Analysis Overview
SHA256
daf5af0eb48367d7883bd72d1e602bc4536c1616669800235e279c7b6263c642
Threat Level: Shows suspicious behavior
The file Certum Trusted Network-Petrus Verbeek-2023-12-25 045000 [email protected] was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates physical storage devices
Detects Pyinstaller
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 10:23
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 10:23
Reported
2024-06-20 10:34
Platform
win11-20240419-en
Max time kernel
479s
Max time network
490s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Certum Trusted Network-Petrus Verbeek-2023-12-25 045000 [email protected]
"C:\Users\Admin\AppData\Local\Temp\Certum Trusted Network-Petrus Verbeek-2023-12-25 045000 [email protected]" /S
C:\Users\Admin\AppData\Local\Temp\Certum Trusted Network-Petrus Verbeek-2023-12-25 045000 [email protected]
"C:\Users\Admin\AppData\Local\Temp\Certum Trusted Network-Petrus Verbeek-2023-12-25 045000 [email protected]" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start C:\Users\Admin\AppData\Local\Temp\_MEI30082\Document.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI30082\Document.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=602D14C5966099197575E8C9B8C074B7 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EC0027FF489BF107C3001D44D1110511 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EC0027FF489BF107C3001D44D1110511 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EB5E7A8567B7B9995761885E844F9DC4 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6241FEAE41F395814006A1E8883883F2 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6930F5E2EC5B7312CC61D56B7DEF1271 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6930F5E2EC5B7312CC61D56B7DEF1271 --renderer-client-id=6 --mojo-platform-channel-handle=1928 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29CA2E59BDC6B6332C90097B00B1DF35 --mojo-platform-channel-handle=2764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=491B5AA95CEA2FB51E33D2FB8A118BFF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=491B5AA95CEA2FB51E33D2FB8A118BFF --renderer-client-id=10 --mojo-platform-channel-handle=2852 --allow-no-sandbox-job /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI30082\python38.dll
| MD5 | c381edf39a0c3ed74f1df4a44fbab4ba |
| SHA1 | 688af6616d5f2f67ff9f49dc6790583825fb82ab |
| SHA256 | f8c622753feb3cec062a535f2a285b17f6d118fee0bf8ed5a2f3d06ca53e729d |
| SHA512 | 88abc4ef225593e176050a6526b4873c08aca3b464616b502e64e7995368e82ec413cdf9e0bc8902994b2be25aa0aaf2e5135977599e57a0e8e1809f2b67eeec |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\VCRUNTIME140.dll
| MD5 | ade7aac069131f54e4294f722c17a412 |
| SHA1 | fede04724bdd280dae2c3ce04db0fe5f6e54988d |
| SHA256 | 92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76 |
| SHA512 | 76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\base_library.zip
| MD5 | 872555fbb1ef0cd923a0c5249d3bff92 |
| SHA1 | e984bd4aea8a414ddc702f56d84ab97678cf0829 |
| SHA256 | b33f700b18fcdbd05f585984b661aea44e88cad23531a0a74c9737085184ef50 |
| SHA512 | d0ee302bfedf89100904551f19f10ea6851063453ed79564e4574310fb63b12af1d5443ea97322f5118f0b3e045eedaa69f6b1b4a10b9c18c843635ffcce9e67 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_ctypes.pyd
| MD5 | 9755d3747e407ca70a4855bc9e98cfb9 |
| SHA1 | 5a1871716715ba7f898afaae8c182bd8199ed60a |
| SHA256 | 213937a90b1b91a31d3d4b240129e30f36108f46589ba68cd07920ce18c572c2 |
| SHA512 | fb2d709b4a8f718c1ab33a1b65ac990052e3a5a0d8dd57f415b4b12bce95189397bfddb5fb3a7fc1776c191eb92fd28e3aaebbebdf1024ecd99e412376ca4467 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_bz2.pyd
| MD5 | 0083b7118baca26c44df117a40b8e974 |
| SHA1 | 218176d616a57fd2057a34c98f510ac8b7d0f550 |
| SHA256 | e1f791a3f5e277880d56f21006cec8e0b93ca50cd4464b2b4c6e88ab3ca5234d |
| SHA512 | e093937e4f1c8e3c321e2059a3dda703f0d3df88deba2b15656bca87a258a9cd4dc677859cb1879157d4e60e10efb4d35c402135960ef2afddfef9c388077b85 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_lzma.pyd
| MD5 | e63bf80e04ae950ef22d8fc100d6495f |
| SHA1 | f2340ecaa46cb1737abcb19dbab6de9e3cbc51d7 |
| SHA256 | f4016a1a8eb34aaf4f20d6c2fdbb02992cc5125f5c32f0335c6dfbeedb9add5c |
| SHA512 | cd70c7c99e5fb131567aa2213abd5f811e2a271ac12a2210be6a04728c696c407814e4535e7ca19ca86a2d3311d822cc6985864a2e178e1b36faf6bc828e621f |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\pyexpat.pyd
| MD5 | a9e03036e55c680004576490efa6a792 |
| SHA1 | 8a1948f1ba8b4bb9e34f29eade786fc85949d74c |
| SHA256 | 70fe25f01eafbf730deb95fd101b220149bb2eeea690b24b20f6f4bcdb0f04ed |
| SHA512 | fa664233ceaa848901d19091f01cbd3ada8dd1a30de352dca693c4394e243941405edb0fe09fc9fb404fe18a5455c78aa8ce64f7037e63ac9574c2aec5ee4267 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_socket.pyd
| MD5 | ee5c9250e766a02aa745a0d1493a387c |
| SHA1 | 0e6e86b7cda5f99e719dab8bdcae21558e7def10 |
| SHA256 | 28b23ef979ff75b3cc44fce358b7ed087488105e3186249163504cd719567ccf |
| SHA512 | ba4ad7d081b307f220212a9fbf982f925ac742eec64b3c9ed2bdbf3d06a589b1acc992d9585dec077de3b7f9e814a7115470a89307123491a3aff0ac3d795419 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\select.pyd
| MD5 | 6e3e3565f98e23bee501c54a4b8833db |
| SHA1 | a4c9ecbd00c774e210eb9216e03d7945b3406c2c |
| SHA256 | 71a2198c2f9c8cb117f3ea41dc96b9ae9899f64f21392778d1516986f72d434b |
| SHA512 | 359aac4a443a013f06295e1a370f89d4452ea75fd2d11776f4eccf605b59caf529baffdcc3cef3eeb59e44a42beaf927bed908b507ac479cccc870768a620fed |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\PIL\_imaging.cp38-win_amd64.pyd
| MD5 | 6419f37abd9925e56194a5d3f44a619d |
| SHA1 | d03b03d6e0a1897f7466c2725a7057aed5158244 |
| SHA256 | a3bff0ef16dec8ad42c9be3d0ea8a60f92f2c6374149b4a52f7776e4f33c8d36 |
| SHA512 | 7cdfec882dc173ca940560489d22eccf2c038df1db32a9e9b1aa492916dd334a4cb9285c2075db1205b06cceb434e33d69cfd873e519cfb2afd9246ed00d0406 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_ssl.pyd
| MD5 | ce0ef7db1b5ec4211c901ef0ccc4c168 |
| SHA1 | da92022e89b5c6e4d7b0ce704cfba1ba0f50d20e |
| SHA256 | bbcc8078d2624506bd33ed25a64230f9be74e7ff87faef517ab28e2f63f5e77a |
| SHA512 | 0c50bb2d47b0252419a1f7d58512cf2bdfc024b3f9dbbd44cd989d6e9e5d493631404b251afe0ce888ff61ed45c29c378b94801660d0429368df902f2eebb481 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\libcrypto-1_1.dll
| MD5 | 89511df61678befa2f62f5025c8c8448 |
| SHA1 | df3961f833b4964f70fcf1c002d9fd7309f53ef8 |
| SHA256 | 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf |
| SHA512 | 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\libssl-1_1.dll
| MD5 | 50bcfb04328fec1a22c31c0e39286470 |
| SHA1 | 3a1b78faf34125c7b8d684419fa715c367db3daa |
| SHA256 | fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9 |
| SHA512 | 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_hashlib.pyd
| MD5 | f6f10f79867e33929e8c3263beaee423 |
| SHA1 | 91ed04e12da5e5bed607f1957ede5057d78c275f |
| SHA256 | c66d0a524a9d6c7f110273ffb14fb0ead440bf42f7a3957554f8b053331a7c3c |
| SHA512 | 30004621f7ee267e18987922b3e4243da6080cc7fcff8caa9cc8fdf795ba156ffba8c163a621959c2696cea6835398b046ff3175c0d02154532a93395391124b |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_queue.pyd
| MD5 | 25e90e7317853c3807893591d72c1c11 |
| SHA1 | d6df3b4dd8c6235f263b637ec4646b56c9c977b2 |
| SHA256 | 72584c4be4e56b0c26023a30385e90a1b5ac3a8d559007d90da11e5262ec7b76 |
| SHA512 | 6130e9631465ec7b5bc65e29dd23ea99846baf34b55c69b86774e586c193eea2b4c0557f0d3980b317fece7eb1b9a2f612eb48697b5c61850baf16dbcc3f5a87 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
| MD5 | 073f09e1edf5ec4173ce2de1121b9dd1 |
| SHA1 | 6cdb2559a1b706446cdd993e6fd680095e119b2e |
| SHA256 | 7412969bfe1bca38bbb25bab02b54506a05015a4944b54953fcfdb179ec3f13c |
| SHA512 | 70a1a766001ec78a5fce7eadf6cae07f11b3ca6b08115e130c77d024524879577ccab263c596102102b1569933c601592fbb5ee07c7db123bb850965ef8e8e96 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\unicodedata.pyd
| MD5 | 0a22c143ab1dbd20e6ed6a4cb5fe1e43 |
| SHA1 | 2eb837eb204d7467caad4a82e7b9932553cc9011 |
| SHA256 | d0b8deabc7bc531c0c45f17ffc75c55b1ac9ff71347b74753096050eec6235db |
| SHA512 | 8a48246bbf1dfbae63aafca8bb9ae5c14c9dbb60dcc43a1030d7ea11033cba8d6e780ab9620eeadf303f5a3a9167bddec4b2fa23dbe526b95db5c297c9f688d8 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\charset_normalizer\md.cp38-win_amd64.pyd
| MD5 | 38105df780eddd734027328e0dca0ca3 |
| SHA1 | 45f1d9e3472478f8e1ba86675f5c81c00b183bea |
| SHA256 | 9512896233d2119e78e2e1fcfd83643b2be2b427f08d16fc568fe98b9d4913cb |
| SHA512 | ba2a05c236ce47d87888f618be2b23532d0d882578707b07ae220a96883b468f7088a19ebbe3bac2adf4035da6b7ee6fa9e57b620e2bc67b28e54cd969d6bbb3 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\certifi\cacert.pem
| MD5 | 2a6bef11d1f4672f86d3321b38f81220 |
| SHA1 | b4146c66e7e24312882d33b16b2ee140cb764b0e |
| SHA256 | 1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c |
| SHA512 | 500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\img.png
| MD5 | 63fe1cb20b268e2475ba65d27cb50a1a |
| SHA1 | 5ef4253f8ae5762968603caf6f146025f3ce4f83 |
| SHA256 | c7ab058b2e2e24b75f58294e1f85d485dc6d4f84d701fc51d853c134e8561f9e |
| SHA512 | 60ed78bc78c44463f21087bc9e4bcaeca93060f3353aa764ee98e3517ea6608c4557de2c322057197d8db33befeb4ba4034cb747233e4bf718f5798ccf3c8cef |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\PIL\_imagingmath.cp38-win_amd64.pyd
| MD5 | 8d5186085b48a4f57257eb043e04fed1 |
| SHA1 | 53d26563c743f8bb6ca25aa2ffdbf70a70ad5469 |
| SHA256 | 0831c589093e72306f50fff6957039e8646fa0ef38f8ae0b4970182f0b39ea95 |
| SHA512 | 8d9fa15813c533cef0bf2f2e3c20db8301b063e878ddc8d4ccbd6f50c1346a36f58fe4c1a7aab7eca8624fd82306ddf869209804d4bc862aebd6284cd663a7c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\_decimal.pyd
| MD5 | b6bd7872e7f4c5020bf14906831aec73 |
| SHA1 | 63911584ea66607c665319dc2143b3c6f92a6aff |
| SHA256 | d0578670b5971f24df1a74c2d33596acaac0d56ef974d178f2744ae1773a6aff |
| SHA512 | 86480d265b5dc94e53a53a444a4a23bfc1eae6ac1a9532eb0355759c23072589ed7904807d511f16ff98a0c3499de675c1abfcfe531ec2d02f0b065cbc28452b |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\PIL\_webp.cp38-win_amd64.pyd
| MD5 | 3653a4f6beccdf2b091aac38d28b12ac |
| SHA1 | 5ae532d4ae339d3198b5ec7e181c068cd2ae311a |
| SHA256 | 33b47139417b8ef6f8ba7840326a581bf717ad50b63257eaba9bc669517e6481 |
| SHA512 | 8e7ee332447db9b7d168fb8b718cc2a69bb59b0d251d2b94626629103010946c50f3de48723123919b9fb60df117de738c16c38f987421256ab8cafcf1832952 |
C:\Users\Admin\AppData\Local\Temp\_MEI30082\Document.pdf
| MD5 | a96a5ed6d25bc6dc6484ae49d654b043 |
| SHA1 | 32acf92a780d84d3c3110568c426d45f0f59c4f2 |
| SHA256 | c168c252e0d8a7f3efd9430fe13d816b774a85c5686a1feb12e3eec411dae027 |
| SHA512 | a1902a12ff6ababa1318a519ebfd80b90ecdd3c8e64cd72b62a1a9b1d17cdb8c32b4a1289b46e3b87835de878c6b29fa4655fa9a19007d387eb5fd79ed3f9e1a |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 10:23
Reported
2024-06-20 10:34
Platform
win11-20240611-en
Max time kernel
447s
Max time network
456s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\imgto_local.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |