047d02322bd9b1c1f04605d9eefbca5cb38dc7ba2057a67eed0185da8ed8402e

Analysis

max time kernel
92s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bginfo.exe
Size

11.0MB
MD5

c5a99c9967244aa864cbe90a5949f222
SHA1

42f9b47de32da3a7f76433b3303e274b12420169
SHA256

f97b02ccf224c92c9b1ee339376178ad90392ec3ffa0bb21e25881d337496de7
SHA512

22c15a9d8f923107d3a47408954c5898d6a9fb94161ad433e632ac5df53ccc59363ab7b78dfccc2242d28b866e3e8c3a1f5bf57f135b7e8ea12c59852d3b54c4
SSDEEP

196608:9HiODQghaZyf+G0sKYu/PaQQ4muWJysVYvsOvECRl2Ewf8jGC7gcA8Kx0N:cODiyf1QQGWJQHykqmKiN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe
1532	bginfo.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	1532	bginfo.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1532	1492	bginfo.exe	83
PID 1492 wrote to memory of 1532	1492	bginfo.exe	83

C:\Users\Admin\AppData\Local\Temp\bginfo.exe
"C:\Users\Admin\AppData\Local\Temp\bginfo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\bginfo.exe
  "C:\Users\Admin\AppData\Local\Temp\bginfo.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14922\PIL\_imaging.cp37-win_amd64.pyd

Filesize
2.3MB

MD5
ad6fff0a653236fe65fb5cf5d88bf91b

SHA1
4845a875fcaa8f5d8f75d7a35b59a1a491f6d29f

SHA256
356142a3639d2b1dc7b71a794ef3c6085a8121eb721f4061a25a82235326ec45

SHA512
6706bc931c5d461b0a2272d206f4dff69440c40a0b68e8c8202928e8d1b9cf7fbc1aba6907b894438f3c31c8f68ed14c9553e9998ef64e0ccd2ee47673b359a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\PIL\_imaging.cp37-win_amd64.pyd

Filesize
1.6MB

MD5
29ed3a1af036e3267e377f9d0561a870

SHA1
cf5fed2fc93c008377c4ae4a2465550cd1bb7422

SHA256
51142ffa015be338eded368605f560c248e8c54d78ea9ea4b64cdb77a7e6a731

SHA512
2c1ee9265cfd34679c81720bd1d6d11d288a0d59fadb145741d01b9427beebee433442b0600cd921cf789af8560a8286a617c5359613af561ff681dacfb9643a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\PIL\_imagingft.cp37-win_amd64.pyd

Filesize
1.6MB

MD5
1905a9b4657c1205471310a50cc77968

SHA1
aa16da151f2498f5f86c19696a50120223bf2217

SHA256
4724e6ef4720b4b0644d66e8e9717a59233e8d70c3de3b52acf34c8e7284cf29

SHA512
90b88c07f650fe15c076550ee6596d23f3298596f4b32657860e25b4acda13600c45638428c62f12e105b20818a4e5b043f4bb0dd8d0b1fac0a2f3504a9e533e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\VCRUNTIME140_1.dll

Filesize
35KB

MD5
4dc09ca657822c2e8160255f767597df

SHA1
d1a553e6cad4600020113fe2887f5deb0db588c8

SHA256
922124ba0821aa864a0261ed88bd25f8e40f94c24d00d389e23cd9ab2bfc6ba4

SHA512
1504a4c32aefb58b20bfeab4f6e45ddb1b4feb08cfc9b6098b0e0b8d770d2ec5cd53a0506f212a2d4f406a1f6aae5bb03bfe8b87f55a61671e9cbbf684d77e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\_bz2.pyd

Filesize
87KB

MD5
8b40a68ae537c0aab25a8b30b10ab098

SHA1
1c8ac1f7f5c3697c457dd98f05296c2354ff7f55

SHA256
0b86ef4810d53e79f1d934b427fdbacf3792eebb37ed241bc89148238af763fa

SHA512
620ad61ff05c73adee4ac8f4b88a3880c11893eaac77ccca4e88edb29b492366a5bcf813d18628f005730f7e45ce373af9275776ea768b67b8d0e3bc62949229

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\_ctypes.pyd

Filesize
131KB

MD5
9a69561e94859bc3411c6499bc46c4bd

SHA1
3fa5bc2d4ffc23c4c383252c51098d6211949b99

SHA256
6bbde732c5bcb89455f43f370a444bb6bca321825de56f9a1f2e947b0a006f1c

SHA512
31d9e3844f1b8e72ec80acd1e224a94d11039c130e69c498a668e07e0d8bba8d1ed1ebe0b7a16376ca597d0e2b74a0d5e3bf53d1cbadf5bf099d3bf78db659a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\_hashlib.pyd

Filesize
38KB

MD5
1f77f7a5f36c48e7c596e7031c80e4ff

SHA1
79f86e31203b60b3388047e39a2a26275da411f5

SHA256
30dfbd97883b1545513ca5bb857a9aad6e9bf4b8b4272569818346eaf25033f7

SHA512
b647e820ae4854921839a6cc92610fd63ef79623d442fd17503a39ca145dfd6cde3719c50473c0c74fe487f980b12e90bd3d3beb5729fa5498a357d44f81809c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\_lzma.pyd

Filesize
251KB

MD5
16fb5a2363ce8dd12a65a9823a517b59

SHA1
59979d9195259f48c678cdaa36b5efee13472ff5

SHA256
bb78ca0dd1478027e2e9f06f56fc7c3cc6f157b4151562d58a7f6646e463fcc2

SHA512
d9801cdd8cc9809781b79882a226ee7a56d93eac0181295c80cb1f088f0fbf46e3eb35c7d8ff208dbd5a3e93a190a04c48fd254c9971a3740b020547973683e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\_socket.pyd

Filesize
74KB

MD5
0ea1df6137ee3369546a806a175aecf4

SHA1
95fd1ad45892cb9e655bfa62ca1be80a0b9b2d43

SHA256
6fcc31573ae6b380db1d4e23731755465fd2cee0856e7a6c0e396759bcbf73b5

SHA512
6497fdb86ac69f6551a7794c090ca695bf22eb647b7a503fa23d7944ad375f061429f17e2ea043c809460e7cb9fc3df77c7bfe0b64f00ddd65de1aa744d3adcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\base_library.zip

Filesize
999KB

MD5
0fa25c5ceb3e00ac8288e071216e5a1a

SHA1
bc47d89306a3569925d8e93078924f1840220654

SHA256
f8eef43b339f8a3aeeb57bf48036e26eccda7c487bb71f94cc5f76517f561531

SHA512
e8d19dd71bdd3a77ae567b55d73d4a8b34d8bdb5984d5cf40b86232bc01d40af7afc3f794b618c56bd91bc8b9592dbe774c08f82d6f8f9e83d73e1627ee9998f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\python37.dll

Filesize
3.6MB

MD5
86af9b888a72bdceb8fd8ed54975edd5

SHA1
c9d67c9243f818c0a8cc279267cca44d9995f0cf

SHA256
e11aa3893597d7c408349ebb11f47a24e388fd702c4d38b5d6f363f7ad6e8e5f

SHA512
5d8fd9040f466e23af7f17772e3769ad83c5f55f8c70dcc3cfb1f827e105f0f4e6133f0e183fabc67dd44799495c47f931bf92546342b30b9c4a5c2b4aeee7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\pywin32_system32\pythoncom37.dll

Filesize
668KB

MD5
6851d6ab455910b66dbeee8f732af23a

SHA1
20ae037bd24a2f27bc60ad6a54011aa55d91ccb6

SHA256
77ba21ba41416502d4a0133f30696892c78bb94ca09dbae193c5363bf76d2278

SHA512
933d8b0e643f1fa9b99865d2036962176ebba703ecbbb321a18f0d2835535b201913af9833476a16326908d3bd322457981a3757b5387284e2e3d1c9d2552a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\pywin32_system32\pywintypes37.dll

Filesize
134KB

MD5
617cda80287b389b638d526a08f408ce

SHA1
0e9525cba0a3e557fafdb2a4ee89be2851c25c5d

SHA256
b79fe3b02df28a6d41cdd3e9f5ee7b635b3693c4c468a621eab0695e312f79e5

SHA512
c4a5579e918dc2f6d2080fdf049e2037c97d61fce116ca2d1b103bb5c518b610a208746f866d97951193bd3bdf0964a0baa799eac123aae063c92efd097f1fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\select.pyd

Filesize
26KB

MD5
e1d0d18a0dd8e82f9b677a86d32e3124

SHA1
96a00541d86d03529b55c1ac5ff1c6cfb5e91d1e

SHA256
4595675949851bd0ff65521e936647fcc5c8d2f32f0ac2641a262fb6323896dd

SHA512
38e3b6b23ebcbdc60eeeed0bf3dddc69004a1ccd4a2486f3a9f8c0d4624b690e2e5704e3fe05bf1bf2c900bf4f5bc9439f45f3c02fd4c67783056b3da15e0f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\unicodedata.pyd

Filesize
1.0MB

MD5
23bba751c8a182262856eeba20db3341

SHA1
0120468629aa035d92ebdf97f9f32a02085fbccf

SHA256
96eafcb208518f6df0674ef6f1a48f4687eb73f785c87b11cb4a52dcf1ce5c66

SHA512
482fdb6f542be27d6bf3b41bc7aa7d7fda3077cd763f32bb25e0c50cf8ae11ebd8173d18cb0a52126b2150fc737109d384971298e8e2cf8a199ad1f1956d9326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14922\win32\win32api.pyd

Filesize
138KB

MD5
e098d26950c93a1dd7a258b56fe06775

SHA1
f8563a91871c53afd2455ec45702806abac95ee5

SHA256
d2d35c0e07cbb501b0b0c7d07fa082e5e231e8435cf5935d6bd6f8fc17760451

SHA512
d19a4fac328cf0c94ab959baae29c401d117bf41c2393dd7dad963e2846d0673f34eb2ccf97995e6388ba97a68e3d2e94c4d7bb69ff639ae299432da9a7ba07a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads