437e0d18e60998bd0236dd5da5637a90ec3b6887f1eb25e6557a2354dc96404b

Analysis

max time kernel
50s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 13:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

svchost.exe
Size

7.8MB
MD5

9b0ba3738c994d5850d97077d578d3bc
SHA1

2c9cea5a8ea57bf7af6f9a2ce7b08f0739406399
SHA256

437e0d18e60998bd0236dd5da5637a90ec3b6887f1eb25e6557a2354dc96404b
SHA512

cf9b79822d94c72dd3474d11fc0ec5be22bcf761a6625d6d67ce1be2a7f042570a89dcaff8820240d3d7acc7fb3e1616efec7ad81b97fca9b3bfc1a15dea6f72
SSDEEP

196608:9yRAV2QsyH3zE39onJ5hrZEOe9tGPqKmTbITf5WqkZVWh:aOnzY9c5hlEcPNm3U53kT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe
2656	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	pastebin.com
3	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2656	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2656	1908	svchost.exe	28
PID 1908 wrote to memory of 2656	1908	svchost.exe	28
PID 1908 wrote to memory of 2656	1908	svchost.exe	28

C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19082\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\certifi\cacert.pem

Filesize
279KB

MD5
7adbcc03e8c4f261c08db67930ec6fdd

SHA1
edc6158964acc5999ed5413575dd9a650a6bcdb2

SHA256
de5f02716b7fa8be36d37d2b1a2783dd22ee7c80855f46d8b4684397f11754f2

SHA512
58299ed51d66a801e2927d13c4304b7020eac80982559c7b898c46909d0bc902eb13fea501bd600c8c19739736289342bae227510c85702b7f04bd80d5a9c723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\cryptography\hazmat\bindings\_openssl.pyd

Filesize
3.8MB

MD5
772cace2ab493c306930c01050a5b667

SHA1
5130913527cb73ca1358875f63464907088f0a5b

SHA256
da0dea85eb34de0e50ab1d343d33ed0a99b3af5e2f479d306fce5c0ed604b1d8

SHA512
b0019a4ff07a5d76e1c01dd7079ea9eae5bd1cede64af917ba94206ad434acf946efad90ebfd240cfefcdb22c8ca732af659e4408105a9ff130545950ed1bd2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\cryptography\hazmat\bindings\_rust.pyd

Filesize
1.6MB

MD5
7d6f3ad57f25c087286a55fe1ecd55db

SHA1
df87721286061ef3e5687fd29924c025d230c9e9

SHA256
bca2dd906302a6a84e9aa5f41b06c4deef4fee139e861d5c538ba30bd4c40574

SHA512
8a042d70956c6d8d617b9fb73f942209c4396cee11a8ef64b8cce77f5989ac5fc728f04353b342beb1823953c6e73fdc50ccdc0d72721b81f515581ca5c32f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\unicodedata.pyd

Filesize
1.0MB

MD5
4d3d8e16e98558ff9dac8fc7061e2759

SHA1
c918ab67b580f955b6361f9900930da38cec7c91

SHA256
016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095

SHA512
0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_cffi_backend.cp37-win_amd64.pyd

Filesize
177KB

MD5
daccb97b9214bb1366ed40ad583679a2

SHA1
89554e638b62be5f388c9bdd35d9daf53a240e0c

SHA256
b714423d9cad42e67937531f2634001a870f8be2bf413eacfc9f73ef391a7915

SHA512
99fd5c80372d878f722e4bcb1b8c8c737600961d3a9dffc3e8277e024aaac8648c64825820e20da1ab9ad9180501218c6d796af1905d8845d41c6dbb4c6ebab0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_queue.pyd

Filesize
27KB

MD5
c0a70188685e44e73576e3cd63fc1f68

SHA1
36f88ca5c1dda929b932d656368515e851aeb175

SHA256
e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a

SHA512
b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\_ssl.pyd

Filesize
118KB

MD5
5a393bb4f3ae499541356e57a766eb6a

SHA1
908f68f4ea1a754fd31edb662332cf0df238cf9a

SHA256
b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047

SHA512
958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\libssl-1_1.dll

Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\python3.dll

Filesize
57KB

MD5
274853e19235d411a751a750c54b9893

SHA1
97bd15688b549cd5dbf49597af508c72679385af

SHA256
d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

SHA512
580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19082\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit