Analysis

  • max time kernel
    30s
  • max time network
    30s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 07:51

General

  • Target

    NLChecker.exe

  • Size

    6.6MB

  • MD5

    f794d41bd5843006837d87610667110d

  • SHA1

    b9ed0177c1e0a43ae06db39bcfc286e41d4e5668

  • SHA256

    bb0051be3e9db6d8299477ed7ff9d1d178d98513ab6d6d4f06b860bfe8cc229b

  • SHA512

    815a1459a457ec2346ee004c61f54d37c43f1c569d378b0258817d615f3c06aff549267a695958342306b248e655a1d2243280438c0fd3dce761dde84539e540

  • SSDEEP

    98304:Hlr1P9bFLyi1e+MsSQbbIRnRMoaUMnGt0QkTt2eaaqsszacnZrmtgtXRJK:HlRP3yi1nTcReoaU89vRlsDZrmtoRk

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NLChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\NLChecker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Users\Admin\AppData\Local\Temp\NLChecker.exe
      "C:\Users\Admin\AppData\Local\Temp\NLChecker.exe"
      2⤵
      • Loads dropped DLL
      PID:3652
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1748,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:8
    1⤵
      PID:1992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_cbc.pyd

      Filesize

      7KB

      MD5

      0b880f6e0d8461cb80d1b4146237ee82

      SHA1

      157347e0b5f13bb8131b2335d078ad1d86917ab1

      SHA256

      093eaa37165b0f8dbf50b2acba7f998a8d535409ea0ed13fff3e645f865718a0

      SHA512

      339638856dd48fa3be696c9af22121c3d2d7ed9aaf3d96c339291ba6eb076980364df30160e42ea2ab3ce37d991d7d5fcc08fcc3b590ea41d295e457657b561e

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_cfb.pyd

      Filesize

      7KB

      MD5

      037c3157ce1f4e858e6efc44bc346e7a

      SHA1

      52fe78365725a24f6f892e44c8120ad11f5a9187

      SHA256

      a583c84197ef1dc5964194418d003eacf7c8d38eb039764e1da511d31a109a1a

      SHA512

      e280da2e37ca841d8e53a77861b3880f5db8f5366e27040017e2621832c0712b7e732ff28cbe48b93c067dfe9f283da71e0dc7834c91e42766678ebb7b05b9c8

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_ocb.pyd

      Filesize

      8KB

      MD5

      d6074b3341f2998e5781db601a2386ed

      SHA1

      d513e9134cb919776d5286067487695d61b81458

      SHA256

      697e1d66c4444b601ad75a887d53db420bcbdcc521066174ee595fc4762363cb

      SHA512

      18aac19e29c9f15bce6795cdaf1bcf19472c86786f6589cf6d5b516f92690b8b0ff2ccd440664f62f26f23d05311296389a3ae1f3a8c8eabe563031f04d8a5b9

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_MD5.pyd

      Filesize

      9KB

      MD5

      f691f657d9f34de60611e633304cd76b

      SHA1

      afeaf5693f43d26011ca123b1ed51be4ebc4120c

      SHA256

      ef3802a73785be16f243515490beb4aa120f403ddd1b831998cd44559bc1c90c

      SHA512

      50730499346952abd875f9f810a809d937d8c066d6330e902032ac6307033b8c3c891dca52187599ac45f8624d38096ad4ba55eff24cc143181e466a257ac4bc

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_SHA1.pyd

      Filesize

      10KB

      MD5

      f9734d4549191c6b4048f65ff7c5cd56

      SHA1

      0a55e87a7dea6f19e6126f0baddf96f92a7ac16d

      SHA256

      cc834acfd5ef9fde7bda34d250fd456a1f2b102289e62198bf41f96205151a80

      SHA512

      014e300f7a157abacad58b9acf1e2d483b8687628179c3d93fbe3691751243fdf6503f84864c0309cce56e7bfab22c3d558137a3a9e3c2aa56958fc63d8aa004

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\NLChecker.exe.manifest

      Filesize

      1017B

      MD5

      6e405b4261e0578fbdfaf93615ecf43e

      SHA1

      f3d5993b5599fc85fc83dd1def58ac2d83672d4f

      SHA256

      2ae660d4e253e36fe08e9efb3b723558413be17700d9df80c59192a49d6976b4

      SHA512

      4a6c37c1f307c8dca40512e6a4e40ddb59dc6ca6b581ca4a2da5cbf9abcc17cd9467d5eb25a050025a5f3d0b367782cbceac69e09fb6c3825730cca54d223abe

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\bz2.pyd

      Filesize

      40KB

      MD5

      39a1f78896f228b494a9157991b8ce4b

      SHA1

      bb1da3b695206e82a019fc6d0e9d3e899b194b1d

      SHA256

      d9ac819de2aa2be5d575f57325a0d3ba6f6ba0516a04face096c3f693ea1eeaa

      SHA512

      43fc4ae3d7c7e5d2ff346311bfe4407e1b41d7410101d2acfbf2d2fde0448e87a359ce23c0dc74b30a8a673c148ba332132306684e4ac327d2dfd5be79d95751

    • C:\Users\Admin\AppData\Local\Temp\_MEI39162\python27.dll

      Filesize

      1.0MB

      MD5

      d2b1ae6331f7b5573892f8458ef903ba

      SHA1

      e9f55a79e7fe086e93937302801e676e3ea3869a

      SHA256

      f9f9643cfcd248836e071d2ab5fc626211eab58a648d290cdf3711b9ecfde5e2

      SHA512

      dc7af4eab50dafbe83c48e312d386ccfafedf51a58231228b5dd21221912f7028fea930eb826bf2174ccb2d26ea483e65780b4a480797cd4d7bada6becf2b242

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Cipher\_Salsa20.pyd

      Filesize

      8KB

      MD5

      ef5dbc1a371e487adaff7cb7f5ed9446

      SHA1

      75dfc9c414f6288c57307fedbb8b5b4a7a2efcbc

      SHA256

      15be6f4ffbc7f6db0247dc4a1a3194fed4f38c93c1fc71c01515ad3a59de75d1

      SHA512

      c74e28a2990b44555bc4b5af2cf171ee5cf08dfdb46e149d66dfad81e6639fc249044230a031ba14b9b24cbfec082a2c575b5def1b9ec408bf4e2d06015ce42f

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Cipher\_raw_ctr.pyd

      Filesize

      8KB

      MD5

      e99802c2b523c4c2c8fc1d89ee6db877

      SHA1

      af68ee2ab9c5fe477f61a1be49ce84fa1e7c6a63

      SHA256

      6283c8117727cc18568cf268da11f998c57bb2df9966c31809514e82c8581cbf

      SHA512

      2c4187e4294765016e2264d92a1a34785f9ff2a69084fda39cfd187116b8efc189505b2d8e878f4f652ccbc3889a42e9c36cd0f3789bb3e7e41197cbca9b6f2f

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Cipher\_raw_ecb.pyd

      Filesize

      6KB

      MD5

      2e6ab434cee9840a4fde4d45c57b1c5e

      SHA1

      32c7859abde475c1dc7a882eb8b0cf2b8285fb5e

      SHA256

      bd7046fcf346f1a051060f58c29787dd01fa0614c36bff02f539104c83ace274

      SHA512

      0106881287a188e51bfd6a84f24ce36e0059cc067b83849d4ae956ade3d1d02b8443d423f01bf85d668126e19f493dfc11bfe4d3bf4b8f894945a39871c0b4e6

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Cipher\_raw_ofb.pyd

      Filesize

      7KB

      MD5

      bd64a9dd340d9f32deaf7f545d5256c0

      SHA1

      6e43ed4524ef0e6e77b233b85adac0220eb3203d

      SHA256

      379678ab8a52983ade8148e321f3fc28b05449312faec7d0f29d38813f47d09e

      SHA512

      568411b9a709077ccddb7f4cdd4aa9034e67a09f4e85e317800cde084c3526ab37e8344c14ba6b306ce812823981db658b9d00ee3645fde235e1e56996836502

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Hash\_BLAKE2s.pyd

      Filesize

      8KB

      MD5

      36f7426b735e4b0de5a32a7a829da7e3

      SHA1

      966138f6ca8ad626fa698da974ce8e9eb2fcd675

      SHA256

      142b0e8a71a71dc59b6ba533ee865c3d174436bd9785c8910e742ca12c736dc7

      SHA512

      8ee6a8059bf9032c412be55f1e6d5c2cf219463e4384f2b10749616a8f0055a1eed5c1dcbcd5cc94539caafb4a18921195bc6538bb9fe01be5c76cfd28682ccd

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Hash\_SHA256.pyd

      Filesize

      10KB

      MD5

      de77ed5a1f2a9f6ecbb75cdfb9fa1a23

      SHA1

      6c75eca2050627fc3676ddbbdd8c4dbba10ee6cd

      SHA256

      4087f562aa6d5716acf5d29195a23c9a69bb9449be7493dc185e10e367702de0

      SHA512

      dec8ebe6dcec4c28fe70191731c015933320cc2431c31172a4ad5eb0d11d20b981d39b216e05ed06720e070e3343b31b399300760b8f319439e6cf4e9b4d8eee

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Hash\_ghash_clmul.pyd

      Filesize

      8KB

      MD5

      2a173603e4770b75c1d60b3e8248c028

      SHA1

      1b955d2800fbc79b975ced1f90ddcde3e713efa1

      SHA256

      f4ac7cf80d72016fea440320696e46698ae0fee9f7d79713440f26148a856f2f

      SHA512

      1b23a684505c65c778a0fe9005b416a25ac6464f1c4bd37af50fbc6259df579906d557f0cfa62ce6b28b6d8c3bbd5ebb4d229216c5ff0d25359ca99f06302600

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Hash\_ghash_portable.pyd

      Filesize

      7KB

      MD5

      cf6a2d528f6f0c8e3a80094fd6127792

      SHA1

      70b758f75bef965c1514fd6f36021e351cfc76be

      SHA256

      dd1410ac66ebce4cf12a5c73af97c2295d897e3b7820b613b87af78987a81056

      SHA512

      d64a1c6fa77c5c7583783f2c6858ac306bdd86b1f57a0861e447cfe4805b6a5120f68ac5d65e6fdedc82bfa69462f6e0c61d67e57816d830a4d60c3e9d68990e

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Protocol\_scrypt.pyd

      Filesize

      7KB

      MD5

      7d5d2e773317ba63b5166c88318790a9

      SHA1

      d65b858ea27b58b6d396ea909082927740664ea1

      SHA256

      410646ad327b1096b9be25be92b8b0c35eb0c384741bdae8e340c77351509d2e

      SHA512

      a7f6ad24ad9b18a934e018290e26fb25c4dc87097c789885d06b9d9e074dc6b47441ae3da19f1ab92ded4a1bd2659f843d942361d846eab770f83d3873b2a68f

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Util\_cpuid_c.pyd

      Filesize

      6KB

      MD5

      11645c64306545732e48609025cb15af

      SHA1

      688a8e71789b9419eb672bed62944391ac7c9cad

      SHA256

      aaf9dbc38c6490964531223105bc6a6b26da55543e353165e0c748ed20a839a6

      SHA512

      7634747f1c47079eb8a3213adc294267dce69add539f0bfc1fd2bea0ff9787eb0f54f46ec3b726bf9e40a6f07f49e4227beb2dee9fdf34bcb6728c6b1cde23a3

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\Crypto\Util\_strxor.pyd

      Filesize

      6KB

      MD5

      239a69fa1fc7297debeeaa42449a055f

      SHA1

      9407b4ddd4ae2da49198d0b083f113fa2eceb44f

      SHA256

      98c6a29470cd2a20e2dd2a09b0eb6156c29d1e900283eb844c993974d76208c3

      SHA512

      176b62b3b402b4c24541d39016e5d65bd9f043a5222b468fa685bcf60d47595ce955f230c242613861aeb11e8a112d5f39dd9298041efb050d0d5f9b0032febb

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_cffi_backend.pyd

      Filesize

      65KB

      MD5

      b886ce72a56d6a45c876266d3aad9a0c

      SHA1

      e3fba46feefedbd7f38c163ca867d0c5f83fa557

      SHA256

      ed085929fc8e6edcf9f359d4382815a434a0dc6b550902533706c5af8e4477f3

      SHA512

      07ec4f329acc0e70818d179f39bfe67f4fdc2b5b3c8dfe6dd59a11480cc42d491135a67c1bb3090329db1652e170e99401b26dd2a8fabda3b89c347a471480e4

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_ctypes.pyd

      Filesize

      45KB

      MD5

      47a51db6fd9a671761cd5e0b6e0b83d7

      SHA1

      fef0c42609aaf8043ed1a1742512f7732d3a22b3

      SHA256

      6d0c1677f6ccbe91c16032aac3a99ae09c684729bc0c153f1c0157ea2e560ecc

      SHA512

      e6ae1d9b4f07574da8ff427d514b01964f4431bea021b31cbd94151346ac918e64ab694370eaf16e977b5289052d1a76440dc848e42b26e213d19a0f7f0490e2

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_hashlib.pyd

      Filesize

      503KB

      MD5

      b9bec1122b0d52d2737f8fde24678b37

      SHA1

      787a8eb4bb45f3019bc5890e3e92a37b7faee4a0

      SHA256

      0dfd1ee1f50986efd0f967f0e4665216ef5301bdecbefb6b183bb70303e7709f

      SHA512

      2b341fb67370e9e590bd242899bfe1735def66eb166cb4d0898fd7aab671a1a6a6eb18b155bd223a55d469875350f74b7ff94fcc35990639994c467e88313037

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_multiprocessing.pyd

      Filesize

      16KB

      MD5

      4fcc93a09d15c138b21c436434189d82

      SHA1

      9a94f9f7f9f00f100cfec8b4af46f0d335e85ecd

      SHA256

      ee66b937adf6adcf2efe3777018c09a3677251393777234c7853b8708fc2c539

      SHA512

      00f984ab9a9f6842ec036d48d51fd3572870c9a1d23487af2f40130b0077e887fa51b1657ab7f8420d0bfb54eb204a1594799baeaa0075f6aec51f52c4ae3b9e

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_socket.pyd

      Filesize

      22KB

      MD5

      efaaa811eb02d947aad2fd020a7ca585

      SHA1

      35d122e58a453d3c4a5fa81031fb9dfa6aec6f27

      SHA256

      ae6436d7ae7366cd0ec6ae065a851028fdc5a14094d4e928a9ad8752f2b1a9af

      SHA512

      319cd32759b8e5cb0086107ec6a3f35c60b2449a9db5e35b21f16e21271adcbdb6501cec2a566191fc9e63a48edca32fbef235931ee6210597b4eb83fa49844a

    • C:\Users\Admin\AppData\Local\Temp\_MEI39~1\_ssl.pyd

      Filesize

      652KB

      MD5

      0f38005ba0792ceeb3f800b5a50b86d3

      SHA1

      ee4c4174e2c98ef63f2e1051c83eb39e7280a627

      SHA256

      a2e0b349bb1bfd39094c59e7b096bbf0953b74f58e8efa4d675604f33eccbc61

      SHA512

      212d1be7bc797f511e9949a5a76b6d07009d40bc4e0c6b6f114c72cae193dc22d2c2662d234ac163d6b4bd341383dc2cd199895ca09bde08dfa2f7b8d997de24

    • memory/3652-166-0x000000006DF40000-0x000000006E2B8000-memory.dmp

      Filesize

      3.5MB

    • memory/3652-174-0x0000021FA1FA0000-0x0000021FA1FAA000-memory.dmp

      Filesize

      40KB

    • memory/3652-106-0x00007FFFE54C0000-0x00007FFFE56D1000-memory.dmp

      Filesize

      2.1MB

    • memory/3652-139-0x0000021F9E320000-0x0000021F9E32C000-memory.dmp

      Filesize

      48KB

    • memory/3652-137-0x0000021F9E310000-0x0000021F9E31B000-memory.dmp

      Filesize

      44KB

    • memory/3652-110-0x000000006DE00000-0x000000006DE11000-memory.dmp

      Filesize

      68KB

    • memory/3652-99-0x000000006DE40000-0x000000006DE5E000-memory.dmp

      Filesize

      120KB

    • memory/3652-156-0x0000021F9E350000-0x0000021F9E35A000-memory.dmp

      Filesize

      40KB

    • memory/3652-155-0x0000021F9E330000-0x0000021F9E33C000-memory.dmp

      Filesize

      48KB

    • memory/3652-100-0x00007FFFE5930000-0x00007FFFE5ACF000-memory.dmp

      Filesize

      1.6MB

    • memory/3652-95-0x000000006DE60000-0x000000006DE85000-memory.dmp

      Filesize

      148KB

    • memory/3652-165-0x0000021FA1EB0000-0x0000021FA1EBB000-memory.dmp

      Filesize

      44KB

    • memory/3652-179-0x000000006DF40000-0x000000006E2B8000-memory.dmp

      Filesize

      3.5MB

    • memory/3652-105-0x000000006DE20000-0x000000006DE34000-memory.dmp

      Filesize

      80KB

    • memory/3652-171-0x0000021FA1F50000-0x0000021FA1F5C000-memory.dmp

      Filesize

      48KB

    • memory/3652-167-0x0000021FA1F30000-0x0000021FA1F3B000-memory.dmp

      Filesize

      44KB

    • memory/3652-173-0x000000006DE20000-0x000000006DE34000-memory.dmp

      Filesize

      80KB

    • memory/3652-172-0x0000021FA1F60000-0x0000021FA1F6A000-memory.dmp

      Filesize

      40KB

    • memory/3652-91-0x000000006DF40000-0x000000006E2B8000-memory.dmp

      Filesize

      3.5MB

    • memory/3652-170-0x0000021FA1F40000-0x0000021FA1F4C000-memory.dmp

      Filesize

      48KB

    • memory/3652-169-0x00007FFFE54C0000-0x00007FFFE56D1000-memory.dmp

      Filesize

      2.1MB

    • memory/3652-168-0x00007FFFE5930000-0x00007FFFE5ACF000-memory.dmp

      Filesize

      1.6MB

    • memory/3652-175-0x0000021FA1FC0000-0x0000021FA1FCB000-memory.dmp

      Filesize

      44KB

    • memory/3652-177-0x0000021FA1FE0000-0x0000021FA1FF4000-memory.dmp

      Filesize

      80KB

    • memory/3652-176-0x0000000180000000-0x0000000180033000-memory.dmp

      Filesize

      204KB

    • memory/3652-164-0x0000021F9E390000-0x0000021F9E39A000-memory.dmp

      Filesize

      40KB

    • memory/3652-178-0x0000021FA2000000-0x0000021FA200B000-memory.dmp

      Filesize

      44KB

    • memory/3652-113-0x0000000180000000-0x0000000180033000-memory.dmp

      Filesize

      204KB