b7272e4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libopus-0.x64.dll
Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\libssl-1_1.dll
Filesize
165KB

MD5
98e7389323bcaed1456aa06d43daaafc

SHA1
5fc4ccb7b84d9c42ee11713cf5f805a9876be23f

SHA256
073634dbea82ed20283d0bce9e37163028da226815e5cf1ce34fde8c57399d8b

SHA512
3460b22087a8d43478c6c91e1287c4129e26f6feb1d9984a2e02ddb72a8a7c77a3e502b64accda23f4ee8545850489c7dbd8fb3fca879b74dc083d3308132abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\pyexpat.pyd
Filesize
65KB

MD5
5f36a0509aa458d12ebfd852f6f1d312

SHA1
55e2eb493cf7f28ceaf895f3b25d9184fc90bd63

SHA256
795643e6ba953bb7c7ebf6540b1d5e8fd55995e58cce30bf8d806a072a6e8150

SHA512
77ad0e7e920d9361c335036348e4896f9f9a44286011081095503dd330568019a16e4f1fbde0c91465b1c74a0aa6863751188bb4086cb9b76bcb435fb96bc97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\python38.dll
Filesize
1.1MB

MD5
b5f6019ec835f3ef2c46bc2761331aa1

SHA1
1a19795c3069e362f3e987ef618765316764ed01

SHA256
b058235a352d58dffd23756cab72586ac945bc6f40c698aeb24e994a503e12b5

SHA512
6f7a1c329c4473de1d334a77fffe4bfe7302b483433148ecef1ee6196e3c858f4ed3cca92807eb5dc99ab18b0bd56ea85872c88e69d536acccb8610b9b3497fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\select.pyd
Filesize
19KB

MD5
a8b07c93dddefc3468147f31a526a0c4

SHA1
61ee6738fb99af25e334b6b0aadf7fc8f85ca607

SHA256
4cd57812d0b93f1115c6bb887dc871eea92d5efadf8a770b9baafdfd36fa931b

SHA512
7968f23d1d3dcad7df83b7dd8e87fa4359b46104bba8bae4113b000bdb003295b2cc0774e7732c51fdf0f77f68987fa6ecd981ba60b22a68ff39eef99d4f8326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\sqlite3.dll
Filesize
428KB

MD5
71ff5f0482c73e336f7e63a030779626

SHA1
bb80d3b9f0f21ff8db0ab1da6589c4f3117f588a

SHA256
adbee316221ef40cc95a92037a28b4638874997f96d8bee6d7d9d0ec2b0948aa

SHA512
f57b1ce200812682dcdb060ba699d5f64165da1ce2b08d8d53bb768435d731a35b4097b813a0c098421b3a72a36fd0a1989fbbce951658f33b757d6e80808361

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42282\unicodedata.pyd
Filesize
277KB

MD5
3a7a9036b00a28e4f6e6ff65e7214b08

SHA1
ba95ff187ba832569aca9a358a5be3b38af23ba8

SHA256
ae0003233439408bd8b1e61e9dab079df56a45fdc0869a2868a415c0495fe7bb

SHA512
9fa1414e42ddc23a7a94f8595461e022ee6ec170c1ecca876ef83bcb3a6be1b2a4d1546e0ea895ed6829bf63231d7eddbd7581de9b55307e8535a64ca750e42e

Download Submit
memory/1812-34-0x0000000075230000-0x000000007562C000-memory.dmp

Filesize
4.0MB

Download
memory/1812-60-0x0000000075160000-0x000000007516C000-memory.dmp

Filesize
48KB

Download
memory/1812-39-0x0000000075170000-0x0000000075192000-memory.dmp

Filesize
136KB

Download
memory/1812-64-0x0000000074EF0000-0x0000000075142000-memory.dmp

Filesize
2.3MB

Download
memory/1812-63-0x0000000075150000-0x000000007515F000-memory.dmp

Filesize
60KB

Download
memory/1812-69-0x0000000074EF0000-0x0000000075142000-memory.dmp

Filesize
2.3MB

Download
memory/1812-68-0x0000000075150000-0x000000007515F000-memory.dmp

Filesize
60KB

Download
memory/1812-66-0x0000000075170000-0x0000000075192000-memory.dmp

Filesize
136KB

Download
memory/1812-65-0x0000000075230000-0x000000007562C000-memory.dmp

Filesize
4.0MB

Download