5242437d464d1ceaae57e43d8bcea605d17ea7debe5626e0b509c31ccbced159

Analysis

max time kernel
296s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-05-2024 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VIM.exe
Size

7.2MB
MD5

165a6f77d8558e08eadefdb749bb18c0
SHA1

1f0572d93a05b9d85b122ebef42a02811b5fd772
SHA256

5242437d464d1ceaae57e43d8bcea605d17ea7debe5626e0b509c31ccbced159
SHA512

8e777bd30748262de141b079aa7246da69c0a218ff1bf40e11e07af58e9ff8ff3f506edd515a1d9436df389656729cbd28e6c1676c9fffd7dde95ce6c32dce1e
SSDEEP

196608:edU8EkuA3uWJysVYvsONtdIQLOMIdiwmnoriXWDhs:a9EYeWJ8taL/d2or5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

Processes:

VIM.exe

pid	process
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

VIM.exe

pid	process
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe
3748	VIM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

VIM.exe

description pid process

Token: 35 3748 VIM.exe
Token: SeDebugPrivilege 3748 VIM.exe

description	pid	process
Token: 35	3748	VIM.exe
Token: SeDebugPrivilege	3748	VIM.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

VIM.exeVIM.exe

description	pid	process	target process
PID 5096 wrote to memory of 3748	5096	VIM.exe	VIM.exe
PID 5096 wrote to memory of 3748	5096	VIM.exe	VIM.exe
PID 3748 wrote to memory of 2804	3748	VIM.exe	cmd.exe
PID 3748 wrote to memory of 2804	3748	VIM.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\VIM.exe
"C:\Users\Admin\AppData\Local\Temp\VIM.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096

C:\Users\Admin\AppData\Local\Temp\VIM.exe
"C:\Users\Admin\AppData\Local\Temp\VIM.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title VIM Client Companion
3⤵
PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI50962\VCRUNTIME140.dll
Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_asyncio.pyd
Filesize
70KB

MD5
45126a5a3995f890e5c942ba615a569c

SHA1
928aa2b9f2e2485dc835c6d0f92999f5d5581264

SHA256
490e3b87f7a570ee09e4d95a439c525883b4ab22b701cf89f68409a559e7bbf3

SHA512
dcc282bc6e6b524f1e9a66a042a10afb13aecc6a77f18414524d1e7db69aaa919b856a415e81acd79a58b069b2d5a8b12f61dc25f1f62c486805fab15f439232

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_bz2.pyd
Filesize
87KB

MD5
92075c2759ac8246953e6fa6323e43fe

SHA1
6818befe630c2656183ea7fe735db159804b7773

SHA256
e7af6119b56ddd47fd0a909710f7163d7ef4822405fc138d24e6ce9de7a5022f

SHA512
7f3a4409859695f53291c96dd487bca2649815bad5f4610c2c6f92777411d39210e293d962573a20dfe73ea15331de7e6c18b017ae1d6f226387eab1fc1f586c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_ctypes.pyd
Filesize
131KB

MD5
2787764fe3056f37c79a3fc79e620172

SHA1
a64d1a047ba644d0588dc4288b74925ed72e6ed4

SHA256
41c593c960f3f89b1e1629c6b7bd6171fe306168f816bef02027332a263de117

SHA512
1dc5bb470be558c643a3f68e23423697384bc547b1192cd398dff640e28f7df85563bc87643cdcde9b8b4f880f272e13a673a018ae251e100bd99790f993afa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_hashlib.pyd
Filesize
38KB

MD5
7808b500fbfb17c968f10ee6d68461df

SHA1
2a8e54037e7d03d20244fefd8247cf218e1d668f

SHA256
e2701f4e4a7556adab7415e448070289ba4fe047227f48c3a049d7c3154aff0b

SHA512
b4239e792141bcf924f61bfd46033934337079b245f423b34820d36c6599ca35ab06bc525acfff4cafa75e31975fcd0409dedd203377d642fc5dc55ec2c1fa27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_lzma.pyd
Filesize
251KB

MD5
ab582419629183e1615b76fc5d2c7704

SHA1
b78ee7e725a417bef50cca47590950e970eae200

SHA256
5a45f7cd517ad396a042bc2767ae73221dc68f934e828a9433249924a371ee5e

SHA512
3f38441dd0b88b486dafaa1e15d07f0ee467a362c1603071a2fa79de770fa061ced25ca790f0d3139f31178c719cc82ac88601262e2a0ca809708dfa3f6f76ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_overlapped.pyd
Filesize
43KB

MD5
73ed0ee50db2ea98118f704e78d5e95e

SHA1
93d6cf61c8848e70f2afffc698f9718a18ad74ce

SHA256
009cadfd046eee91e183489edf6b8ad8562e5c9e851ef4ad0034b5d88201c942

SHA512
efd98f373f2309bf50139b35fb17e0d1355bed421c827224d8eba093f3005c3325cc55ef2853cd2d55e2873c9a73e3867bbe4d267f52c6fab5cddc8f2d076a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_queue.pyd
Filesize
27KB

MD5
a48af48dd880c11673469c1ade525558

SHA1
01e9bbcd7eccaa6d5033544e875c7c20f8812124

SHA256
a98e9f330eeaf40ef516237ab5bc1efac1fc49ed321a128be78dd3fb8733e0a4

SHA512
a535dadb79c1ca10506858226442d1d1fb00e5d6f99afa6b539e2506a6627a7bd624a7ee2bc61f55c974113de80fd7a95e6c18e9402736d32d5099077ca1b913

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_socket.pyd
Filesize
74KB

MD5
10cd16bb63862536570c717ffc453da4

SHA1
b3ef50d7ac4652b5c35f1d86a0130fb43dd5a669

SHA256
e002a1bd6fba44681d557b64d439585dba9820226e1c3da5a62628bbaa930ae3

SHA512
55ee581c4005901661efaf9aad6ea39b2b2e265579539d464d62e4209638567b3b9fdd945d0bed0a1047f977d374a5707a970c621ca289077e2d6c5aeca491b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\_ssl.pyd
Filesize
121KB

MD5
8b5af5ac31b6bde9023a4adc3e7f0ce1

SHA1
c5d7eaaed9be784227a0854bfb8a983058410a35

SHA256
7040d3712f31b7d11882ce8c907452fa725678b646b900f6868f43ab3e4ddab6

SHA512
499aa2321a2e5492c700513d63cf08fc12d3a430a5e9f5d865279919f6d7b74385b6767bbee63616f84b52d02070b16b2d4c3921163c42864f33e7b5331b1444

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\base_library.zip
Filesize
998KB

MD5
cedc54e7f6a9958db96dbf367b384954

SHA1
ba190cbf5513fed790b2efa98867ca4db55e1e32

SHA256
974e2e633658e584ad8064ce450495fe135b9c4949a329cfaa1716c4d84ff152

SHA512
3b44a718cd63f220d70ef2867b62eb8670bfce6c2c3099814004c2d7ef1a37a9f4704d944d9dabde4a223e71d422c067f93cf6ea9bbb02c7dad07db2cff5026c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\certifi\cacert.pem
Filesize
253KB

MD5
3dcd08b803fbb28231e18b5d1eef4258

SHA1
b81ea40b943cd8a0c341f3a13e5bc05090b5a72a

SHA256
de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e

SHA512
9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\libcrypto-1_1.dll
Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\libssl-1_1.dll
Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\psutil\_psutil_windows.cp37-win_amd64.pyd
Filesize
72KB

MD5
eb2e7580f823b00576880cada4526092

SHA1
9195525a1e9cbac344171dd5333f2df0852c890f

SHA256
3ee35d8a42d5951c8498246aa6d302bbffecea65a2fcaa78a069011c6f543d59

SHA512
aaaef52e15a61490d87c2c1e49713590b3bfb65229c4318fa51bee92b9440e1fd546bfe8773440b559a55a9525f51ed2bfc9996fb4de50476533db3d6f284b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\python37.dll
Filesize
3.6MB

MD5
c4e99d7375888d873d2478769a8d844c

SHA1
881e42ad9b7da068ee7a6d133484f9d39519ca7e

SHA256
12f26beb439ddf8d56e7544b06a0675d5da6670c02f8f9cede7aad1de71eb116

SHA512
a5b79a919f15cda2c295c8da923ffe5dd30408376e459669e4e376b9d4d504d43671518d7085352bb90c4ce4efc6d81c91ac6cedbdaa896f916d80f7346a695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\select.pyd
Filesize
26KB

MD5
39b7c056bca546778690b9922315f9ff

SHA1
5f62169c8de1f72db601d30b37d157478723859b

SHA256
9514b4c40c35396b1952a8acf805e993a3875b37370f44ef36ed33c7151412ef

SHA512
229538131d83299ea90652818c99972c1ee692c070e7fea9599420c99dd8ae75fb2367e9509aad23984fe0a8d21221a59bd57493b5cd1d6c7391c3c55d714e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\ucrtbase.dll
Filesize
983KB

MD5
e3cbcb26ee85737e70ce55d498fcaa38

SHA1
8dcdcf5e8d9b621a149163cc3f12d01fde1ef4ac

SHA256
8ab85c80c5d9ad3618fd86aa45a878bb5a5d7e449528c317a8239c33876c75b5

SHA512
eb85a84f0d7e4f65ab67869e56b68f8da72a570b9b2fd0ee28e9d3ea9a80b4d35352261213b0e26d9d7592e750a0870e7b62df69e948bc060b0bfe6cea9fb12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\unicodedata.pyd
Filesize
1.0MB

MD5
d2ab7f9a441bb139feeb0e11eb600371

SHA1
467aeb881fccd4a43a16f319635da81f05279cc6

SHA256
465ab1b24c39a5a5da9415c96740dfdb4d071b25a7a87e275841e1d66a57e88f

SHA512
cf8eaae07c176fab5ca54a3935ec2fd6933e3f2d0ca107bf60f1389f2258865d101685918c7a04802da2a97980747935f1b56b0da3d1db3a1ea282f74db0b6a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50962\websockets\speedups.cp37-win_amd64.pyd
Filesize
11KB

MD5
946f9c2b6214d0f4855223345162479a

SHA1
dff2c21c3f42c589e1e35f5f61353aaab5cb27e3

SHA256
5e2625c030ffcc452a3eea8dedd6933570dc94ab7f3f1dd61cb416d9a04c2f7a

SHA512
f52257a4fd5a21583a22ac8b526fab6b81aba3f25fabc6e5133b320e29a141e8be717223ac4442e9adc550bf57c259035d840e0ee8ea6f326f468a41ea0c17e6

Download Submit