Analysis Overview
SHA256
072810611923fa8f1c046c96d626393223a5e4c2a6741f700352d75282b44d22
Threat Level: Shows suspicious behavior
The file cl_pg_installer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-20 14:46
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 14:46
Reported
2024-06-20 14:49
Platform
win7-20231129-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1712 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe |
| PID 1712 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe |
| PID 1712 wrote to memory of 2860 | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI17122\ucrtbase.dll
| MD5 | d40325e6c994228a3403f8ba8f24601f |
| SHA1 | 6266b5dc2001ffd75da3588dd7c43027a706589d |
| SHA256 | a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862 |
| SHA512 | 59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 7f1ee2e33c903c7ea23dc80a19d6ec3c |
| SHA1 | 5e533f79dd14268c42e426efb1d3c3d29106e47e |
| SHA256 | 2ae12476304e22e7f31c71398fcf0acb626a6b44b37a7f68b6357cd049567d2f |
| SHA512 | 266f0337c1ea2c39b6248c5db9b8f500dca7664c11e72abcf37b3e04b541ec8f7efa84d46980c0bf007cdc8df726703de5bb04bc7c62da4e99d354d7cb4cafaa |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 92233d5f2057a6c99939e1549c8a63ab |
| SHA1 | 3e9a3b9e362025410d69458727462bb6338198f0 |
| SHA256 | 6fe93c03cb84c7be2e8ef5c12f6c1595861c78edd1e099137f0c0866dc2fa5d0 |
| SHA512 | 9aff968531a3cab229b3b5d216299149bf6ecf03086c5ddbe5a09ed52b62434ceffcf245be6306d7308e478acc5c445e1a6494491c0e8627818ec2472ce052fb |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\api-ms-win-core-file-l1-2-0.dll
| MD5 | e36ac4af8b02564857edaa68e2bbe1c0 |
| SHA1 | b6b379261b5432b019b4182b7be50ae61c1fd06e |
| SHA256 | 4237c0d089329b605d5416dae4005e1c4808a284b51dbaafe07a4b2cc7fcfb00 |
| SHA512 | 61a6b2cd08ee54765d9ec6d2d1ae1b898b40a718eee022c74300a1c640afc7bbb43e7269e3caf42703991507e354566aca6923ea9e32bb513f4a1504feff2e4a |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 49100ae18d47b3a944205adb0820ff90 |
| SHA1 | 5ecd49104c4f5c15a4147bfee35c6b9ac1291d0f |
| SHA256 | 53ecaca6e272bb4b283013a76a23004f8fa5bc0340d171b764c2bbd856e26a1f |
| SHA512 | 899a5b3f1b9a93db634507bde71be8157acba6fac4af3d35d08fca598a7cf6dc5c5d16fa122493a0516c13a22466909165ff94ef99ec9f394cbf2f2ced7a82cc |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\api-ms-win-core-file-l2-1-0.dll
| MD5 | e8bdf021f69a63aa761ee231ace7efbe |
| SHA1 | f1ba959f0c196748c9fd7a81f4b626075fd8afe9 |
| SHA256 | d0d8495562a6c8b7f6d68dcd9dbd096dc5b68a5f337b7fd0b1fea60014c25adb |
| SHA512 | f16dfc423cfa60c11d215db3448b93c7f3b405f96002ba636068f51f2de1971b4ccd8b020fad1b761ab82e8692a80872668d0baf9a560ad012f30ae440d73c81 |
C:\Users\Admin\AppData\Local\Temp\_MEI17122\python310.dll
| MD5 | e9c0fbc99d19eeedad137557f4a0ab21 |
| SHA1 | 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf |
| SHA256 | 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5 |
| SHA512 | 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 14:46
Reported
2024-06-20 14:47
Platform
win10v2004-20240611-en
Max time kernel
17s
Max time network
20s
Command Line
Signatures
Loads dropped DLL
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2448 wrote to memory of 2804 | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe |
| PID 2448 wrote to memory of 2804 | N/A | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe | C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"
C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cl_pg_installer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI24482\ucrtbase.dll
| MD5 | d40325e6c994228a3403f8ba8f24601f |
| SHA1 | 6266b5dc2001ffd75da3588dd7c43027a706589d |
| SHA256 | a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862 |
| SHA512 | 59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\python310.dll
| MD5 | e9c0fbc99d19eeedad137557f4a0ab21 |
| SHA1 | 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf |
| SHA256 | 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5 |
| SHA512 | 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\base_library.zip
| MD5 | 59465b6baee977e8914356a90287c3d0 |
| SHA1 | 252a47d80a1cc308d26be4208706146f05172a55 |
| SHA256 | fcc98ffcf62886fcdc9b5808faa8b8374a0b37ac42589f6a9124a70606ba1fd9 |
| SHA512 | 5367d2553eba9364f2117a63bbbb588d100336ece9045f034ac6b21a9d39ec790f8f6721eb5ffb49037f59f25f3b77d73dba0cb5fea9aa44f12863d2210b41f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\pywin32_system32\pywintypes310.dll
| MD5 | bd1ee0e25a364323faa252eee25081b5 |
| SHA1 | 7dea28e7588142d395f6b8d61c8b46104ff9f090 |
| SHA256 | 55969e688ad11361b22a5cfee339645f243c3505d2963f0917ac05c91c2d6814 |
| SHA512 | d9456b7b45151614c6587cee54d17261a849e7950049c78f2948d93a9c7446b682e553e2d8d094c91926dd9cbaa2499b1687a9128aec38b969e95e43657c7a54 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\pywin32_system32\pythoncom310.dll
| MD5 | 020b1a47ce0b55ac69a023ed4b62e3f9 |
| SHA1 | aa2a0e793f97ca60a38e92c01825a22936628038 |
| SHA256 | 863a72a5c93eebaa223834bc6482e5465379a095a3a3b34b0ad44dc7b3666112 |
| SHA512 | b131e07de24d90a3c35c6fa2957b4fe72d62b1434c3941ad5140fb1323aacba0ec41732dac4f524dc2f492b98868b54adc97b4200aa03ff2ba17dd60baea5a70 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\select.pyd
| MD5 | 994a6348f53ceea82b540e2a35ca1312 |
| SHA1 | 8d764190ed81fd29b554122c8d3ae6bf857e6e29 |
| SHA256 | 149427a8d58373351955ee01a1d35b5ab7e4c6ac1a312daa9ba8c72b7e5ac8a4 |
| SHA512 | b3dfb4672f439fa43e29e5b1ababca74f6d53ea4bad39dfe91f59382e23dbb2a3aea2add544892e3fcd83e3c5357ee7f09fe8ab828571876f68d76f1b1fcee2f |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\libssl-1_1.dll
| MD5 | de72697933d7673279fb85fd48d1a4dd |
| SHA1 | 085fd4c6fb6d89ffcc9b2741947b74f0766fc383 |
| SHA256 | ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f |
| SHA512 | 0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_brotli.cp310-win_amd64.pyd
| MD5 | 6d44fd95c62c6415999ebc01af40574b |
| SHA1 | a5aee5e107d883d1490257c9702913c12b49b22a |
| SHA256 | 58bacb135729a70102356c2d110651f1735bf40a602858941e13bdeabfacab4a |
| SHA512 | 59b6c07079f979ad4a27ec394eab3fdd2d2d15d106544246fe38f4eb1c9e12672f11d4a8efb5a2a508690ce2677edfac85eb793e2f6a5f8781b258c421119ff3 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\MSVCP140.dll
| MD5 | db9ef68242779edfea04d56f6ea6f86f |
| SHA1 | 434b1f316b4aeaf5821570a8d93f1af046aa0038 |
| SHA256 | 87c2762bacaaf45c43b33dc325a86eae29ea9801daeddf597d212761330f6829 |
| SHA512 | 443ad7d7205ed0183982b0237ab67fe545c1b450388ca91013bdc341d10bea4f8eab197d9f5fd5e67808c1e56e0c487831e7f845c60c74a6d7f3896f0893dfcd |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_hashlib.pyd
| MD5 | 0d75220cf4691af4f97ebcbd9a481c62 |
| SHA1 | dadc3d5476c83668a715750ed80176dbbb536ec7 |
| SHA256 | 9da79abfed52c7432a25a513f14134f3782c73ec7142e2d90223610eaef54303 |
| SHA512 | c00bd7a768e2eef7956d05f10330f3669b279866221085f9e9b97c4e553bb44356d041e29fd4337142ccbdf4e200769d69a235c1c5ddeb6fc64d537629eac112 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\unicodedata.pyd
| MD5 | c01a5ce36dd1c822749d8ade8a5e68ca |
| SHA1 | a021d11e1eb7a63078cbc3d3e3360d6f7e120976 |
| SHA256 | 0f27f26d1faa4f76d4b9d79ad572a3d4f3bbe8020e2208d2f3b9046e815b578a |
| SHA512 | 3d4e70a946f69633072a913fe86bada436d0c28aca322203aa5ec9d0d7ae111129516d7adb3fdeef6b1d30b50c86c1de2c23a1bc9fba388474b9d9131c1e5d38 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\simplejson\_speedups.cp310-win_amd64.pyd
| MD5 | 5984cb75a12c78927392d33300418ed4 |
| SHA1 | 8c56104b0261746cb025d2cbf5fe70fecb18e915 |
| SHA256 | 38060fd9230e9f238ec1fec51a6a2459c7554deb43387f07a24e257a9b8e162e |
| SHA512 | 67dd5922875c4971d68dbbb855ee85f024a6fb4d246d6d9712e9aaa895293c98d679eca713bd956d8224a115413dfcf8eea23e733b2db318948db4f2bc5bd1fc |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\win32com\shell\shell.pyd
| MD5 | 1f3cf8bb9c1a3a48f104cec3d384cdcb |
| SHA1 | ad759332a98d2b465087eef480f827b0ae004482 |
| SHA256 | 4a5e1c739e0ebf66e2d763b5ccac9e533761114eccede18e7711fd3de46dedef |
| SHA512 | d7613195b3b8d126fd2d6986af2069c068ecc2406e209a9a192f91c07ac805c15140bff70fed7eb737683f04f118633038eac3e4b4fbab1e6edde2fcc1bc5ef8 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_decimal.pyd
| MD5 | 8a2530a8d7e3b443d2a9409923eb1cba |
| SHA1 | cfa173219983c0c14d16f3fd21ea02c4dbb6c5bf |
| SHA256 | 4f1ecc777c30df39cd70600cd0c9dc411adb622af86287b612f78be2a23b352c |
| SHA512 | 310831ce8bd56b0299536c2059748207d774ac965001b394a16e2dfeeb532be0362e0810f2a1f10dcffffdb0f523a5c592cb3f9bfe56fa766a4c409a2a052388 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_queue.pyd
| MD5 | c8a1f1dc297b6dd10c5f7bc64f907d38 |
| SHA1 | be0913621e5ae8b04dd0c440ee3907da9cf6eb72 |
| SHA256 | 827a07b27121200ed9fb2e9efd13ccbf57ca7d32d9d9d1619f1c303fb4d607b7 |
| SHA512 | e5f07935248f8d57b1f61fe5de2105b1555c354dd8dd98f0cff21b08caba17b66272a093c185ca025edb503690ba81d5fa8b7443805a07338b25063e2f7ea1b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\VCRUNTIME140_1.dll
| MD5 | 135359d350f72ad4bf716b764d39e749 |
| SHA1 | 2e59d9bbcce356f0fece56c9c4917a5cacec63d7 |
| SHA256 | 34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32 |
| SHA512 | cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\libcrypto-1_1.dll
| MD5 | ab01c808bed8164133e5279595437d3d |
| SHA1 | 0f512756a8db22576ec2e20cf0cafec7786fb12b |
| SHA256 | 9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55 |
| SHA512 | 4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_ssl.pyd
| MD5 | 80f2475d92ad805439d92cba6e657215 |
| SHA1 | 20aa5f43ca83b3ff07e38b00d5fbd0cf3d7dbbab |
| SHA256 | 41278e309382c79356c1a4daf6dbb5819441d0c6e64981d031cda077bb6f1f79 |
| SHA512 | 618cd6ca973a0b04159a7c83f1f0cda5db126a807982983fea68f343c21e606a3cdb60b95a2b07f4d9379149d844755b9767fea0a64dd1d4451ab894a1f865b5 |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_socket.pyd
| MD5 | f59ddb8b1eeac111d6a003f60e45b389 |
| SHA1 | e4e411a10c0ad4896f8b8153b826214ed8fe3caa |
| SHA256 | 9558dda6a3f6ad0c3091d643e2d3bf5bf20535904f691d2bdb2ce78edf46c2da |
| SHA512 | 873c6841ebf38b217465f1ead02b46a8823ef1de67d6608701e30faf5024ed00ab3c4cc4aa8c4836552ecdb16c7470fe965cf76f26ee88615746d456ff6a2bcf |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\win32\win32api.pyd
| MD5 | fc7b3937aa735000ef549519425ce2c9 |
| SHA1 | e51a78b7795446a10ed10bdcab0d924a6073278d |
| SHA256 | a6949ead059c6248969da1007ea7807dcf69a4148c51ea3bc99c15ee0bc4d308 |
| SHA512 | 8840ff267bf216a0be8e1cae0daac3ff01411f9afc18b1f73ba71be8ba70a873a7e198fd7d5df98f7ca8eee9a94eab196f138a7f9f37d35c51118f81860afb7d |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_lzma.pyd
| MD5 | afff5db126034438405debadb4b38f08 |
| SHA1 | fad8b25d9fe1c814ed307cdfddb5cd6fe778d364 |
| SHA256 | 75d450e973cd1ccbd0f9a35ba0d7e6d644125eb311cc432bb424a299d9a52ee0 |
| SHA512 | 3334d2ad9811e3be70b5a9fd84bc725c717a3ac59e2fd87e178cb39ac9172db7f9ec793011c4e613a89773b4f2425be66d44a21145a9051bed35f55a483759cc |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_bz2.pyd
| MD5 | d61719bf7f3d7cdebdf6c846c32ddaca |
| SHA1 | eda22e90e602c260834303bdf7a3c77ab38477d0 |
| SHA256 | 31dd9bfb64b1bee8faf925296028e2af907e6d933a83ddc570ebc82d11c43cfb |
| SHA512 | e6c7eab95c18921439f63a30f76313d8380e66bd715afc44a89d386ae4e80c980c2632c170a445bad7446ee5f2c3ee233ccc7333757358340d551e664204e21f |
C:\Users\Admin\AppData\Local\Temp\_MEI24482\_ctypes.pyd
| MD5 | 3fc444a146f7d667169dcb4f48760f49 |
| SHA1 | 350a1300abc33aa7ca077daba5a883878a3bca19 |
| SHA256 | b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68 |
| SHA512 | 1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8 |