e223b788a9c905568bc4cadfadcab714201e08dfe8637f9ada9195b859dd2dd0

Analysis

max time kernel
92s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 15:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Injector.exe
Size

18.9MB
MD5

b33b74a688c4eefcac41843cf154af46
SHA1

41a192b38e01ee860c171dd7b57e78983b2c8a2e
SHA256

e223b788a9c905568bc4cadfadcab714201e08dfe8637f9ada9195b859dd2dd0
SHA512

f5a45367219a1260ee99d37e1ec4abcc939e3bb647a56d14cdb08cb94ba784c81fa6219e226a781b2a1f9b883e1b213024a618f6e02d74bd15a31f8092cd3d8d
SSDEEP

393216:1nrONaYZu+5x30R+Dylj0JwajT0KS/XEFbPqvwxVqYV38QxVzeY8:lYZu+5NOs24ueZS/O+vwxRMQrN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4472	Injector.exe

Loads dropped DLL 10 IoCs

pid	Process
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe
4472	Injector.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 4472	3264	Injector.exe	89
PID 3264 wrote to memory of 4472	3264	Injector.exe	89

C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\Injector.exe
  "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32gui.pyd

Filesize
212KB

MD5
3c81c0ceebb2b5c224a56c024021efad

SHA1
aee4ddcc136856ed2297d7dbdc781a266cf7eab9

SHA256
6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629

SHA512
f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\Injector.exe

Filesize
36.7MB

MD5
c93ee24a8e88fe1d03b6177c40a8fdab

SHA1
9f89681fc809a765c84521ec8a094d5ba6d43c17

SHA256
91a9827254543a2752fe38788f09eb4a5c0b777e70a8c4d39cf20c0712aee3a7

SHA512
62e7a171cf69e213d44d95e112c8c074d43ac61be6f87cc9aa0afa09bef3d6602765d27a441e040e3fe482e6281ed0b824403cdb62c777b1beabc4fce5ea6840

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\vcruntime140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3264_133617280895328487\win32process.pyd

Filesize
52KB

MD5
936b26a67e6c7788c3a5268f478e01b8

SHA1
0ee92f0a97a14fcd45865667ed02b278794b2fdf

SHA256
0459439ef3efa0e0fc2b8ca3f0245826e9bbd7e8f3266276398921a4aa899fbd

SHA512
bfe37390da24cc9422cabbbbbc7733d89f61d73ecc3765fe494b5a7bd044e4ffb629f1bb4a28437fe9ad169ae65f2338c15d689f381f9e745c44f2741388860b

Download Submit