a0d95cd64333e5aee1f2f62311981f1ee82860ac5a356968c9e3dcee1f89babd

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SPAM_PAM.exe
Size

43.8MB
MD5

922645d54b773656cdf368d460e6f2d6
SHA1

db6e0d8b55f9dabb98e466dd4c3de3b59e95e41c
SHA256

a0d95cd64333e5aee1f2f62311981f1ee82860ac5a356968c9e3dcee1f89babd
SHA512

68adf36e469f4647553447bd7a2b773c397d4350387551915122d54eac6432bf6535fbb9732dba2b2dcd2ddfd12d98d95a264bfab6e91c0ed2a7fa7363e6f257
SSDEEP

786432:JVKFQpYynt5CojeVRKMMncuNWmH7u89GGADPKQvJfTmtjvWDteWQRU0GQo92:zKuWynt5RjeVRKMMncuNWeucEKQNTnDU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 39 IoCs

Processes:

SPAM_PAM.exe

pid	process
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe
2260	SPAM_PAM.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SPAM_PAM.exe

description	pid	process	target process
PID 328 wrote to memory of 2260	328	SPAM_PAM.exe	SPAM_PAM.exe
PID 328 wrote to memory of 2260	328	SPAM_PAM.exe	SPAM_PAM.exe
PID 328 wrote to memory of 2260	328	SPAM_PAM.exe	SPAM_PAM.exe
PID 328 wrote to memory of 2260	328	SPAM_PAM.exe	SPAM_PAM.exe

C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe
"C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:328

C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe
"C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"
2⤵
- Loads dropped DLL
PID:2260

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI3282\PIL\_imaging.cp38-win32.pyd
Filesize
2.1MB

MD5
daa3996896f46ae41aba42cf89940a7f

SHA1
12a2c1ef51c0d3c014c96bcd39de29ae518e6e72

SHA256
cfa3b1ebb3fd7a19de641a6a6e3728ece3fe4563196bbc32ae9cb8d6ef0ec148

SHA512
079425daab9e2c2ffc8cd125cf0f6754b6ae59afc9b3c98593484e51b8392753c82ff4eb57019ec73129493b6d3743cf937bba4710356ca1d72c0f8ae18e5d97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_bz2.pyd
Filesize
72KB

MD5
1c7f3f37a067019b7926c0f92f3a3aa7

SHA1
ab6562aaa8cfa2dd49c1779a6374cecaf0e0d151

SHA256
bbc7f102b547180ea8ca5ff496f1bd419bfefd360be15610ae6b08837076f5dc

SHA512
840b095cdbb09b20f5d6db9962f4769734e0be425c9f094571df0df2d28888708072952792faded660c3e8f3db2513b6b42032e18cc681d909993fc6500b3e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_ctypes.pyd
Filesize
109KB

MD5
adad459a275b619f700d52a0f9470131

SHA1
632ef3a58fdfe15856a7102b3c3cf96ad9b17334

SHA256
2695a7635fa2bebb6bd720146916f21676e846ea5f39288886bbb27ce2af92f4

SHA512
3f87d84adf3caaf37df30ec4acbaa0b15d9693fe445d31164c81e423ffec51a6263c7a5801e718168be928ab5b1ee689b4932a83c1876ecd97e7544d08c07fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_decimal.pyd
Filesize
220KB

MD5
7bc3e402069caa8afb04f966e6f2b1cf

SHA1
8c0f9a0f189ff2f5a6a6c6a1ac8c2cf72afcb3ae

SHA256
14a59911e349064e4be60dcbf3a0e60dc0f4c0eee2a406b69c9a24ddee3b60ab

SHA512
bd74e6ecbda0e77c3665eb5dbd64a7f6194bcdcff838b9bb1bbeb1367c53491d41c0971602a14d2b4e615b6822f71382b9fe051c3be17464befa8dcf0f884ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_hashlib.pyd
Filesize
36KB

MD5
aaa99ffb90ec5985be0face4f0a40892

SHA1
0ad00c83ff86d7cd4694f2786034282386a39c38

SHA256
b118b6ef5486a65c41fdf049ef3c30d90f39097b5ef4c0b9f61824acfde50b6a

SHA512
e9df4a5480910172ec18e6de2f09eb83152db968dd974bf2e552de2349caa8e66f82110fdf511c7f3dd8436c03212f66d6720bb71306bb811392baed92c78b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_lzma.pyd
Filesize
181KB

MD5
280c3a7c8c5e5282ec8e746ae685ff54

SHA1
5d25f3bb03fa434d35b7b047892f4849e0596542

SHA256
c6e30f1139d4f2b1ec7a5aca8563d6f946ee6ffa6a90a4eb066cd867d3384c39

SHA512
f4185ec91a2e51b703263a6c9796ad589349434a82170370efacef55fde8a885c0c7cf10eff20b61910c569583887ac2e0384847cd724aabc052be2861fafb69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_socket.pyd
Filesize
67KB

MD5
e55a5618e14a01bac452b8399e281d0d

SHA1
feb071df789f02cdfc0059dfbea1e2394bfd08ef

SHA256
04e286e59facf3f1ddd54d92b45d7662044c0b17d370eb20eb9ca0c8c8e3cb9c

SHA512
1b2e57e681ea889aac680a9ae3b6c9f76ccf82cff3fc91f3c1b678851152282199172fd1900997163ae8db2a18ee385f1ecfe8230fcbc7bf1a3a896a869b2a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\_tkinter.pyd
Filesize
58KB

MD5
1b81683be893967c0300ba93d65626f2

SHA1
a92adc8c3535e7fd93f32d756f004855b61e2942

SHA256
df2c5e49d13daa417cd599c0955aeea0679543766e5f30f1814b1f8bf9c6435d

SHA512
76b11e15cc5766408ad81625444c2c84b6e87953b3e9e4db59a792bd6e9b1e7013b4d8f72c072451340583ad4c7aac13b5f1797a3e303e4da3def4bef6c574f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\base_library.zip
Filesize
768KB

MD5
2fe82f7af1161143414b5a9a4de47c18

SHA1
b9cef711598ec288e300fc9a5c61596a28e5667e

SHA256
97c25ad9c440880922186926e8793eca9b10f50a63422b4e79d200ef7aff436d

SHA512
b9ab1827ce806723604724daa68966479850589cf33e7fb52bf12c1224e2d01ae094d03e9b032d8e16596d7eddb37af68c94fe3f33287eed06fca4cd40432729

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\cv2\cv2.cp38-win32.pyd
Filesize
37.0MB

MD5
996219418ad401c5ab95833f6b4baae8

SHA1
791ad45cff45cd0d9f635a4731e85ac6426f4fe9

SHA256
2467fd4ba76a39f33e0ebe3ecdd004425c8fce09f4ed170eba401a408bc64d85

SHA512
d27c761d7aa7e5f893309a5d0c3f8fc8fe1a974d0a35061338f5a9918c9d02b6f9c46aaa910f399a374ab1721546994f2143145a920e839e4449d15da00bc437

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\libopenblas.SVHFG5YE3RK3Z27NVFUDAPL2O3W6IMXW.gfortran-win32.dll
Filesize
26.5MB

MD5
aeec629e803c574cd89831c3d70feaca

SHA1
fd8b2466dcdbfdfb823b2a52a1349ccb5b3d3566

SHA256
9e0ebad4f2ce6e78a55e2a6d5767f99d02de6228cba8ea3f5f725986a19fb074

SHA512
1bd9a47a51eab9c0e3824f21e7122ec6456384fdbad2c4ead6f4eb2bb32dcfc826ba11b5f5b82674a3987936d51f0fd8e4754dfd1b77afce10e932bc47fbef82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\core\_multiarray_tests.cp38-win32.pyd
Filesize
101KB

MD5
07cf4b1144930f4c36d858b742a6e6dc

SHA1
b4d717957617a5da9a9514460c3fae769a566527

SHA256
3cf8f0495be889e57370a199c0bee6931a5bdbb0966989b9c7e90b592f98e518

SHA512
59d0d2aab47d1500e3c90775edd29c209c1d4fdd9e7dfcafd121d30b7d3796ecb5012f877adeb8468c34079e33e34a27cb03f5b3a09c26f30cfed19ae12ef61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\core\_multiarray_umath.cp38-win32.pyd
Filesize
2.1MB

MD5
08ed468441defef062e4330595366a2c

SHA1
74ab5f274ee9e4feb8e11b0ea705b42608cd05b9

SHA256
de7825356527749c543842f70b3b2fea8e98c961696b95b63c2855bbb3926c51

SHA512
e73afce8479570884c4ac356212b3b58e1d5b2dcc62fc3997b3a6fae8d7a68bea17f465d92ee59129d5f7bfe9a7a6564db585635f72eb2d4054dc7ab7712d790

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\fft\_pocketfft_internal.cp38-win32.pyd
Filesize
71KB

MD5
54073fdc38eb9fcb035f1927a45aca97

SHA1
45be04949b460c12cb17332d90d7a08fd1336acb

SHA256
f8bd6e426d7497d012a0b59b3383a5c08d8a7a6a79d768032db453a6999a3e4d

SHA512
6864b0f5ebbc00ccaa61d64145ea4fa5b171628f631b9baffb5aaa9a791abf6487aaa6cf83f4cd04ac44a7fcebaf6240b32a76205485a8dc3bfa0c3facd92aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\linalg\_umath_linalg.cp38-win32.pyd
Filesize
105KB

MD5
19250a74fc6843ffb06724c8ce41f017

SHA1
fa7c324535b9683a08e6a89609c5b9b779cd199d

SHA256
4d850e5320ba320eb1213853596dc08a432deb4367cb9924b9fae3bdabb84dbb

SHA512
fc7a3154c99415e94ec595e381b9276526a4c96ff87f2bd91bd1753016cbf400a2afa0bf51219e0b808f80e7ea85d1e0fb739fe384dc9d9e3f3ddb47b781bf7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\linalg\lapack_lite.cp38-win32.pyd
Filesize
15KB

MD5
fd2a2e24f2870c08b3362f112eac4c68

SHA1
3e0bb73b007c9fcb8a5e29d272e7b5acaaa1a968

SHA256
f985b93aed5d663a38ebbb907b85f8ca34124806c01d8714461ef1c380c23e73

SHA512
2879b33d5916c6f2e1586b690d2bb41dab391556feec4f508104d5764482989714159bc798abf59509951a2d7f92e39bb69ac8bab65e53ece7bd51f8f8c91d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\random\_bit_generator.cp38-win32.pyd
Filesize
139KB

MD5
509b0078ef6e4f1a906301d18b16bfe5

SHA1
d1b3baec2e0785b760b61be32602e3c4d7b7f2b0

SHA256
82209df954fe7fcd170778a79aa429af62c3baac863c7fb9d7d24f90bbb4f345

SHA512
b9ddbe6c93d5a3fe396d2e4968353c9075bc7cfc3f784ba3a0b25309c0f434c63fd4488b82a62cb8fbcbd03a260044a9e51c2653218fcfe7faaa07f224c823c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\random\_bounded_integers.cp38-win32.pyd
Filesize
292KB

MD5
0bb68bcf2dfedf2218c4f2f51ce65ee3

SHA1
f23461b512a5b1eae25268776adc694c184a98a3

SHA256
cf18118cd6dc6212b008d04eac1225b70a24cf023b5ec688f5443003f8792ada

SHA512
315b8fa5733f88e3f3b0e52dd07007d8fd2e3262515a13c07a67e45990b68ea0c36930ef0f7f9469b8cb5c2589cffc5cad334a790021b19208ac56ecbe07f71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\random\_common.cp38-win32.pyd
Filesize
176KB

MD5
48a86b261ee8d71374ca6197f7254c27

SHA1
440ff2755507fc1312ab754cf4191941dbfe380e

SHA256
257a5063bb45883ff69e08d0eadf30667afbaa832e3e4d0ce4f1f2457af5a5e8

SHA512
fb36c98e8f5c0c258a689c5d9657cfdbd0ba43aa60b18285d76fbc0f011fb773276d183c9920eb956ff00291ebcf53a0dabd2ed89891da4adba87818f52fc977

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\random\_mt19937.cp38-win32.pyd
Filesize
85KB

MD5
b06b1d9bc7c8f20107485eca83ba96ca

SHA1
b0c128bfc237e470af93110ed95210d223026164

SHA256
57f4519fd51962eccbfc15812732e46cce84606a88b4746d16440d390022c506

SHA512
1929d2577fb9254d3bb61e30ff91859e5f988c18506ddd9d0e212f1325b2d9791402cdcb537b2af3da3d666c6f8c5fce1935544d92ccab03b45aaa86e2b88dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\numpy\random\mtrand.cp38-win32.pyd
Filesize
538KB

MD5
a10c295072c5b18c42d6ca8bea74a048

SHA1
f329273bf1cbb713472150b023ba5edcb6e2b583

SHA256
227ccce9dae9fe05c17204061e4764a2b55300b5f936a1e9d80519b19526d136

SHA512
a0d40edd1648a65db7a1fe90d4f6d275605a2528a10cf90a0c01b226b2f221ed3edbf717a89bb205b5d6ab23c3bde7b6f63cbae348385b7f14894c173e36e1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\pyexpat.pyd
Filesize
163KB

MD5
e50093c4196ac6c3bd293789248477dd

SHA1
fedc09eaa3c938461f96e8b3476c5239ea93a3fe

SHA256
a8b218f57e82b57184b00c2ccc9cfd353a84ead0e777037a605427b4907fc69b

SHA512
f5c05dbcb9dd4d5c0dc96f3af63023d6ee4760e0e55b839a673411fddd6a63896dd1aa4f4f2985e2853d8e54cc3ec61c83ceda2cffe849baa74221c477bc3992

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\python38.dll
Filesize
3.7MB

MD5
d375b654850fa100d4a8d98401c1407f

SHA1
ed10c825535e8605b67bacd48f3fcecf978a3fee

SHA256
527819a45446a7729e04a70aee587ec7e46d787c159d0f9d4e824e54c1653f4d

SHA512
fb3faadc801cbeb0697849cf539e471f7362212935607237b26293976aa65ec454ac601a013eec930a5910bafac8a3863e7d668fc7767dc53a98e84286f582b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\pythoncom38.dll
Filesize
414KB

MD5
be4cf76649e7cd0eada3bd944bfb2fe0

SHA1
694307e1bb45dcb13978a3ad65baae9cea53cc00

SHA256
84ed4bc34d0230d3b9fee6e28ce26e36f89e3937d19c6ffb18e49ac8b7f16d4b

SHA512
c0f582bba0174ae7cc5a09654790fbf50e917d9fb6687a9b44517fe6ef42ed61ae373c95215e9c7bc785c082745c36a1b499feb71c7d61974d79316a5ec9230b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\pywintypes38.dll
Filesize
112KB

MD5
d3dd230bb3ef786c22c8118bbb0df562

SHA1
8173f6d00059b0623f6e05dd399df549641cc43f

SHA256
3d52b3e8c09d8f82438b4997212835b72d81cfafa9e0cb604e4a05801fea53b5

SHA512
6ea08bc8f1fcb181857f2633d08d8aca78d9494aac139f5b74396cf7ae601e8cef6fadd167c4c101b3ebd6b7a94175a73a356820045439f5ee4d0d32f081af11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\select.pyd
Filesize
23KB

MD5
39f61824d4e3d4be2d938a827bae18eb

SHA1
b7614cfbcdbd55ef1e4e8266722088d51ae102b8

SHA256
c86c229e97b11cb74cc87bc595d4d936171c5d334e367f55b2ee3f9bcfbc6c92

SHA512
9a5926eafba32a2260521e3d11a4faf8701d3963454cfedf7046765ebbc62baf675944fe3fff3ecb70c80c47ffb1d2c9e2adcd385b8c291908ca3cb4d18a3caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\tcl86t.dll
Filesize
1.3MB

MD5
30195aa599dd12ac2567de0815ade5e6

SHA1
aa2597d43c64554156ae7cdb362c284ec19668a7

SHA256
e79443e9413ba9a4442ca7db8ee91a920e61ac2fb55be10a6ab9a9c81f646dbb

SHA512
2373b31d15b39ba950c5dea4505c3eaa2952363d3a9bd7ae84e5ea38245320be8f862dba9e9ad32f6b5a1436b353b3fb07e684b7695724a01b30f5ac7ba56e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\tcl\encoding\cp1252.enc
Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\tk86t.dll
Filesize
1.1MB

MD5
6cadec733f5be72697d7112860a0905b

SHA1
6a6beeef3b1bb7c85c63f4a3410e673fce73f50d

SHA256
19f70dc79994e46d3e1ef6be352f5933866de5736d761faa8839204136916b3f

SHA512
e6b3e52968c79d4bd700652c1f2ebd0366b492fcda4e05fc8b198791d1169b20f89b85ec69cefa7e099d06a78bf77ff9c3274905667f0c94071f47bafad46d79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\win32api.pyd
Filesize
101KB

MD5
e2bd243023df53c409a804884afc2948

SHA1
eadd808af885497f456559161692aa074a314ebd

SHA256
8e7e968d9292e726a289105eb1991d6f3664e9702d521b68a23d49b7826bc565

SHA512
efffa7778da61991fda3e5ce7682a94faafee44a26d49c86510976b4d3df8e7e4fe66233a48c32fe3b898191e72a2aa3e1e1f987329c242a68c1fec4a82976e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\libcrypto-1_1.dll
Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads