Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 09:35

General

  • Target

    3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7.exe

  • Size

    8.2MB

  • MD5

    49470a2d2319ad1b00edac717ed0bc4a

  • SHA1

    f5e6346daf7a290608e9cb7bb0da687cf79aa544

  • SHA256

    3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7

  • SHA512

    dda323968c9cadbdbc1c320b1deda44e1c63b11b5a172fe591be5da2c47e3848727098d6c16d866ba9f0c3ebc6a3e1f00945a770d0dc9e348c25cb117f89f030

  • SSDEEP

    196608:MgzWQHiSUYulNfUv+wq4GAwPgTg0vVljcsE5nk08M:MgKi0XleG9Yi0vHjcFk7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 42 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7.exe
    "C:\Users\Admin\AppData\Local\Temp\3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Users\Admin\AppData\Local\Temp\3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7.exe
      "C:\Users\Admin\AppData\Local\Temp\3e8097e8c2ad2aa5f7486fec4d5c5758ae2c515d7d7de67487ff6a09010eb2a7.exe"
      2⤵
      • Loads dropped DLL
      PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Cipher\_raw_cbc.pyd

    Filesize

    9KB

    MD5

    9036481a500d1cc4f16756942f1d5f6e

    SHA1

    d9b83ea72a02d8071844b69e6a9e5622d177aea7

    SHA256

    115e950057eed43068f1bed67c4748b8588e9a8d8bf8f77a726dfc90594e88c7

    SHA512

    3a6a50b974728b0a868c90150acc000a3fbc3d16d07f819684f919e72216c9be857e2b1c0d816ff29075b2c225ba0994cf81a842d34399b0bd514d197c2b3801

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Cipher\_raw_cfb.pyd

    Filesize

    10KB

    MD5

    174a21a4478f378baf247fe46e02ccbc

    SHA1

    443928370f05227d911dcbaf753894ad71f40041

    SHA256

    5b6b34c5d82d7a965891d7a17a97eadc1a530bfb583fcf16b4ec7373f3d856d1

    SHA512

    ff2f8aac46ab09bd7ee5171bd86298000e5e21d32922334339eb1412e8a7f2bf074ab9c193c4f06cbcbb3e9d9c669c8118941d51cd75b254bfa1f6e628b59c57

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Cipher\_raw_ctr.pyd

    Filesize

    11KB

    MD5

    5f4f494350f28f2e2ea0196d4aa39111

    SHA1

    2c7e76ee241a704a68195820799931db53716d6e

    SHA256

    528e58fa0832909e535982a67cbe17de031cf95f5bdcd5f3cd8a264ade9cc4e4

    SHA512

    8674db3e683686c56be028c77e458d3e13f6c5e9b39c65ed69f45f2017a8135e925e52dc64ed0e3e993cf847f6bed5da6c28058d27b11650e4bb43ebff9d4af7

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Cipher\_raw_ecb.pyd

    Filesize

    8KB

    MD5

    092ba3ad6b366015ba55d788af0d201c

    SHA1

    b0d8439cd3a75526b07a8c78ce5624e69c82c84b

    SHA256

    c0c4491c2ae12df6d911b6ed4bf9a995f563c5913d85e982ee8152231cf48c06

    SHA512

    833e368e95089146b6d53b8fa2c82b6aa74f6b515317a1ee10e3774aa90c0eee29efcf506ae8cfc940d0fe5c9b5ba12e82bf6c5bc71916b32734078d04816c6a

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Cipher\_raw_ofb.pyd

    Filesize

    9KB

    MD5

    33afc83cc3455af45e46aa8adc65abf6

    SHA1

    fdeccfbb20954122a1250beed8f1452cf2096cd2

    SHA256

    313b11a6848d0bb9022164510a010efcef57d3301be6f9a1ecb8697903463194

    SHA512

    a1679009641f3f19a5e24c52dc87e3ba3180403c055d49bc7ff7e418d11d777261260fe42a2fef5b454314b51426ff688930ffd1676f8c26bd1481622aba11f3

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Hash\_BLAKE2s.pyd

    Filesize

    11KB

    MD5

    3a2319cf407611a17240398a8d13419d

    SHA1

    9a415281dfd53e93edc244e12b5155fc7d3aa978

    SHA256

    c3039efb2d971f6e9c1ba75badc24b68b40103ddb1542a8c9afa2dcdee33c0b8

    SHA512

    539c71aedf3b38161fd5cd37b2fcd9d64e05db411cce670f921037dea1d599d512bfe863963ace06149e9b7b8465c951f43b5304d38b2edd1f2e801522da4cac

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Hash\_MD5.pyd

    Filesize

    12KB

    MD5

    d23799cfbc4cd370d4e380af975583fa

    SHA1

    1dd2efb0efc578e1aca6ce01d330c797197316e0

    SHA256

    6846c737233e70b2615e6dc75028e1d6aedf41ac30a653cdadc48c2b006c9e25

    SHA512

    57ae2c07334898811178ce4ca56b86173620220cd7d103102f49acfc4ee5d2fcd44eb1908a7a10e3d48b77bc214c3dadeef2ad755bccce47cf7c80a9c749c6f7

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Hash\_SHA1.pyd

    Filesize

    14KB

    MD5

    49f74cda21e7b1a15af3f127b936e96f

    SHA1

    9a5bdb289e84910fe37198fed803d16c17cc6873

    SHA256

    ddc3321c6bce1599b705871690363de9de3e0722f458bfa001ae4ec35dc7d22b

    SHA512

    6019b6738a0d4245a16492e6c0801782ac90b2902a8db71765d15fc6589246f7f005d8fd79b6109c2b161b1c7183d692b85b971fc43d0cd03ef86384e0901158

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Hash\_SHA256.pyd

    Filesize

    18KB

    MD5

    d3c383918c31dd100cf94d74d19190e8

    SHA1

    0649577312bc4ae32d003c3ff728182ea2a76517

    SHA256

    8d4e33d664ee2a3c84c7adba0952a52ff1a45f6a49c5d22e5db889edb0e6ce82

    SHA512

    8a0fa3eabe22ab29261af1da776c27732cb15b2f81dec87379672d794430de1f133a1d2c069766a5fd4bdbdf86671c6011000e6aea54dc0e1a5d78254abf97ff

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\Crypto\Util\_strxor.pyd

    Filesize

    8KB

    MD5

    d4ac5ad0430141486f346f789482c569

    SHA1

    fdcd9f52b34b1d005a6e59f2fe5d3cbcb291c717

    SHA256

    420af79f0fed8207cdf256dfeb6b36547899f2bf1d45813fc1f1b20df82cf359

    SHA512

    3a2958bcee83f1c0658ce212d7385deb71fc2359bef312a03a0ee5204b2fc6f53c1a914b8089731b692738cf7d64c1abac57976791df1f9245cbb09636d10e26

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\VCRUNTIME140.dll

    Filesize

    78KB

    MD5

    1e6e97d60d411a2dee8964d3d05adb15

    SHA1

    0a2fe6ec6b6675c44998c282dbb1cd8787612faf

    SHA256

    8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

    SHA512

    3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_brotli.cp310-win32.pyd

    Filesize

    731KB

    MD5

    2c207d3af1d9773c004f473854c0cf4e

    SHA1

    8bbd700ad097047071bf1dec8de26083fb2e2ea2

    SHA256

    fb20098d14eba37d6d733f447fd22adbd3afb39b278f295c5ac3d1e618e78c89

    SHA512

    e2ef6b74e97b023c705a1a038bfd70deb9be9aa559377b022b428db02609588cc5c00eb0c99857d2da06974baabebb6e77fd90891cccf588f7d422e7b55c38f7

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_bz2.pyd

    Filesize

    77KB

    MD5

    710c192b8f8cecd9e58b2719b78e6820

    SHA1

    a6e94a3eaa9da0425801a836d72420c5925ad0fc

    SHA256

    d114ea7932e7a8db2093d8e1385863d944ab223e2f5c22ad4b56382d9d95cd36

    SHA512

    ab510b3381890bf296f3fc66f688b3ea2185021f18ffa2c23c2e9b0ae7f479ddaf3c6278a3612960f5ec5069677aa25334f3b340af410eb7cad9aa3bdffe1589

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_ctypes.pyd

    Filesize

    103KB

    MD5

    1a5cbc7fa9cb4949c3caac3804a924f3

    SHA1

    d469b92e922407d89ebaafe22779168f9fd0b72a

    SHA256

    b05ee8b49320e820271fe2c4c7d15dd92bd69a71bbbff58d45412127bcf4f46a

    SHA512

    3c0400320d18a9222fc5a4a31467ee6d297ba3147cdf139428ba9e014ef9f9048b0858f6864a752e3647238d494e8ef43cc0918fa49d2920794c6c65c7b10a29

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_decimal.pyd

    Filesize

    192KB

    MD5

    a8bcb5f6bce7044a00311f37df059384

    SHA1

    15319fb1d9dc61ac299f015b7eac39729c8a18c7

    SHA256

    14d4cb55812371d02d8a5636c236baf93738364301a924cd9b1886ed87e115cf

    SHA512

    1d1939b3f64a4dcbd1eebda5033a897441c7827c5d8a54ee1b763205ef684ce060fd56e6a149c536033969eb893b246dab8c3881a34ad80e84833f02d9327ce5

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_elementtree.pyd

    Filesize

    111KB

    MD5

    bb2df9b8c4f6e5d9095f6a2e46bd48b8

    SHA1

    afb8603a1eeacbd8822bceacc441e70136fe7a2b

    SHA256

    6f10876e444fe1061b6fe3ba5592ab539c8bf505e51c09d44b47ea70718c86d7

    SHA512

    da078dbe1102b26d40deb2017b7dde0dec08340afc5b7381ea96e6c766b139e93521457d154af4897626da394a417a11fdaae5155badf6357691f0b0eeccc39c

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_hashlib.pyd

    Filesize

    46KB

    MD5

    5232385166778b3d69c58e02d51c0a0b

    SHA1

    8fe7f2fee2483556f19ee1f0049c90d9b67c7b13

    SHA256

    cb988f8a751011d55b4cbbc45214c6217670812f351f30473b718fa0cfa06cf6

    SHA512

    ead37eb65f9858cc2db18ef4841fc7d2612bc4570c43b62f807987462804faf745e48d07a31b3240557d555e427c1071d9834348417bcc76b06aeb5b93de9e5b

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_lzma.pyd

    Filesize

    144KB

    MD5

    acd90982508a76351e87aad528e1d4b1

    SHA1

    3d2a6cd06a7e2d89da11e95d0a26abccdd19504f

    SHA256

    7578d4478af6de7e52b9e9993bd63708b99d50c5ab6fd0c872703fedca46e97c

    SHA512

    f01ff6c859e35f10164717bb772470ebfe91f69847147348f6c17c768e7babdcaa5e81716450a68ebc62d8c5b6db08255ea6cd9f47e81208bbab364db0dcd249

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_queue.pyd

    Filesize

    26KB

    MD5

    f141586e8d8ec27fcce645598f4d2130

    SHA1

    dff3a46ec1fd6f7ae0542bcd7d03d3a466e86687

    SHA256

    3f2cab58e705d498c2a4640bbfa42886a8a9a9f5ae9b8345419614f9acf6c1e0

    SHA512

    aedc3160e80d95497e55f59586cb67df87f15af89ac8da2eb54a53dae47dbb159309b1a270978df0df7a994fa4f966e32be766341f4c85aeae141039944cb145

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_socket.pyd

    Filesize

    67KB

    MD5

    e2032de7e4e0dff126710752931e7fec

    SHA1

    a41f62c644afd3239dcb5cb4a3e291afecc6aa95

    SHA256

    66ebafdf5781404596f8afcfba264afcd49feef31dafee5eca80a06ae7f4dae3

    SHA512

    b42e6748b7e141a07cc60e6556cff89aae19bd67239ec83ef9773d3e538f15560f8acacac805f1be13c9920a10428d6a051de12962676d0eda90db64c9d4b7e4

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_ssl.pyd

    Filesize

    136KB

    MD5

    5a7f8391bf50ad512df2cf1fa701af17

    SHA1

    c704da093419b6acfed6afce24a224c9816a8f45

    SHA256

    3c6b7ed64f40d09f70ceb13f077a16c4989f42d4686b2b01f3ea890430fa7181

    SHA512

    1750f9f7dc43302839aaf783920f2935ac5eeedaeb78bbf4ec3d91c50021539a3309fd5e330d4f4703f82b6f1d0705ad7857bae799a8925154829561adb53eaa

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\_uuid.pyd

    Filesize

    21KB

    MD5

    4fb136d3dc5236de59e9783d1b7d27fe

    SHA1

    f84e724e64a2b6695fa1b7047236ad46d9ed1ddc

    SHA256

    3918403cbfb053f1e7937cbc2f9902212a1314bc0ef7e18046cd5fc15fada73f

    SHA512

    cf24074713190d9f7f7d791933a95573c773699418b3c1e0da668ee31562f588a7acda41f6c4c08ebdba99eed5e12fd4f540eab4122e44fd684b2bd76f1e6e7a

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\base_library.zip

    Filesize

    859KB

    MD5

    3fa51488087c6577ba4d4accecda2bb6

    SHA1

    3584d301bcb007f6de830729b3cc994c048edd93

    SHA256

    8f614b9743bf81cba58bb2f50dcede4e0e9310727b114be36ef9022d587dc622

    SHA512

    bc1e42eabc128e304ccd5ec9413907b0760ebc96b6eb7b6d1f509433d1912b703136c42d4f8cac98bbba157c75f3a416f7b2ea241de17c08eafa2acb2a4e1669

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\charset_normalizer\md.cp310-win32.pyd

    Filesize

    8KB

    MD5

    492fc2c3d9e5d652c8d6ee1a0e3f9e94

    SHA1

    40c8ea35116d23ef992b0633795258a1ed044a35

    SHA256

    f1ef1ebeda3306b95aca52f89c49dd9943768c274ac2db8e4a6a1b303952c106

    SHA512

    b1b78f6f9323fff9d83f8ed682fcb48a30dee5c95b1178c6c567c99ca5bd9bc2c19cd067bdc74a84f387a08fa649f7f7c4fb71d05a529fbe29d3a98b2271e1ff

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\charset_normalizer\md__mypyc.cp310-win32.pyd

    Filesize

    99KB

    MD5

    b097e1bcb848f7e75f9e18d80037aa82

    SHA1

    a461a995132548f2a7cd44311165daf19512889c

    SHA256

    240074887ea15325e081d6291f019ff929639c5803d4562cf0134a235a376529

    SHA512

    50274ba7d7f5aa501275ec8ae24807d57a288bafd380d2557021db7855c7b87bcaf669b222740bbf240d1c1b907c378f6cec8cbcfe2fb620a159509bb192b21d

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\device.wvd

    Filesize

    2KB

    MD5

    08085dce7106ed9336e3a9db2b9188cb

    SHA1

    dcac0c08a0c65a4a5b999f75a7547dc61958dca8

    SHA256

    1af6c6da95cbbc10e871793582ca85ae7d7bfd7966a908121f35db218335a99a

    SHA512

    f1500683284c7cb1b5e8303ab59cbf2289bdb3aefdd93e9f4cdf23b1c2b07048af405cd48006921c11b85dfc3dbee0e5424142b44179ff2315e6c26e287a6e63

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\libcrypto-1_1.dll

    Filesize

    2.2MB

    MD5

    90311ea0cc27e27d2998969c57eba038

    SHA1

    4653f1261fb7b16bc64c72833cfb93f0662d6f6d

    SHA256

    239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367

    SHA512

    6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\libffi-7.dll

    Filesize

    28KB

    MD5

    bc20614744ebf4c2b8acd28d1fe54174

    SHA1

    665c0acc404e13a69800fae94efd69a41bdda901

    SHA256

    0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

    SHA512

    0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\libssl-1_1.dll

    Filesize

    536KB

    MD5

    0eb0295658ac5ce82b2d96d330d2866e

    SHA1

    68894ff86e0b443502e3ba9ce06bfb1660d19204

    SHA256

    52224881670ced6419a3e68731e5e3d0b1d224d5816619dccf6161f91ec78021

    SHA512

    347b7b5d7b9b1c88ea642f92257f955c0202ae16d6764f82d9923c96c151f1e944abf968f1e5728bde0dae382026b5279e4bcbe24c347134a1fbe1cb0b2e090f

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\pyexpat.pyd

    Filesize

    165KB

    MD5

    47b9d353fd5a40475eb3408ba879a5e2

    SHA1

    789ec3de35089576715340bf89653639fd9f3e5a

    SHA256

    73cf8c3b7d5843cb2253d139c25fcd15314e9a61d0014aab325d681eef3061cf

    SHA512

    d1847347e9b0a663b3fe4f3f7be05316326627ab2be50e9490d0e94a66c90f1e346630c95fc65558fc77603943d2846e832d2ff6a58917cc7f18f4ae233494bf

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\python3.DLL

    Filesize

    62KB

    MD5

    9de3d5d359f716ad3fe4d71d13b89d2f

    SHA1

    4f4fc6098ba77873f05d48177c558b7ef0cb62c1

    SHA256

    8f87b8ab1f4c6834c79726d8c10344a536812258e34a8809a6eca1fb846b720e

    SHA512

    71bb629c4f9e08b603e01418d20c2566ad6b8a7efd852528562e514603e5c0f3d2e4357a46db674808e74b0cb1200fd16a5cc3cda1f84ec54e22914057fd55db

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\python310.dll

    Filesize

    3.9MB

    MD5

    640ec0b1fc4812bc3c2091da1f409592

    SHA1

    ce7624cae17a94663509df0723e3efce173489aa

    SHA256

    23a474eab298df93923ecac33007e547cc35d1a718310df4fc9a24025ad2176f

    SHA512

    6a6706e3f2b93cf41d8312c092a3b80cec33aef372fc2183be867aff6167cce2af64b65dabf28e7ca66435ad6555ef2b690cd2d6005a6c827bc986dff3896ce4

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\select.pyd

    Filesize

    25KB

    MD5

    1f5c1b50a5104c50366827a7102e2cf3

    SHA1

    57b09c0e2d73e4caeb1e21dc10cc527829f202f2

    SHA256

    2f807726fbcdb67bd365244ec2cd126238c8ce25161d31be722c797f559388fb

    SHA512

    2d9a2ac586d5cb9d3724a0c1a7e4922743a1e170791a917a36b94716d66cc7fe09bdf97abcbe5d86d3267d66f72962192fd0777095d13103345b1e8fa1a71048

  • C:\Users\Admin\AppData\Local\Temp\_MEI33762\unicodedata.pyd

    Filesize

    1.1MB

    MD5

    e25d21ac53f87e051a20d5e6e4a6f8a8

    SHA1

    750b516bf3d66b1dac1105e06f08122e3310506c

    SHA256

    2da8bdca79ab1cdf2fea25c947916e0b1351397a05403133171417bc7fc5dcac

    SHA512

    fb868545c2f2d6aa23c2f082f3ceb23e5b2d3de9946992b24d1abc9bd4cca5d9c7e9c502449a4cb687ac27b86c908c0f22653a8102a6be40e116fe607e9dc2fb

  • memory/2724-131-0x00000000743E0000-0x0000000074471000-memory.dmp

    Filesize

    580KB