Analysis
-
max time kernel
196s -
max time network
202s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-06-2024 09:27
Behavioral task
behavioral1
Sample
mcedit2-win64-2.0.0-beta14(1).exe
Resource
win11-20240611-en
General
-
Target
mcedit2-win64-2.0.0-beta14(1).exe
-
Size
43.3MB
-
MD5
f135e2b7393c903acaa574b687b8883a
-
SHA1
af02358a2f488c9e09df69722abd9afa1ac87c5a
-
SHA256
7b481550cb6ceae28deacb4072eafb5201bb111c65a7389c4aa66495fa670b55
-
SHA512
1fae0ba03dffd66b23a041863cf09a43828a4c690e6f4a14472d6c31a70b737e96658b6f45709711f2aafbc893ac0b21e038739ea969bbc87faed884d3d46476
-
SSDEEP
786432:jMWoIoRBC9R0e5fvHF9TqirinntYgu/+FV1slGXwk44KAL0UEe3imc5wpGLVykBA:jxoICM0MffLTqHtfumV1slv4KU0OOOki
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
mcedit2.exemcedit2.exepid process 416 mcedit2.exe 4588 mcedit2.exe -
Loads dropped DLL 64 IoCs
Processes:
mcedit2.exepid process 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe -
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 4852 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4852 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
mcedit2-win64-2.0.0-beta14(1).exepid process 3620 mcedit2-win64-2.0.0-beta14(1).exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
mcedit2.exepid process 4588 mcedit2.exe 4588 mcedit2.exe 4588 mcedit2.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
mcedit2.exedescription pid process target process PID 416 wrote to memory of 4588 416 mcedit2.exe mcedit2.exe PID 416 wrote to memory of 4588 416 mcedit2.exe mcedit2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14(1).exe"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14(1).exe"1⤵
- Suspicious use of FindShellTrayWindow
PID:3620
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4492
-
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:416 -
C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"C:\Users\Admin\AppData\Local\Temp\mcedit2-win64-2.0.0-beta14\mcedit2.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4588
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004BC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4852
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD52f08ac1fa08d6da312623e73038109f1
SHA11c4b9966630cbc930d16b6cf32ecbe6414482edf
SHA256b9604c9420ea5beec738de7e8530b29d1812bc4797de8fe550a23c3faae60bea
SHA512c5888843b0aa816f7d062005415ea6f661d32876ae315fd6f0f26d6bf5fd5e2388bfd215ce059f621fa5c84cdd6506e1441cfc0d39d2dfbf1a22f13a2f50730b
-
Filesize
8.3MB
MD5fefb9d77bf8b8a7bb5b1ef7110ad5ee2
SHA15b1c4531de46fa7e12f90f5997c9d150c32b6d39
SHA256af3b5186892af4df059748d98c01674b4253a733439b4ff6865cb3d39df4ab93
SHA512968d8373a26ae3f55cefb377eab593f3a0fe4f652c463ef927bfb9e8cc84e194ddeb7d40f3017681863c1aac667f677156692e5dc8c33931e72cbdf53631a254
-
Filesize
3.1MB
MD5b6bfa23296560f3a47734ded06e061f2
SHA121dd7dc422656a0e600cbd164af8b6750d0b5648
SHA2561c2bc1e054c3c519403c053aa7ca30089f4b9417d213ad778ee3f3646d943fdf
SHA51212b08d116bedc720a748fa72f0096990722bd79fa4eb1bdae48b455c23f7c04e0505197288c02e44fce77675df5a543bb61bf2e9a0dfa23b487b1eaa2cb9b6cf
-
Filesize
10.4MB
MD5616a06e8582339e0109e307a9ea058d1
SHA1021ef6977583c23eaa5decdc170865996cf2c1b0
SHA2567b2024c68f86b128a82c1f68a4fda449da6b6f39bb95834f0de8510ee86a5aef
SHA5123fd4fedee4b4b07b46bc212c6117647a3e8e5f4f4b8b60a141de6614f67976c1575ae517e6948b4bab982285bb0fa55672ad334861664cc8a3604c82d8d20b16
-
Filesize
119KB
MD543d728dca22fa15a90426900eb6a11d2
SHA1888bdb94315383cee0727d2cd60f0baa0bb2dd98
SHA256510e917666061200868396f69c26c508fd07c44ee48a94d310c59e69b3804cff
SHA512c54b118d3ff7f7134879a3b542c6587af27282affdffd8189d01428ad1040b3cc03587b170355111eca0cbab100ce0f0eb634ef2e3928fb119007ff14551ae4f
-
Filesize
1.6MB
MD5d256d9116eaede4dbf39a90cc90d594b
SHA19e52edf54d10eb722b3cce72cb1e5fba8468e16c
SHA256456376da077b6abf0a7533607ef31b658d02afff2f7bcc25a3e454966b6ffa51
SHA512d2e501353516409b8ef88b1ae9812c74977a4acf2f739c62c7622c8adc2c48d1672194b3d5891dab902d4133b7b7bd172ceeba5e13fe6abaab9072b512cbbedc
-
Filesize
34KB
MD5d945e0fe5638a5955189ecf8ad156f29
SHA1996f2fac787a8fe6a24a812e724c5badc7d15154
SHA2562ac1673c1d14d02dea009686f93df075c701a14e693af2c7dc9bf69bfb128668
SHA51257dc1f3e51c98a018dfaad227c74b8a3a7c6b2685ac8eb3b1e7fce7c0b57028e710f49f31856859899d408958811ff2be72d37d4f83af60b15991a8749bf654b
-
Filesize
49KB
MD5a4d40e5cd4a75c68d460773fb0625be2
SHA160456c263f350a9b23fd8a54c3ea36595dfec0e1
SHA256898936f85d2dc26575856a3ef8fefc2b30c733e858b6595adf10ef232928e189
SHA512bdc53264a6659e1185a05dc3f94277a4e05288313fa6ade11015a538176782c3f692a57c27d7c4b15c839351bfacd63dd869d1374a010cf1f25877b6c2f2f89d
-
Filesize
2.0MB
MD5b3483d38078d934ec4662ec8c52cf5cf
SHA1e80f8b01eed86882d3ec333c3a6521ae73ec7561
SHA256f013395e9bff0d2bb7a2687c5748184139f77f61de9d285c5e7b267ddef0da7d
SHA5122d8ad8a04f379204adb7d2488f11d3bbf4cdbc5bb85390f00d3b1995213f076194b262c85582d1b73a7deb6cbf36008dbb70097b67ef0144ddd807d8b6087d55
-
Filesize
90KB
MD5e139c613c4aab0de3dfabe287e1dda29
SHA1ae4ecc55bd82d5c9cb54ee1510e5d83d3c0aa2fb
SHA256d09a7a68c62a54548a19582b956b332ea3de431156125eaa8e7476c8ec16c002
SHA51235314235e118e620b335c30165056dd2a0ecbe07f1e37b3215a424d10cfc4dd866976b64bc4d155c18e73eaf9bae10d77c289c5afc08ab2076c9c5afefaedd02
-
C:\Users\Admin\AppData\Local\Temp\_MEI4162\libopenblas.CSRRD7HKRKC3T3YXA7VY7TAZGLSWDKW6.gfortran-win_amd64.dll
Filesize41.2MB
MD5efef1d95ad279d471ee051ce7eb43e80
SHA1f6497d64abde7555905620fe9044cf9dbf84e915
SHA256a51f7a4df02e3a6ca0d0d552def8150da53bc7edd70c53f6702ebb6557c3fc60
SHA51251bf7155c778edda698d0fa7a9f403381db5fe6b2d77cb283fad5ed478985291ad352e2acbd65cb94eaec0136ed03033e50d6b56b3d6e341eeedd3886a9517f4
-
Filesize
1015B
MD505f84418fa1c7ea4e98d3b37addd9f25
SHA1bb70cc427d702a83302befd9d121b8837e271d26
SHA25654e610cea1007ffc9083fee27b042f226e8fb7403a613e07c1661bcaba12415e
SHA5128444e6dbc37eb0a737188a72612342e034ed7ab54b753942a7b665ddf2c069f3c25125eb79557e89e05db3418acfc6fa97a44cb333cf1db00086f2491de3d84e
-
Filesize
1.5MB
MD5697f8d27d757a28d3282ffb46a9b0f5a
SHA1d698f7effc84b42d512a4ec5a5cc49b39d9684b8
SHA256b5bf77984412aa1b9475bbe0f5c02800e27a9320785d303fdd6b49011aa4a4e2
SHA5123f35315584165611bd050c386dec0a5df19d9d873e46be13f730f4dc83ab8f2a2422188a71062435b53797b729f5716aeda80e53ada2d64bf2fa57f6907c8dbb
-
Filesize
101KB
MD57838d885003a07016a8d817b89e5e367
SHA11c17b51a86dc274c4d2473a7dd5695a2196539c9
SHA256dc1294304ef29c86d0400ad5d64fc005eb6c6c97bb9ff18e1d681d3f6207477d
SHA512222a52c8a5fc1b94d6f034464d337a8fd2ca77a68c8cdc5a14e0b880f2088c2f5eafb05e532152f82ce8e803de1fddcc5e4541db71fb1b5c45e1ecc6d77eb159
-
Filesize
118KB
MD576fc713cd91f39e20b17075f974dbe76
SHA180ffbcae02d8ba641a66307a5c1a62e40af50923
SHA256d9014a794b543768de15f90cabd0059f1b2e179f6bc75ec7abb650904c0bf587
SHA512f25639813bd6198195ff19f93fb4fa93e6aa8368a20d9d9bfd69c2e981dfb9edb427aabb8d54f9ce73f57598ebea8bbfb9a452517b6f8cbd2c73d18f0c3ca10e
-
Filesize
1.5MB
MD5742f5be2846aa4155298b9f3928a72e1
SHA1b3a204455aea9436fb316c452f2017465e34b4af
SHA256da27e624710efeaaa4741ccf18241340270b22157b639b20166ee415572e28b1
SHA51267f1b37f4bad7b4328d4183f91b0ac71fec53a89959c0a9d4ed7d7dce1991b65edf2cab0ca4057db5bcd80b9d02a302db11f9479b9d6f6d8637851624b58d4e8
-
Filesize
840KB
MD52f1a24f1c663c35127e7006d694cc4a7
SHA19cfd8f66d923be755510619a42a92df9c6c0cae7
SHA256b0d82c68a339b4c28b5507322bdc69fee5e3bf94003db6b1101a94b7389c2eb0
SHA51223ca55d5c55fa93d309d3b5c83ac011258ab148b3b51c2ddaebf4e68e01c1c0dc775d1893bbe6028c2d5846cb7680e027624271ac879442896e1a8d4b1139242
-
Filesize
66KB
MD567b8f04c21935c9af4bb503f6fa5f10e
SHA112fc4a3897cecb7c033aa8903f782d843c3c909f
SHA25607741bb530232ef8afc4f60c4944f3fc995122c9dafe67f7f1ee7b817adc1526
SHA512cc2bbfd98b379a7c013a8cc150b535817df48ab554f570c88cbc14ec4dc02fa65f5c53ac0d2889e1be80e8f5980c1125a6445876c74458d260a6050b661633eb
-
Filesize
138KB
MD5c31700b10f62ee143ea02e91a65b17d6
SHA106bc54ed8c0a0588cc7a9d65cbe70033c2fc3c5b
SHA25616f428236c85815ff11a4748f5c89aa4652be2fd40e08cff396a7414135098f1
SHA512681c078ae33fbdc16e7a39acd30404b0c29c9a0d829bcf274a8a32f8994a2f8aae3257bc7a94ddbe9c80877d6c6ff26edfc8d2f35f8819ba625df0cdb44b6cac
-
Filesize
23KB
MD50e5e761c10e4b95c1c222c38e174863d
SHA18445b540af9e8177e6146c37c215b0e8c47168d2
SHA2566f677d5c3eaa28b92b5e560ab1dcce1154ed3b89a82474c15967347c997a077d
SHA51206416851d16f8e75f8e9c1db3f2e38f5fd23735afc4f132f6ff5cd5d765d2c9c5d224a451c7ff69bdebda9cfdb53a7e8cb489582be06407838ee3d05e9819de2
-
Filesize
699KB
MD5b61619ae88efcd7f9646d43696ee9830
SHA1aedd5879f1f13e1684f886a4ff4dc427c2974694
SHA256ea497e0ff6dbb8a6ff3f6ce8b33b8246096f9def67bb455aa449b93b5b7ef88d
SHA5127bf1e5898f358795d47ca9c4047fcc8f5f20fec8caffac913589c198a37521726a01011fac6a9ba943ab52b7a87fb0b3f547b3949fe117e8e3971a6c09a8579d
-
Filesize
138KB
MD59e1b5a74f597e92ff8f8a12847a98dba
SHA1dbb3051169f59f351ed77e4632817a75a40be662
SHA2569e45e2190b7068dbbd93e838d636335f2435aad297112bb7282565b16af009ec
SHA5122f81d09e937cbee65ac8ed5da4b10d1ab97f463963232af1a6b57404dd8f8209d4858d770d9b2439599e0ce3051c575e0821d6833d47f77d88640c13fe9e5410
-
Filesize
3.3MB
MD5cdd62ebf980af1672d588873cdbda7f9
SHA19dba63cb6e40cea976e11b5c048c1ca80417b66b
SHA256e87c5b9eaabb9958f24c447da366dfe735f301d20f00cd4899e6378913a45ad1
SHA512f5d81c50655e2715f8fcbb0a4879dd30bd6b2bccd633430ec438ce4db2ad3a836d0cb5026eb74ee6cc32bb17efb5df77ff93102a40f22691cb2c8cdbabe95e7e
-
Filesize
536KB
MD5b1a7a42894c19ec23356fafdcb65eefc
SHA107b4f30416cb5b9a81d8d8d31d2cb8f9b54f4bc3
SHA2565bdb4d4cc70cc763069f3afea5f1c75d1533e36100617ac443df598427150a49
SHA5124b463a71637d2119ae5e65847f0d1254d7952d9f380ea92d9021d1b6ccad25b3da343f5b70861d4d9939cc6c5550816a24ef2f26d05676b9994523d766a407ff
-
Filesize
135KB
MD534819ac261da8420f0030f1b7280dfc2
SHA1bdf8c5f2329723173b014909b47247ef35157d45
SHA256f4c9eb864295ff8702e423fec66676ed0e81c1e14f37f26ea8b0790fb2be45f2
SHA5128c8f4b4494a7356645250fd135f13a83b40edade4f6355c00678563a5827cf6307445eb36aff67b73107a6e3325424b5a73b5708a1bdd03fdbbd2d28b31b01a6
-
Filesize
11KB
MD5cb188090ab2fa92cba084d7a5a2207a6
SHA1f52d7cca91b126ca50d4b970f2bf32bdf107e959
SHA256a39444e2873b2730caecbbbb19c83f748c6292d367c6b61ab58b3476d5c5877c
SHA512a1ec59b486ecf6c211a6d1811a24e62d4bfaf58825f3794319f42f1c3c43ae389fce24fae601825706a98d49ecfdfa15c4892b7e9fa442357fa3595061461907
-
Filesize
149KB
MD57a0a0bd238f0db6b93bdab03df47ab09
SHA1cdd817262cefeea6f16382268e49d3c1a3f28a80
SHA256e2729282aa38b540a2c5667e83574620188b1df4a2b27de27350556bdd2b0d04
SHA512741a7f53c2986d54aca38dadc74cec50a6c85926d15dddee49628e610747543015fed6f3eada6b0756fc5ee366c8e038eeb3007c0d6284edfbc1ca818af48ce2
-
Filesize
676KB
MD57aff74ee0bc42f0862e1d58d8147c081
SHA18cfe4fbcb9c35828e8ad611dc680bf1fe383f99a
SHA2567a0e39ef1bd3991cb18374c69c47b24a0e4b25cded4727e50ce645f5e751a213
SHA51260e50c66a1bca1ad0f12c38d4d6ca9181acb26f67e1a1d439dc597c019df808d3cc89e3739b67827162890a9f4d8344dcfb8516d0cc6ad9e55a0e53f08871e41
-
Filesize
127KB
MD53545b238993f7aefa80b7878999fa76b
SHA1fafca47b22a0b4595952af0c783670334c9d5ead
SHA256b34ae3cd825301c0e6278657ecf40da47260ade5ac408bab5ac6e5e28aaa1951
SHA512103fcfd068b9aaa1ba21b78feac58d78d679b5c3c0fd9388f57ce3b5f1f9dc5c63f6c4524dbe6d9fbc6516591b88e1908ae164472782adbf5847a0cc4480fe55
-
Filesize
43.1MB
MD5d88fb7bf9f3b9267a03e69848a6aaf95
SHA1d288e1689cc9294f6791f35792dcdaacb6107a30
SHA2562ff35487800697e6a61cbd58e1f70097c39f0cd53104a086674cf78fdc7a0361
SHA512aaa5bd52341c3f554bb7aa88a4fe91810f30b17510c6e4b79ed351ed3e859f8bbe708a62bbbbb08a9ee7cfa03205a3173125c2ab3743532058701438387ad6e5