Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-05-2024 21:04
General
-
Target
SPAM_PAM.exe
-
Size
43.8MB
-
MD5
922645d54b773656cdf368d460e6f2d6
-
SHA1
db6e0d8b55f9dabb98e466dd4c3de3b59e95e41c
-
SHA256
a0d95cd64333e5aee1f2f62311981f1ee82860ac5a356968c9e3dcee1f89babd
-
SHA512
68adf36e469f4647553447bd7a2b773c397d4350387551915122d54eac6432bf6535fbb9732dba2b2dcd2ddfd12d98d95a264bfab6e91c0ed2a7fa7363e6f257
-
SSDEEP
786432:JVKFQpYynt5CojeVRKMMncuNWmH7u89GGADPKQvJfTmtjvWDteWQRU0GQo92:zKuWynt5RjeVRKMMncuNWeucEKQNTnDU
Malware Config
Signatures
-
Loads dropped DLL 39 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"C:\Users\Admin\AppData\Local\Temp\SPAM_PAM.exe"2⤵
- Loads dropped DLL
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\PIL\_imaging.cp38-win32.pydFilesize
2.1MB
MD5daa3996896f46ae41aba42cf89940a7f
SHA112a2c1ef51c0d3c014c96bcd39de29ae518e6e72
SHA256cfa3b1ebb3fd7a19de641a6a6e3728ece3fe4563196bbc32ae9cb8d6ef0ec148
SHA512079425daab9e2c2ffc8cd125cf0f6754b6ae59afc9b3c98593484e51b8392753c82ff4eb57019ec73129493b6d3743cf937bba4710356ca1d72c0f8ae18e5d97
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\VCRUNTIME140.dllFilesize
84KB
MD5ae96651cfbd18991d186a029cbecb30c
SHA118df8af1022b5cb188e3ee98ac5b4da24ac9c526
SHA2561b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1
SHA51242a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_bz2.pydFilesize
72KB
MD51c7f3f37a067019b7926c0f92f3a3aa7
SHA1ab6562aaa8cfa2dd49c1779a6374cecaf0e0d151
SHA256bbc7f102b547180ea8ca5ff496f1bd419bfefd360be15610ae6b08837076f5dc
SHA512840b095cdbb09b20f5d6db9962f4769734e0be425c9f094571df0df2d28888708072952792faded660c3e8f3db2513b6b42032e18cc681d909993fc6500b3e6e
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ctypes.pydFilesize
109KB
MD5adad459a275b619f700d52a0f9470131
SHA1632ef3a58fdfe15856a7102b3c3cf96ad9b17334
SHA2562695a7635fa2bebb6bd720146916f21676e846ea5f39288886bbb27ce2af92f4
SHA5123f87d84adf3caaf37df30ec4acbaa0b15d9693fe445d31164c81e423ffec51a6263c7a5801e718168be928ab5b1ee689b4932a83c1876ecd97e7544d08c07fa8
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_decimal.pydFilesize
220KB
MD57bc3e402069caa8afb04f966e6f2b1cf
SHA18c0f9a0f189ff2f5a6a6c6a1ac8c2cf72afcb3ae
SHA25614a59911e349064e4be60dcbf3a0e60dc0f4c0eee2a406b69c9a24ddee3b60ab
SHA512bd74e6ecbda0e77c3665eb5dbd64a7f6194bcdcff838b9bb1bbeb1367c53491d41c0971602a14d2b4e615b6822f71382b9fe051c3be17464befa8dcf0f884ddd
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_hashlib.pydFilesize
36KB
MD5aaa99ffb90ec5985be0face4f0a40892
SHA10ad00c83ff86d7cd4694f2786034282386a39c38
SHA256b118b6ef5486a65c41fdf049ef3c30d90f39097b5ef4c0b9f61824acfde50b6a
SHA512e9df4a5480910172ec18e6de2f09eb83152db968dd974bf2e552de2349caa8e66f82110fdf511c7f3dd8436c03212f66d6720bb71306bb811392baed92c78b7d
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_lzma.pydFilesize
181KB
MD5280c3a7c8c5e5282ec8e746ae685ff54
SHA15d25f3bb03fa434d35b7b047892f4849e0596542
SHA256c6e30f1139d4f2b1ec7a5aca8563d6f946ee6ffa6a90a4eb066cd867d3384c39
SHA512f4185ec91a2e51b703263a6c9796ad589349434a82170370efacef55fde8a885c0c7cf10eff20b61910c569583887ac2e0384847cd724aabc052be2861fafb69
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_socket.pydFilesize
67KB
MD5e55a5618e14a01bac452b8399e281d0d
SHA1feb071df789f02cdfc0059dfbea1e2394bfd08ef
SHA25604e286e59facf3f1ddd54d92b45d7662044c0b17d370eb20eb9ca0c8c8e3cb9c
SHA5121b2e57e681ea889aac680a9ae3b6c9f76ccf82cff3fc91f3c1b678851152282199172fd1900997163ae8db2a18ee385f1ecfe8230fcbc7bf1a3a896a869b2a9c
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_tkinter.pydFilesize
58KB
MD51b81683be893967c0300ba93d65626f2
SHA1a92adc8c3535e7fd93f32d756f004855b61e2942
SHA256df2c5e49d13daa417cd599c0955aeea0679543766e5f30f1814b1f8bf9c6435d
SHA51276b11e15cc5766408ad81625444c2c84b6e87953b3e9e4db59a792bd6e9b1e7013b4d8f72c072451340583ad4c7aac13b5f1797a3e303e4da3def4bef6c574f5
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\base_library.zipFilesize
768KB
MD52fe82f7af1161143414b5a9a4de47c18
SHA1b9cef711598ec288e300fc9a5c61596a28e5667e
SHA25697c25ad9c440880922186926e8793eca9b10f50a63422b4e79d200ef7aff436d
SHA512b9ab1827ce806723604724daa68966479850589cf33e7fb52bf12c1224e2d01ae094d03e9b032d8e16596d7eddb37af68c94fe3f33287eed06fca4cd40432729
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\cv2\cv2.cp38-win32.pydFilesize
37.0MB
MD5996219418ad401c5ab95833f6b4baae8
SHA1791ad45cff45cd0d9f635a4731e85ac6426f4fe9
SHA2562467fd4ba76a39f33e0ebe3ecdd004425c8fce09f4ed170eba401a408bc64d85
SHA512d27c761d7aa7e5f893309a5d0c3f8fc8fe1a974d0a35061338f5a9918c9d02b6f9c46aaa910f399a374ab1721546994f2143145a920e839e4449d15da00bc437
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libcrypto-1_1.dllFilesize
2.1MB
MD567c1ea1b655dbb8989a55e146761c202
SHA1aecc6573b0e28f59ea8fdd01191621dda6f228ed
SHA256541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a
SHA5121c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libffi-7.dllFilesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libopenblas.SVHFG5YE3RK3Z27NVFUDAPL2O3W6IMXW.gfortran-win32.dllFilesize
26.5MB
MD5aeec629e803c574cd89831c3d70feaca
SHA1fd8b2466dcdbfdfb823b2a52a1349ccb5b3d3566
SHA2569e0ebad4f2ce6e78a55e2a6d5767f99d02de6228cba8ea3f5f725986a19fb074
SHA5121bd9a47a51eab9c0e3824f21e7122ec6456384fdbad2c4ead6f4eb2bb32dcfc826ba11b5f5b82674a3987936d51f0fd8e4754dfd1b77afce10e932bc47fbef82
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\core\_multiarray_tests.cp38-win32.pydFilesize
101KB
MD507cf4b1144930f4c36d858b742a6e6dc
SHA1b4d717957617a5da9a9514460c3fae769a566527
SHA2563cf8f0495be889e57370a199c0bee6931a5bdbb0966989b9c7e90b592f98e518
SHA51259d0d2aab47d1500e3c90775edd29c209c1d4fdd9e7dfcafd121d30b7d3796ecb5012f877adeb8468c34079e33e34a27cb03f5b3a09c26f30cfed19ae12ef61a
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\core\_multiarray_umath.cp38-win32.pydFilesize
2.1MB
MD508ed468441defef062e4330595366a2c
SHA174ab5f274ee9e4feb8e11b0ea705b42608cd05b9
SHA256de7825356527749c543842f70b3b2fea8e98c961696b95b63c2855bbb3926c51
SHA512e73afce8479570884c4ac356212b3b58e1d5b2dcc62fc3997b3a6fae8d7a68bea17f465d92ee59129d5f7bfe9a7a6564db585635f72eb2d4054dc7ab7712d790
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\fft\_pocketfft_internal.cp38-win32.pydFilesize
71KB
MD554073fdc38eb9fcb035f1927a45aca97
SHA145be04949b460c12cb17332d90d7a08fd1336acb
SHA256f8bd6e426d7497d012a0b59b3383a5c08d8a7a6a79d768032db453a6999a3e4d
SHA5126864b0f5ebbc00ccaa61d64145ea4fa5b171628f631b9baffb5aaa9a791abf6487aaa6cf83f4cd04ac44a7fcebaf6240b32a76205485a8dc3bfa0c3facd92aac
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\linalg\_umath_linalg.cp38-win32.pydFilesize
105KB
MD519250a74fc6843ffb06724c8ce41f017
SHA1fa7c324535b9683a08e6a89609c5b9b779cd199d
SHA2564d850e5320ba320eb1213853596dc08a432deb4367cb9924b9fae3bdabb84dbb
SHA512fc7a3154c99415e94ec595e381b9276526a4c96ff87f2bd91bd1753016cbf400a2afa0bf51219e0b808f80e7ea85d1e0fb739fe384dc9d9e3f3ddb47b781bf7d
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\linalg\lapack_lite.cp38-win32.pydFilesize
15KB
MD5fd2a2e24f2870c08b3362f112eac4c68
SHA13e0bb73b007c9fcb8a5e29d272e7b5acaaa1a968
SHA256f985b93aed5d663a38ebbb907b85f8ca34124806c01d8714461ef1c380c23e73
SHA5122879b33d5916c6f2e1586b690d2bb41dab391556feec4f508104d5764482989714159bc798abf59509951a2d7f92e39bb69ac8bab65e53ece7bd51f8f8c91d7e
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\random\_bit_generator.cp38-win32.pydFilesize
139KB
MD5509b0078ef6e4f1a906301d18b16bfe5
SHA1d1b3baec2e0785b760b61be32602e3c4d7b7f2b0
SHA25682209df954fe7fcd170778a79aa429af62c3baac863c7fb9d7d24f90bbb4f345
SHA512b9ddbe6c93d5a3fe396d2e4968353c9075bc7cfc3f784ba3a0b25309c0f434c63fd4488b82a62cb8fbcbd03a260044a9e51c2653218fcfe7faaa07f224c823c2
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\random\_bounded_integers.cp38-win32.pydFilesize
292KB
MD50bb68bcf2dfedf2218c4f2f51ce65ee3
SHA1f23461b512a5b1eae25268776adc694c184a98a3
SHA256cf18118cd6dc6212b008d04eac1225b70a24cf023b5ec688f5443003f8792ada
SHA512315b8fa5733f88e3f3b0e52dd07007d8fd2e3262515a13c07a67e45990b68ea0c36930ef0f7f9469b8cb5c2589cffc5cad334a790021b19208ac56ecbe07f71c
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\random\_common.cp38-win32.pydFilesize
176KB
MD548a86b261ee8d71374ca6197f7254c27
SHA1440ff2755507fc1312ab754cf4191941dbfe380e
SHA256257a5063bb45883ff69e08d0eadf30667afbaa832e3e4d0ce4f1f2457af5a5e8
SHA512fb36c98e8f5c0c258a689c5d9657cfdbd0ba43aa60b18285d76fbc0f011fb773276d183c9920eb956ff00291ebcf53a0dabd2ed89891da4adba87818f52fc977
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\random\_mt19937.cp38-win32.pydFilesize
85KB
MD5b06b1d9bc7c8f20107485eca83ba96ca
SHA1b0c128bfc237e470af93110ed95210d223026164
SHA25657f4519fd51962eccbfc15812732e46cce84606a88b4746d16440d390022c506
SHA5121929d2577fb9254d3bb61e30ff91859e5f988c18506ddd9d0e212f1325b2d9791402cdcb537b2af3da3d666c6f8c5fce1935544d92ccab03b45aaa86e2b88dbd
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\numpy\random\mtrand.cp38-win32.pydFilesize
538KB
MD5a10c295072c5b18c42d6ca8bea74a048
SHA1f329273bf1cbb713472150b023ba5edcb6e2b583
SHA256227ccce9dae9fe05c17204061e4764a2b55300b5f936a1e9d80519b19526d136
SHA512a0d40edd1648a65db7a1fe90d4f6d275605a2528a10cf90a0c01b226b2f221ed3edbf717a89bb205b5d6ab23c3bde7b6f63cbae348385b7f14894c173e36e1bf
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\pyexpat.pydFilesize
163KB
MD5e50093c4196ac6c3bd293789248477dd
SHA1fedc09eaa3c938461f96e8b3476c5239ea93a3fe
SHA256a8b218f57e82b57184b00c2ccc9cfd353a84ead0e777037a605427b4907fc69b
SHA512f5c05dbcb9dd4d5c0dc96f3af63023d6ee4760e0e55b839a673411fddd6a63896dd1aa4f4f2985e2853d8e54cc3ec61c83ceda2cffe849baa74221c477bc3992
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python38.dllFilesize
3.7MB
MD5d375b654850fa100d4a8d98401c1407f
SHA1ed10c825535e8605b67bacd48f3fcecf978a3fee
SHA256527819a45446a7729e04a70aee587ec7e46d787c159d0f9d4e824e54c1653f4d
SHA512fb3faadc801cbeb0697849cf539e471f7362212935607237b26293976aa65ec454ac601a013eec930a5910bafac8a3863e7d668fc7767dc53a98e84286f582b3
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\pythoncom38.dllFilesize
414KB
MD5be4cf76649e7cd0eada3bd944bfb2fe0
SHA1694307e1bb45dcb13978a3ad65baae9cea53cc00
SHA25684ed4bc34d0230d3b9fee6e28ce26e36f89e3937d19c6ffb18e49ac8b7f16d4b
SHA512c0f582bba0174ae7cc5a09654790fbf50e917d9fb6687a9b44517fe6ef42ed61ae373c95215e9c7bc785c082745c36a1b499feb71c7d61974d79316a5ec9230b
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\pywintypes38.dllFilesize
112KB
MD5d3dd230bb3ef786c22c8118bbb0df562
SHA18173f6d00059b0623f6e05dd399df549641cc43f
SHA2563d52b3e8c09d8f82438b4997212835b72d81cfafa9e0cb604e4a05801fea53b5
SHA5126ea08bc8f1fcb181857f2633d08d8aca78d9494aac139f5b74396cf7ae601e8cef6fadd167c4c101b3ebd6b7a94175a73a356820045439f5ee4d0d32f081af11
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\select.pydFilesize
23KB
MD539f61824d4e3d4be2d938a827bae18eb
SHA1b7614cfbcdbd55ef1e4e8266722088d51ae102b8
SHA256c86c229e97b11cb74cc87bc595d4d936171c5d334e367f55b2ee3f9bcfbc6c92
SHA5129a5926eafba32a2260521e3d11a4faf8701d3963454cfedf7046765ebbc62baf675944fe3fff3ecb70c80c47ffb1d2c9e2adcd385b8c291908ca3cb4d18a3caa
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\tcl86t.dllFilesize
1.3MB
MD530195aa599dd12ac2567de0815ade5e6
SHA1aa2597d43c64554156ae7cdb362c284ec19668a7
SHA256e79443e9413ba9a4442ca7db8ee91a920e61ac2fb55be10a6ab9a9c81f646dbb
SHA5122373b31d15b39ba950c5dea4505c3eaa2952363d3a9bd7ae84e5ea38245320be8f862dba9e9ad32f6b5a1436b353b3fb07e684b7695724a01b30f5ac7ba56e99
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\tcl\encoding\cp1252.encFilesize
1KB
MD55900f51fd8b5ff75e65594eb7dd50533
SHA12e21300e0bc8a847d0423671b08d3c65761ee172
SHA25614df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\tk86t.dllFilesize
1.1MB
MD56cadec733f5be72697d7112860a0905b
SHA16a6beeef3b1bb7c85c63f4a3410e673fce73f50d
SHA25619f70dc79994e46d3e1ef6be352f5933866de5736d761faa8839204136916b3f
SHA512e6b3e52968c79d4bd700652c1f2ebd0366b492fcda4e05fc8b198791d1169b20f89b85ec69cefa7e099d06a78bf77ff9c3274905667f0c94071f47bafad46d79
-
C:\Users\Admin\AppData\Local\Temp\_MEI43482\win32api.pydFilesize
101KB
MD5e2bd243023df53c409a804884afc2948
SHA1eadd808af885497f456559161692aa074a314ebd
SHA2568e7e968d9292e726a289105eb1991d6f3664e9702d521b68a23d49b7826bc565
SHA512efffa7778da61991fda3e5ce7682a94faafee44a26d49c86510976b4d3df8e7e4fe66233a48c32fe3b898191e72a2aa3e1e1f987329c242a68c1fec4a82976e7
-
memory/2280-1074-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1073-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1075-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1079-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1082-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1085-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1084-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1083-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1080-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB
-
memory/2280-1081-0x00000205418B0000-0x00000205418B1000-memory.dmpFilesize
4KB