a1e9d2a0a36f1cb5b3fd09a3e07335f9987549fca015428369043031e2cc67cc

Analysis

max time kernel
135s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unpacked/pppwn/exploit/pppwn_.exe
Size

8.2MB
MD5

4495b20ab591002c3dddbe78ad8039aa
SHA1

4c05606b4caadac43cd87b9edc9618e193b318c1
SHA256

1d97f2c2368e6c727d3bfeab62e256fb5ab1cfa877342b03b7c9b7858b121327
SHA512

466b911df96f83b3995e6205e45056aa612b177c9ee12f039935c61cdec6cafe1b46a49ae3216e1d0fecee214799b79edf61d58222df9c1e088854d52365b4fa
SSDEEP

196608:QavpiZgqLDs2PxBRKb5ZWDl98canLcznPOA+C8OGE3BbbRYl:d8ZZHPx3gZpVYGA9xJRYl

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

Processes:

pppwn_.exe

pid	process
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe
744	pppwn_.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

pppwn_.exepppwn_.exe

description	pid	process	target process
PID 2384 wrote to memory of 744	2384	pppwn_.exe	pppwn_.exe
PID 2384 wrote to memory of 744	2384	pppwn_.exe	pppwn_.exe
PID 2384 wrote to memory of 744	2384	pppwn_.exe	pppwn_.exe
PID 744 wrote to memory of 2400	744	pppwn_.exe	cmd.exe
PID 744 wrote to memory of 2400	744	pppwn_.exe	cmd.exe
PID 744 wrote to memory of 2400	744	pppwn_.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Unpacked\pppwn\exploit\pppwn_.exe
"C:\Users\Admin\AppData\Local\Temp\Unpacked\pppwn\exploit\pppwn_.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unpacked\pppwn\exploit\pppwn_.exe
"C:\Users\Admin\AppData\Local\Temp\Unpacked\pppwn\exploit\pppwn_.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4012,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=2856 /prefetch:8
1⤵
PID:4484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23842\VCRUNTIME140.dll
Filesize
88KB

MD5
81b11024a8ed0c9adfd5fbf6916b133c

SHA1
c87f446d9655ba2f6fddd33014c75dc783941c33

SHA256
eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

SHA512
e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_bz2.pyd
Filesize
79KB

MD5
70ca7d29ac5f6a8e0cfaa3501e1aee2c

SHA1
477e11fc890b95fc522fd8ba3f6a695b07332dfc

SHA256
e3b35789a6ecfddcdd9b384cbd9d6822cc8d539e58b43433470e109bc94f9e6e

SHA512
9e844b50cd2c6788de1f334c0a151edfe37fe6d0c07267856b028c9c12abb8c34334b94c8bbf5120f594db32adac50c327f8da9d6803f29763be2b5e2783c829

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ctypes.pyd
Filesize
105KB

MD5
5d21f0a0f73b4bd8237fc5b970fdd5cc

SHA1
d8aabe7c8ecacf70e2f605247d9153a16aef0cea

SHA256
366ba840074223bcebc5fb1d152199e6d0461669463a54016a360da48ca46ac5

SHA512
6c47f65155686dd64ff0cb07ba8e6440bbb5f61c05b4cefd78cea38e4432b4c7d73e81a87931e746e4d5257c7f3f3ec02e0d653d4f3934eba69befcf17e4df49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_decimal.pyd
Filesize
194KB

MD5
869ad0f3f86a1934de64af388cab9876

SHA1
6b8006c6aa399f2b08054c6ca26a3daa2eb45225

SHA256
0bee31f637bfa2e1955620d0eb00f3c28980bcab76a269320c3b1f37c878c8c3

SHA512
64d6eb13aff0eb34d737aec71b351988537758a9a51825784eb78a6bf9ceb533919fc209b0792d68f3e395d0233b65960a526d9fdc78368e71077f8a608d6f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_hashlib.pyd
Filesize
48KB

MD5
2b1d9619090883d3529b6ebe52a3a4fc

SHA1
3baeee160e6cde7a04d7d2424da19c29c4760211

SHA256
48a560b66c7dd4678ea26ab5287ebc50fd289389131225c486cd2ca685df74dd

SHA512
624fafe5fcfea836ed1c87f02bf037d69079a16a07af751defea40dab884adc0cff9c7ca25e38c5292d129a8796bf70a239411c3737781df95d4f9dc63fdecdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_lzma.pyd
Filesize
145KB

MD5
20514c4b7bf23f8993f76d00ec0dfdd4

SHA1
bea7bbb520580ee56998deaf7dff228aa8885df6

SHA256
583f8b5d53fbbea9876dba68f210609082ba99a7a1d9d1ea50584336b12c8684

SHA512
bd90519da146e3c1b03d97ab68560f60dcf6e91d0c1d73740f6ce9de621be491b182a9bc4fb81b9523fb30c3012c7b270c5522c88deda7d3dc65ed78a6ab03b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_multiprocessing.pyd
Filesize
29KB

MD5
7436706aa30910f0145ccee2bfd51310

SHA1
a5b06eef46059dfa07fb0affc0ccadc1087505b3

SHA256
41eb0fdeb3ce2f64a12d871666e4f0f82804cb8437d6830b0492c6ee5a90560a

SHA512
a868cbdbe482e4774cae82c5ac69c07cb5dc25235c1f6239e51bdabb9be6f987d754550006f10c4c3963455e34da15d8a65d4d94bccd2aefd5d86bee7556e90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_queue.pyd
Filesize
27KB

MD5
188619ea2cc75374eef0ba8bd6f34f8a

SHA1
7efb73306ef732d6b85a5fad7acd028ecbd96e65

SHA256
f7a3dbb57f345625b282722724a1867b6a9f365ba678f14026e88a881c693599

SHA512
cf4f40335c5eb104a65ce7c04a55ae1bd448c402bb2be30437b8fb0e9c38e7c789cb84811080a7c491ce6dad2ea851bfdff6f6c30cbb6234ae009017d1932a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_socket.pyd
Filesize
67KB

MD5
539eea75b5a032a9887329a5dc0c51a4

SHA1
50ad9ad4ab4a69bd951c7ccc838e69913527d441

SHA256
39df200a3f8a88c3634c6c91889aa1afef884aa31cd857f64a7f0aad0211a339

SHA512
4820e4d308313868a22eb3a27418a106dd0e3ee4dadf30883ea5bad9a0a81603893df024c89663c0050e9c4afe39cbb33106bd94ea5bf90aac4a8639a8a3bfb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ssl.pyd
Filesize
138KB

MD5
8f7c200970927741ce8a2bad7d0b8847

SHA1
58396c72d5c5b1dcfbb3dbdfccd7d44f60dc57cb

SHA256
1da75f8dcfca394a5059c7d56d8e0bf75e5e142f4c30be2a89496fbfb1dc7b6b

SHA512
a1ca16e4c6620aaace4a98f057b769c105ebc6d787ddc9b2fa874b217cb7ec2315054d1d799234de3ec7fba023f11f722383fa0b52de68471d3a1b1b11e3dffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_uuid.pyd
Filesize
22KB

MD5
8cd9d8119b9b38c64d57a7b87d239a07

SHA1
6619ed7f586305fe77e76c7b66be6dca5280b036

SHA256
e716dc76caef169bd6f33f782575d50f4860808b3090bee531ab02c3fc6dbacd

SHA512
bddd80d3ad8ea200d8086309d3cf2215b06745aa3716255530dd50df2b2463c2ccbcf898f5eb942b862f0972223955f0bba0a87a4ac8e7a6d6c66a2cd01a4e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\base_library.zip
Filesize
1.4MB

MD5
2f6d57bccf7f7735acb884a980410f6a

SHA1
93a6926887a08dc09cd92864cd82b2bec7b24ec5

SHA256
1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3

SHA512
95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libcrypto-1_1.dll
Filesize
2.2MB

MD5
5829cda43cac0f04b8501d892a89cf59

SHA1
aafbe19349575f471a7953795b953b40b71964a1

SHA256
037d54d692d6b003b272f990fd25fcf8a462dd83d3693d3384af28ae41519d9d

SHA512
9e5bc764cc7d81d643419f0aa9e4ae974f7e1633d711b5568adb321b9581aa5861007f0e1de69b4a672d96186f955c9e56ab4b29fd26aecf5e9c2dec1f6b899c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libffi-8.dll
Filesize
34KB

MD5
74d2b5e0120a6faae57042a9894c4430

SHA1
592f115016a964b7eb42860b589ed988e9fff314

SHA256
b982741576a050860c3f3608c7b269dbd35ab296429192b8afa53f1f190069c0

SHA512
f3c62f270488d224e24e29a078439736fa51c9ac7b0378dd8ac1b6987c8b8942a0131062bd117977a37046d4b1488f0f719f355039692bc21418fdfbb182e231

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libssl-1_1.dll
Filesize
539KB

MD5
ca3f5e1496fc9af4edc9dc585e29c8fe

SHA1
aa60dbfa8423c98097c79b09faffff2fe06314d2

SHA256
ce48d4e55fad09ae5dfe6caedde57bbd04a1012f0f526e3705528ac1e2ba0268

SHA512
1aee4ea0b99704b77812eb8faff1b6cacf4dd2240f860d9ea03a551cab2dbf5220d56400c546b874e348abcdf3357495c6884950139bd0c093924dd241f2457d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\pyexpat.pyd
Filesize
166KB

MD5
3c97ceb3fa49dcb4f21a8855faedac6f

SHA1
47f6542ef17b5f4c529ad30fef95eaa76579febc

SHA256
45140295649ece38f988665b330198ef1f845f56d42411aef90f403ff95c40cf

SHA512
35d6f107e52ac78fbd20c7ca334866bf8d3ffcdcd108ba2a266fe17c0e0c2fd1209055c436e69f7d51e37673ad9ac535d3d8f4536148ee9dd2a4a0b16f3aad11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\python311.dll
Filesize
4.7MB

MD5
68193b0ed6bb05e7bf70e380852a4e58

SHA1
842c0346cfbc140988f00c91b575f9b81de94b26

SHA256
d08c8e21a93e60c13ebe30a805f0276e0c8950e4a8af76e6271f1e7264440110

SHA512
f15bbbad656b67e3ece46c9fd624e360471c96cadc636b098b85eb7b37d3d0b06ec774dc843262bcdb3524f4d6bd2659965219dc35c156cd7f60e2f48388b441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\select.pyd
Filesize
26KB

MD5
c66138b2b77c84caf681979e9d45cedb

SHA1
e8dcac1d118b23b1e242dcab9f71771596fff84d

SHA256
49a40999f904ff17869b6f6e52c9f86e13a62d5738b679dfb40b6fa34b1eb3da

SHA512
6a750cd69e21aba0dee13629b720e8e76a917e9c03993d8cf10da945a0fa087b03a15595deeb9f76bec9ffd5fa8a2975080ca172e3373ce379678175de7b46c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23842\unicodedata.pyd
Filesize
1.1MB

MD5
cd76fab95cac1616bc385a71faafa09a

SHA1
e6f4d6ff6371bb70c35ba9ab8eba2b3c9b1ddc1c

SHA256
720c5ada66dd0c680fc7f225d69c5a3d38c5c62cd4e5ecce57c0584dcf47dd16

SHA512
ecb908103af0a62bd925066736dce3e76b777c4b9b59579f5e14f04e17a58e7a8c73a811cf4433c5221053b669b62b8cd01a512446d25a947b1e9db8c6460c4a

Download Submit