640f6fa7a32a694b0912bd9042ac043f7e1252cb28db7385a3c2060d327d32b7

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.exe/TrappedV2.exe
Size

7.5MB
MD5

185209c5c3f0e3871931a17b36f1be6b
SHA1

ac9d47c6aaef2fc9d4e4035eb480ae08fa5b7483
SHA256

c77e124816a70e05f72e5c147f503fe40e4629de344bab593039a194766ef79b
SHA512

66650e214dcd1c69115a78adbc72f959eba63022817fac39a7225b3c5d115d85754a6e3fccfc075b65e8665bf0a1c7b8edb5d8f30ab241819cf0dc27cd8e218b
SSDEEP

98304:OQXWQRZdDwG1eFsr7/AgecPlcGxH0Ig17E3AAy5tx54D/SVnovDJTSPkIuQoK:O2/DwGcsAgectcGfcY3gtCcKSPn

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe
1504	TrappedV2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 1504	3308	TrappedV2.exe	85
PID 3308 wrote to memory of 1504	3308	TrappedV2.exe	85
PID 1504 wrote to memory of 1976	1504	TrappedV2.exe	86
PID 1504 wrote to memory of 1976	1504	TrappedV2.exe	86

C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe
"C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe
  "C:\Users\Admin\AppData\Local\Temp\.exe\TrappedV2.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI33082\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\VCRUNTIME140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\base_library.zip

Filesize
1.8MB

MD5
bbbf46529c77f766ef219f4c146e6ef5

SHA1
de07c922c7f4ba08bc1a62cf3fabddecc64f877e

SHA256
734e277712e823fca86ca75bf5d4f85a21893208e683c4ab407be10c3b9052dc

SHA512
3371a3a806dac2cfec59cc42937b348af67e190a8d575efc6a81ec3d8b215f8a0cb94010142f9d02c8881040a2d6b8364d124f85285d9b3b04f36226fb4fae66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33082\win32\win32evtlog.pyd

Filesize
71KB

MD5
f95639980a358b2b157af19d8837b3ab

SHA1
7b6cc1b4916b546d64e9b772f64669ca7ea0c31c

SHA256
9edc507023126fe4bb61e301e06897956ce789fd4d985a42210b9b93d4f966cc

SHA512
97eeb0f7706ecdbc7b351f1d95f29491bb96b1bdba2e24a16d713977f0f3fc538d55469e1873eaf3551b1707d42c3bbabd6b180971f096d6199a505725e59a16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads