Overview

overview

7

Static

static

3

3dRipperPro.exe

windows7-x64

1

3dRipperPro.exe

windows10-2004-x64

1

Bulk Downloader.exe

windows7-x64

1

Bulk Downloader.exe

windows10-2004-x64

1

Command Li...es.cmd

windows7-x64

1

Command Li...es.cmd

windows10-2004-x64

1

Data/3dripper.exe

windows7-x64

1

Data/3dripper.exe

windows10-2004-x64

1

Data/3dripper.exe

windows7-x64

1

Data/3dripper.exe

windows10-2004-x64

1

Data/DecryptTex.exe

windows7-x64

7

Data/DecryptTex.exe

windows10-2004-x64

7

Data/Noesi...is.exe

windows7-x64

3

Data/Noesi...is.exe

windows10-2004-x64

3

Data/Noesi...gl.dll

windows7-x64

3

Data/Noesi...gl.dll

windows10-2004-x64

3

Data/Noesi...is.dll

windows7-x64

3

Data/Noesi...is.dll

windows10-2004-x64

3

Data/Noesi...on.dll

windows7-x64

3

Data/Noesi...on.dll

windows10-2004-x64

3

Data/Noesi...bx.dll

windows7-x64

3

Data/Noesi...bx.dll

windows10-2004-x64

3

Data/Noesi...iew.py

windows7-x64

3

Data/Noesi...iew.py

windows10-2004-x64

3

Data/Noesi...sis.py

windows7-x64

3

Data/Noesi...sis.py

windows10-2004-x64

3

Data/cares.dll

windows7-x64

1

Data/cares.dll

windows10-2004-x64

1

Data/colla...mt.dll

windows7-x64

1

Data/colla...mt.dll

windows10-2004-x64

1

Data/gdal201.dll

windows7-x64

1

Data/gdal201.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/DecryptTex.exe

  • Size

    21.9MB

  • MD5

    d3b193a11118b4f16d23c7f751d4cbfb

  • SHA1

    012d625ffcb291ebdfce7be7009bb9232bc4099b

  • SHA256

    f255a15a18b6b9745ae74cf3d9689d6dcfbece4e3d01e9bb5eb3ed2854e21524

  • SHA512

    30d4d3ab03c0218c98a5f8bf723894fd7cb0484b81299ce697ee9ca0018bc685896f7354e9ced22dc41a087eb1eb35d74e0a90434fd4da20729e6dc8506c663f

  • SSDEEP

    393216:sPJscZFZs0InEroXHWe/ZODNoWruy3VU3o+qDPv2q9ANWW+N14S2qWqgAjlFw4qL:utZDmErUHWeGrugO4PXANWWftrAMV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 15 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe
    "C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe
      "C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe"
      2⤵
      • Loads dropped DLL
      PID:2084
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4952 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\MSVCP140.dll
      Filesize

      552KB

      MD5

      cb75d6437418afe1a7b52acf75730ff1

      SHA1

      54c2da9552671b161cc87eb50fbdb86319b00f56

      SHA256

      7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

      SHA512

      f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\PIL\_imaging.cp310-win_amd64.pyd
      Filesize

      3.0MB

      MD5

      47b419f64903583e49a2e3d448e9af94

      SHA1

      4fb21d22bf6829c4ac28acc514e23e42adab1ec5

      SHA256

      ee8f640403ab34a529f5195fd1cd94c579206fb8d42056293b14a557968abd20

      SHA512

      bac2d5c9c6d5429f789a233cc0f65750af90202f02f679e73ec140998bcf40b0822daeb1e82a6d3503354fafaf937438f99a68116d17068d5141cda8339bb530

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\VCRUNTIME140.dll
      Filesize

      94KB

      MD5

      11d9ac94e8cb17bd23dea89f8e757f18

      SHA1

      d4fb80a512486821ad320c4fd67abcae63005158

      SHA256

      e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

      SHA512

      aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\VCRUNTIME140_1.dll
      Filesize

      36KB

      MD5

      37c372da4b1adb96dc995ecb7e68e465

      SHA1

      6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

      SHA256

      1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

      SHA512

      926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\_bz2.pyd
      Filesize

      78KB

      MD5

      b45e82a398713163216984f2feba88f6

      SHA1

      eaaf4b91db6f67d7c57c2711f4e968ce0fe5d839

      SHA256

      4c2649dc69a8874b91646723aacb84c565efeaa4277c46392055bca9a10497a8

      SHA512

      b9c4f22dc4b52815c407ab94d18a7f2e1e4f2250aecdb2e75119150e69b006ed69f3000622ec63eabcf0886b7f56ffdb154e0bf57d8f7f45c3b1dd5c18b84ec8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\_ctypes.pyd
      Filesize

      117KB

      MD5

      79f339753dc8954b8eb45fe70910937e

      SHA1

      3ad1bf9872dc779f32795988eb85c81fe47b3dd4

      SHA256

      35cdd122679041ebef264de5626b7805f3f66c8ae6cc451b8bc520be647fa007

      SHA512

      21e567e813180ed0480c4b21be3e2e67974d8d787e663275be054cee0a3f5161fc39034704dbd25f1412feb021d6a21b300a32d1747dee072820be81b9d9b753

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\_elementtree.pyd
      Filesize

      119KB

      MD5

      1fecac327fc93fc161833ad709336bbb

      SHA1

      c755ed4ff97eb2f1c73659322430c60de253b732

      SHA256

      16480ede0430be5249481a9bfb843eb0ef98f93b467a5428352fc23cc8c9051d

      SHA512

      003d9ccdcb68f5876aad4cb39fecfefd043e70d1fd6ccfd4d672924ae96d69eb4f32dfcd1a643b3a60f0a60c051714c64436e0f6d09a784dd2f92b0800bca067

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\_lzma.pyd
      Filesize

      149KB

      MD5

      5a77a1e70e054431236adb9e46f40582

      SHA1

      be4a8d1618d3ad11cfdb6a366625b37c27f4611a

      SHA256

      f125a885c10e1be4b12d988d6c19128890e7add75baa935fe1354721aa2dea3e

      SHA512

      3c14297a1400a93d1a01c7f8b4463bfd6be062ec08daaf5eb7fcbcde7f4fa40ae06e016ff0de16cb03b987c263876f2f437705adc66244d3ee58f23d6bf7f635

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\_socket.pyd
      Filesize

      72KB

      MD5

      5dd51579fa9b6a06336854889562bec0

      SHA1

      99c0ed0a15ed450279b01d95b75c162628c9be1d

      SHA256

      3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c

      SHA512

      7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\base_library.zip
      Filesize

      811KB

      MD5

      a2b54e22cede875dd5b980ad7c35a353

      SHA1

      fff02d92e15135d2d27f9aedfe8d563df7eb4929

      SHA256

      3ee15bebac18ce8efc34b3cafd46391940f0241513fa641f45e1df196fd0e5a5

      SHA512

      e8d7fab18e22adb7afdf1250a0c550124ad76ba2d3b05d6706809318cc8e031bec036494d973150a626852713834ff18a190024d223211ea7c29662465126cb8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\libffi-7.dll
      Filesize

      32KB

      MD5

      eef7981412be8ea459064d3090f4b3aa

      SHA1

      c60da4830ce27afc234b3c3014c583f7f0a5a925

      SHA256

      f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

      SHA512

      dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\pyexpat.pyd
      Filesize

      187KB

      MD5

      983d8e003e772e9c078faad820d14436

      SHA1

      1c90ad33dc4fecbdeb21f35ca748aa0094601c07

      SHA256

      e2146bed9720eb94388532551444f434d3195310fa7bd117253e7df81a8e187e

      SHA512

      e7f0fd841c41f313c1782331c0f0aa35e1d8ba42475d502d08c3598a3aaefd400179c19613941cdfad724eca067dd1b2f4c2f1e8a1d6f70eeb29f7b2213e6500

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\python310.dll
      Filesize

      4.2MB

      MD5

      384349987b60775d6fc3a6d202c3e1bd

      SHA1

      701cb80c55f859ad4a31c53aa744a00d61e467e5

      SHA256

      f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

      SHA512

      6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\select.pyd
      Filesize

      25KB

      MD5

      78d421a4e6b06b5561c45b9a5c6f86b1

      SHA1

      c70747d3f2d26a92a0fe0b353f1d1d01693929ac

      SHA256

      f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823

      SHA512

      83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\shader.pyd
      Filesize

      15KB

      MD5

      df000574bf4bba4290fdba99c57296fe

      SHA1

      748c3a1c0cf605159939616bf411e29cdb113742

      SHA256

      c74cbe7974d9b54f5f4d78ea86394d7b77405a407b9267e8782160eb8ff3e699

      SHA512

      0470371b286a2004fef43668232652a4bd300f357c0641b3caede4a232af62731ff3eb3fc6691525312c197716f76719834e0fd75630f7c521b787dfefdafdb4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI49962\ucrtbase.dll
      Filesize

      1011KB

      MD5

      849959a003fa63c5a42ae87929fcd18b

      SHA1

      d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

      SHA256

      6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

      SHA512

      64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

      Download Submit