Analysis

  • max time kernel
    3s
  • max time network
    6s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-06-2024 08:44

General

  • Target

    BoostBotSell/main.exe

  • Size

    16.4MB

  • MD5

    fbcbebbbe48bd23f5e033ba269de7775

  • SHA1

    f26677336a5cdf9dd0317e0eac1eb96f910aad01

  • SHA256

    853d2a54bdc7acbd21f2f6b513dc0cd5ccff02b2020546a23ab1b5aaa0e84931

  • SHA512

    7bc3ed7c4a6a537108d06c65a75ab7fafe729ad78bf15d195619708d83be17b0d8a41273938923c795ecce35a5caa494055c2088d610c035a463a84f50c87d76

  • SSDEEP

    393216:OhQ1Qtc7CEDmlh2p+ZkJTNsu0/3t4Ugj1W:O8Qa7CEDUQp+Zkk5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 34 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe
    "C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe
      "C:\Users\Admin\AppData\Local\Temp\BoostBotSell\main.exe"
      2⤵
      • Loads dropped DLL
      PID:4304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\MSVCP140.dll

    Filesize

    558KB

    MD5

    bf78c15068d6671693dfcdfa5770d705

    SHA1

    4418c03c3161706a4349dfe3f97278e7a5d8962a

    SHA256

    a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

    SHA512

    5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\VCRUNTIME140.dll

    Filesize

    93KB

    MD5

    4a365ffdbde27954e768358f4a4ce82e

    SHA1

    a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

    SHA256

    6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

    SHA512

    54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\VCRUNTIME140_1.dll

    Filesize

    35KB

    MD5

    9cff894542dc399e0a46dee017331edf

    SHA1

    d1e889d22a5311bd518517537ca98b3520fc99ff

    SHA256

    b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

    SHA512

    ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_asyncio.pyd

    Filesize

    63KB

    MD5

    86c1fa7f84e05043885f0e510508d409

    SHA1

    397806fdb6dbf7c513c18b0e56032e0eddf4a250

    SHA256

    69a7e18b4284aee2d796320cb81079ed4419d643dc58f342e2bee83eef1f215b

    SHA512

    9be67af77324add7641d1d8717a8037abc7d71573310b2df593b6d502193ce07f7a17496ed6b01546d3b9428eac1d043f8decf25be663f14d20c1402b162c76a

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_brotli.cp39-win_amd64.pyd

    Filesize

    861KB

    MD5

    2c7528407abfd7c6ef08f7bcf2e88e21

    SHA1

    ee855c0cde407f9a26a9720419bf91d7f1f283a7

    SHA256

    093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

    SHA512

    93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_bz2.pyd

    Filesize

    84KB

    MD5

    e91b4f8e1592da26bacaceb542a220a8

    SHA1

    5459d4c2147fa6db75211c3ec6166b869738bd38

    SHA256

    20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

    SHA512

    cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_ctypes.pyd

    Filesize

    124KB

    MD5

    6fe3827e6704443e588c2701568b5f89

    SHA1

    ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

    SHA256

    73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

    SHA512

    be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_hashlib.pyd

    Filesize

    64KB

    MD5

    7c69cb3cb3182a97e3e9a30d2241ebed

    SHA1

    1b8754ff57a14c32bcadc330d4880382c7fffc93

    SHA256

    12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

    SHA512

    96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_lzma.pyd

    Filesize

    159KB

    MD5

    493c33ddf375b394b648c4283b326481

    SHA1

    59c87ee582ba550f064429cb26ad79622c594f08

    SHA256

    6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16

    SHA512

    a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_overlapped.pyd

    Filesize

    45KB

    MD5

    0d41b13272bdf3655470f280009a67e5

    SHA1

    47285ca0a012fa747ec0f441266c88792847842b

    SHA256

    8cd7e2c9892146816357c3e045ab7571959f6355f17a2cc6d8e72c184d67be2d

    SHA512

    2db7d0f2210798bba2fd416876ee2f212c1d153d839f38660e7d0c6e2b5e51d96c7d400b3a477da02aa5027a3701da4341bf96a393997851c79a2ae9fb686945

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_socket.pyd

    Filesize

    78KB

    MD5

    fd1cfe0f0023c5780247f11d8d2802c9

    SHA1

    5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

    SHA256

    258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

    SHA512

    b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_ssl.pyd

    Filesize

    151KB

    MD5

    34b1d4db44fc3b29e8a85dd01432535f

    SHA1

    3189c207370622c97c7c049c97262d59c6487983

    SHA256

    e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6

    SHA512

    f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\_uuid.pyd

    Filesize

    22KB

    MD5

    71ab50ef5e336b855e6289b0ac3e712d

    SHA1

    e06c3b0d482623393d2e2179de0ff56eb99c4240

    SHA256

    6f1cc2d6a770f1b441dc6371decae414ea1bd509b0e37b423faa33fc98a28b7e

    SHA512

    345b4d664f3bc29cfb743a95f78898651f8d3d1ac1365b89690068888202ee58f59f341466f26bb94bd568b67f2d3fcf2e5f022c9c25f2ca25d5baf0aa514682

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\aiohttp\_frozenlist.cp39-win_amd64.pyd

    Filesize

    63KB

    MD5

    f2454e08f168a9af3b6aabf41c5488e3

    SHA1

    3ba72153103db0292c555eba4f43f37bddd43a51

    SHA256

    6a563a4ddc233ed5f01f8635d590366b5a078ac73a28a82d837f24bec23dd14f

    SHA512

    3b2008e5ff3009664d7eeafffc3c8bfe420e337177a3f6926314773d65b6622a09b192e893ec50f0b366f356c9b4768358e352cba96127f85f529ce255eb8c93

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\aiohttp\_helpers.cp39-win_amd64.pyd

    Filesize

    47KB

    MD5

    6815a1c38a30d6ae70027184c09adccf

    SHA1

    ce5afe856c4445d173c0d524f139d1aed3cc4e65

    SHA256

    399dfeee9a2f8c6a132c2d4d28931f4c6c0f1d1394de54b182a6457d9143a418

    SHA512

    efd4fa17a9611ca4337cc667b164e83745bbc4043c226e684957146c9bc2ba37c892940845ec2ff0142d3fe604654a12bf05022782d0c0c3194e4d109b5ebf4f

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\aiohttp\_http_parser.cp39-win_amd64.pyd

    Filesize

    230KB

    MD5

    67946fe0102b3555988a8edd321946c0

    SHA1

    a93b16df8e9ccbfe2892e4676f58a695cde9604a

    SHA256

    636a925eb31c3a7de39cb9495613b13570606a0672d3e699cb6983287e0c01e3

    SHA512

    786a4e6c49f77bf6cffce5c98cbc66d518075309dacc4c3df286d3c3bc21f7c0cf7986bf85e374827ec7951c13acdd031e76c336bd1fb4fd265aa03a8a28dfd1

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\aiohttp\_http_writer.cp39-win_amd64.pyd

    Filesize

    41KB

    MD5

    1a518361de37d98224ff98bf47618ecf

    SHA1

    f81def8f71d203aaf68774f6e1158ccceb5806bc

    SHA256

    84e8b37d6fd0162610deb3c1d4887f70e6447850321eea846f860efc2862704b

    SHA512

    7ffef935ba56e2bbad0c569e63f5d33d83dfc72e10252ee259c6fff9859c4e302405a8c017012a9efa6da40ecc1de1ad3248a89404d8532b78b177a6d2ce305f

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\aiohttp\_websocket.cp39-win_amd64.pyd

    Filesize

    27KB

    MD5

    5fdb53cff23dc82384c70db00ada94c0

    SHA1

    c52391eadeafe9933682c7dbee182200b0640688

    SHA256

    d1c463b5c7a878ef5358a63bb0ea9e87311fe1f416f762bd18b4888c170c647f

    SHA512

    2d81e2eed6b4f37c4178141a24cf4475d27378a5bad3b6f8af022b185050ee9832de5db31271e5ca6e5e397f2e8a2a36edf9ca7eb6e0a9b918e3e8618c22e60b

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\base_library.zip

    Filesize

    779KB

    MD5

    3ca045cb85fe4437480ecc8f4b745d5d

    SHA1

    f40c00afa5c916d73264c8e63acdd3a809af2556

    SHA256

    bcd1bf27833cec805c27fbb5e259eaea186d34f74e9e8d5394a1c8c01649b2d0

    SHA512

    c0bacbf5a5270fe4c25a7f1d6efdcaf6f4271509908b89d122b17d48384110ac47e6a78951c46571dee6cc07afd7f13cb419a279e35f1ce375dd1e9ac5e61bc0

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\libcrypto-1_1.dll

    Filesize

    3.2MB

    MD5

    89511df61678befa2f62f5025c8c8448

    SHA1

    df3961f833b4964f70fcf1c002d9fd7309f53ef8

    SHA256

    296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

    SHA512

    9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\libffi-7.dll

    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\libssl-1_1.dll

    Filesize

    674KB

    MD5

    50bcfb04328fec1a22c31c0e39286470

    SHA1

    3a1b78faf34125c7b8d684419fa715c367db3daa

    SHA256

    fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

    SHA512

    370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\nacl\_sodium.pyd

    Filesize

    336KB

    MD5

    f2f8c186dbb91b3dddf6aa7b44ee05d4

    SHA1

    95eb61564c5191e59ca5e359646e9564d77a6f97

    SHA256

    ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec

    SHA512

    ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\pyexpat.pyd

    Filesize

    187KB

    MD5

    96d55e550eb6f991783ece2bca53583d

    SHA1

    7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e

    SHA256

    f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e

    SHA512

    254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\python3.dll

    Filesize

    58KB

    MD5

    e438f5470c5c1cb5ddbe02b59e13ad2c

    SHA1

    ec58741bf0be7f97525f4b867869a3b536e68589

    SHA256

    1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

    SHA512

    bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\python39.dll

    Filesize

    4.3MB

    MD5

    5cd203d356a77646856341a0c9135fc6

    SHA1

    a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

    SHA256

    a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

    SHA512

    390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\pythoncom39.dll

    Filesize

    543KB

    MD5

    3d4173aaa79ba343f2aa7c1ef69171cc

    SHA1

    43f410e02c0b5b8f7dc8c2ebf82c7584050f5674

    SHA256

    bceebaba98080a11b7eb83c8d43357a8b3387eeb03f40acccd834cf8f47316a1

    SHA512

    76322c3646050559695355a931d310283e9672cf95742de676884e9810a5440f2b13d84f007bae8d996d67ab20d546cd616eeeb7a47f0cfe63424c901c9dddf0

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\pywintypes39.dll

    Filesize

    139KB

    MD5

    977f7ef232671b94251d8eaddd15390d

    SHA1

    97d9035a5f21df0267f4ae8cd203a92917aab970

    SHA256

    4ece6771f1206b99dba4e5cf988051472f530bf90bb3114d3fd7377b3f34dfa6

    SHA512

    1f556c661d3dd963cd563230a1ac1707905ffbfb3d76081f3dd316b40ce55ce1bfcc431f744de98ab3249760d4386cccd54a483b01f98017ff75c6603d316988

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\select.pyd

    Filesize

    28KB

    MD5

    0e3cf5d792a3f543be8bbc186b97a27a

    SHA1

    50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

    SHA256

    c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

    SHA512

    224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\unicodedata.pyd

    Filesize

    1.1MB

    MD5

    7af51031368619638cca688a7275db14

    SHA1

    64e2cc5ac5afe8a65af690047dc03858157e964c

    SHA256

    7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6

    SHA512

    fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\wheel-0.37.0.dist-info\INSTALLER

    Filesize

    4B

    MD5

    365c9bfeb7d89244f2ce01c1de44cb85

    SHA1

    d7a03141d5d6b1e88b6b59ef08b6681df212c599

    SHA256

    ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

    SHA512

    d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\win32api.pyd

    Filesize

    131KB

    MD5

    0afa0ac73c1659570e529f51f3a0d8c6

    SHA1

    f4f7d659bcac3409395aa92a72ba90d0c7db204f

    SHA256

    b541e3d53be2db7da8e1c16496958fc6c8034ccc8ac763fd00e4a6fbd1162944

    SHA512

    0bb76bd92cbbd8f1f42a309b9f17124136032a41f7e75977fff4e208794218ed01574c7253a75fa7254cfcdb5f7920ebd8847fff9e851c3a6559eb6ed80590fe

  • C:\Users\Admin\AppData\Local\Temp\_MEI41242\yarl\_quoting_c.cp39-win_amd64.pyd

    Filesize

    78KB

    MD5

    584a1c4fdc8ebf52a8d80858ea778136

    SHA1

    cd7b89c764d2f8108b8731f180d4301512ba44a1

    SHA256

    092138b87464109479c49a57ad3d48cdfffac2a05d27e1f79de6327e074d34c2

    SHA512

    7fc6064a6531fafd5446ab106223b6f51fe7150861ebf77a7a61a44fb7d16e51757857884a5a6f7efb2d8535e0a79ca9ea4cf7cac22d2e869e128f90a255ecc9