98663e8523691e6e46dc137bea30217999ec5e0514629d07157b203be771d853

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SPAMERTG.exe
Size

43.1MB
MD5

50cde436f118c18c3ce8feb2254d0c4f
SHA1

efb21723f39876419d9206e8fe2ea5002faf53ec
SHA256

98663e8523691e6e46dc137bea30217999ec5e0514629d07157b203be771d853
SHA512

2db655aabe0421028ab80886906edf6b501e52f135f323776c603c4ac5a1000fa3f9b606469cfe9a2aa7530f35d56d07f000dd371f69bc6972f754067c125148
SSDEEP

786432:xe/cR+7jlg2iJAOsJaRn1orTX9a1o+l81mQNYottfFOW6iQQ2tHKp7hznGZsUL:Ked2iMM1gkl8ZYgOWgQKKp7Qu

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 30 IoCs

pid	Process
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe
2620	SPAMERTG.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2620	SPAMERTG.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2620	2128	SPAMERTG.exe	29
PID 2128 wrote to memory of 2620	2128	SPAMERTG.exe	29
PID 2128 wrote to memory of 2620	2128	SPAMERTG.exe	29

C:\Users\Admin\AppData\Local\Temp\SPAMERTG.exe
"C:\Users\Admin\AppData\Local\Temp\SPAMERTG.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\SPAMERTG.exe
  "C:\Users\Admin\AppData\Local\Temp\SPAMERTG.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21282\PIL\_imaging.cp36-win_amd64.pyd

Filesize
2.4MB

MD5
ed134ab8ba25115decd47e3a5db22ae6

SHA1
ba8a6c6e0ab958b4ecf1ea56862c909e75e4dd3b

SHA256
09ce8f3ef25b07b7fe05585ac2a2e4baa5721b84050d53b73d75d3ac5675b687

SHA512
c66769aa7b2af34c8d53abff1606788fc61db6de206c19215bfb3054acd2f0c8f7ec2982616f7788002729bc2788629d4af26177d136cf690877ca064079943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\REPORTER.exe.manifest

Filesize
1KB

MD5
3ab724b479cd929d85dc59acc8754b1f

SHA1
28f3e43f3b566d99cc1874323995af5bcd1ba6d0

SHA256
9af4fe2f4979a5b9ff884b328cab428b2315675cca7bd03e2252df05281cf5a7

SHA512
a5572e3a697233a0eac6bee846843f56602fb4e358e4ca8e8093c0b09715d7505e2fe197f073b4e821fca8e723d0d2becc3aa191f284a68939bb333e26bcc338

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\VCRUNTIME140.dll

Filesize
85KB

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\_bz2.pyd

Filesize
92KB

MD5
c9bfb31afe7cce0b57e5bfbbfda5ae7a

SHA1
37a930d22a9651f7ae940f61a23467deaa1f59d0

SHA256
58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614

SHA512
3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\_ctypes.pyd

Filesize
122KB

MD5
3e3785757daea4e4e05a1b24461a60e1

SHA1
6b114125c9f086602cbc1e0ce0723374c90884cb

SHA256
72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14

SHA512
a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\_hashlib.pyd

Filesize
1.4MB

MD5
86db282b25244f420a5d7abd44abb098

SHA1
992445028220ac07b39e939824a4c6b1fda811dc

SHA256
ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168

SHA512
62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\_overlapped.pyd

Filesize
41KB

MD5
5fce06df2892492c4470b246c1964565

SHA1
d52eb086a56c2dc8be34fb5b29a6060cc71a4a92

SHA256
1fc14739cf0b5fb9aeb5a3ee7af4aa8231cb79211275d91540aa961fba5b2eb5

SHA512
0a610e03b57359c1c50e559db322638c9b02a3fd8fa3765d1cd148c0f851ca773c0f1a757b2b6c0f8124014b9e583209106e58ebe27f55390f44d2877111bd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\_ssl.pyd

Filesize
1.7MB

MD5
61fb40f4c868059e3378c735d1888c14

SHA1
73423b0e17eb9a0c231f4d6bffb2541a08975ed2

SHA256
ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2

SHA512
e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\base_library.zip

Filesize
756KB

MD5
9a7ba79bf3239d947efc39fcd5685b7c

SHA1
e75c8e64cbcb4d1d2e79c5a09d8565202a224933

SHA256
1ba6bf86fcb71e1ab5f3c527cb52ac3dad5f6713a09c5eff6fbaef421a19aebb

SHA512
78e9ace8a19ac900d95619907e0967e8c13d1a717d6c724c75fef2fdc7003c933845f9a809730ba28cab8b8fa07d0e826a8f014f7e6aaa3dbfb93633687b8218

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\python36.dll

Filesize
3.4MB

MD5
7e5ad98ee1fef48d50c2cb641f464181

SHA1
ba424106c46ab11be33f4954195d10382791677d

SHA256
dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d

SHA512
7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\unicodedata.pyd

Filesize
884KB

MD5
1c35e860d07c30617326d5a7030961b2

SHA1
44f727f11b2a19b078a987ad4f4bf7b6ccb393c2

SHA256
7c115398f9975004b436c70cfa5d5d08e9f3f1d0f1c8a9e07eeeac96affe6625

SHA512
863ffa0d09c7e7fc00b3a5ec8101ed31b6794f8b1dab96501c11725f247dfc5315f9b20602d424e384fdc20031e5d59ae65be1ecc5b72976ac3e2813b0cd2276

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21282\yarl\_quoting.cp36-win_amd64.pyd

Filesize
80KB

MD5
3f355913323590708379cfafc74d3457

SHA1
06179b523ce8badd42653a47604f62ddb20cf015

SHA256
a411f3eaaac85ffa5e8d873ea6816e77b16f197c6ec4a6bc839a9a5eddd43c4f

SHA512
e239bd8463d9878216505e74595a1410ac01b21a8444ff360ec720b21e7c521d86b30faf4cb46af6ff7ed64bc35b583c17c02d31aae51d5e1c1d2f8ad736db49

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_asyncio.pyd

Filesize
58KB

MD5
fc28a6110f19234f3b626768779b7896

SHA1
68576a323e1db9ad55ed5a27b98b3963f6d76e6e

SHA256
a73c6f66d1224e47bce99d7cd0b7a87695fa181a348bde2a923dd27b44cf84e6

SHA512
28ba51db2e092a08b7d287887e5bc30a8cbf9e2665f0881ad3f272751d929f1335e3b30b21515da77b3b07a985350b846acb1db94deda9da8a6004622cb54cc2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_cffi_backend.cp36-win_amd64.pyd

Filesize
176KB

MD5
73f1df8dcc309fe0be69a7b5bbd6a5a6

SHA1
199a0355689536f3b1c7d6293d0bfa9d84132aa0

SHA256
165f5f342c5c560c1e647e8beb82f5044d5a91783754fc38baf9925ed52e290d

SHA512
e6c9be073983ab0fc6397e953fb42c61d1657d0b165738dcdd8a6d1606f06568d62a1d3023bba96bc4de7507669fe75e1f4677301967db7a7ae62c456264b974

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_elementtree.pyd

Filesize
169KB

MD5
7aebdd5b0fef8b291a7040e17a17d8cd

SHA1
2095ba7da7add13aa26485bccf8ed1062985f6d8

SHA256
be7a5cf8b20148f9726573d7128e2bcf90add7e46188e57839847db83b8e89bc

SHA512
9381b13067e8a888f8dd02ace3b6fa0b005b0988e0ccad25c92379d644fe355f3b3622f947c54b4642520e8b2d99872c083c1729a3688e98b6a3d1768eb39eb2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_lzma.pyd

Filesize
248KB

MD5
857ba2d859502a76789b0cd090ef231a

SHA1
352378e0f9536154d698ecbb4c694aae8d416787

SHA256
42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144

SHA512
ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_multiprocessing.pyd

Filesize
28KB

MD5
3695d3f782373a23158b2a95b1b667e1

SHA1
7212326c300128042615e0f4ee16dfbe045c3d0c

SHA256
3025fc4ac32b969350cba3be50c44b1a627295f3c66c69c382aa80aef01b4e5a

SHA512
d6f9f9a40ead7278d11ed64d680335310271845300efb13e47bb0a1dd4016f0e1ce7ed922fe0dddd39c081bfe8cc934f5ced81ed852d8feeeabe40a51b268624

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_socket.pyd

Filesize
70KB

MD5
7e080d04a56cd48cf24219774ab0abe2

SHA1
b3caf5603ce8da3da728577aa6b06daa32118b57

SHA256
77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760

SHA512
8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\_sqlite3.pyd

Filesize
83KB

MD5
cccc7ccb54fe4db0795e7aaa1caab495

SHA1
08928d8505296be3340b77433a78c01f0167d089

SHA256
6a4d92b3b1308487a2a829e92a8e8b5721e0ab5d9001397af4a375d5c3984a84

SHA512
26769273064f5017d442b9680f5d39d2a9da6404bc61b682af3452419434b7640e450be77dad73ac43fdea01a17d2def5ffdc46ae33ada60fd6233d7a90cf8ab

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\aiohttp\_frozenlist.cp36-win_amd64.pyd

Filesize
78KB

MD5
54d156421a9c8a7b6e56ffcaec663b08

SHA1
6247d519f47fb27d8bd06433ffdb27f274a46e28

SHA256
48def614b5c6f0a25886a813f41b542df2c58634a6beffc2fa80de40f865a47f

SHA512
93064906fbbbb60ac4ebc1e91983a98e1343492c333b3a6d5d6de0fdb5a1d1a98c74e0d134c132a3e0620f1dc182a6bfbf843a161243065bc5e3c90ad164639b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\aiohttp\_helpers.cp36-win_amd64.pyd

Filesize
58KB

MD5
286ca8a3e85fcbba8475cb5efbdb8841

SHA1
6abe0009aabc541b24bc87e2f7bd45866f9ce192

SHA256
7b3b83c28b42a242ffa6f6561df7bd929a52a9eb626d2b4adce6fbdbb2096866

SHA512
1b1077678835340e13b4cf5423191026608e70d8479b5d215f90424e87eec5e1fabd117ff44d404156a7f9d93077bd2954d3466a1d1820dd74b5c005d85fbc16

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\aiohttp\_http_parser.cp36-win_amd64.pyd

Filesize
249KB

MD5
e73963b98c9b7dc5ad94dd941f623633

SHA1
e8ab2405f0960955d579847a4a140db90a0c0e3c

SHA256
139e2e4a20c3d44263edf096b8ec71a8624acef0a27fa1d5e5ec0ad544b7c9af

SHA512
f1d561f9acd45dc683bc9d767d92eab32e5994487fc5089f53c166b3a106f12aa1d529e7402510452771c146037ca6bc84db08470c4b1af97896ce77573dba76

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\aiohttp\_http_writer.cp36-win_amd64.pyd

Filesize
50KB

MD5
ab825ffcbb0104e8a661730521ca4a8f

SHA1
dc8a4b65528fac14762aa14bf7fd779b31495c4c

SHA256
c2c0e22b27c011147bead304487299f71b04001068c2c75858a8ef17bc6fd9fb

SHA512
d512536c017cdc599495c10f0968dafccdb11d2a898785c822e6cfc79fb6bc6854b3a3019128d68267c40fd3cf95ea58659b8314f30df175afe9b766771f388b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\aiohttp\_websocket.cp36-win_amd64.pyd

Filesize
38KB

MD5
84131f5e5f41b515e2835185ca7d4487

SHA1
60c8b53877805ee6f8f52f79ec4c9837df0c3c88

SHA256
26f3a5f15283c2f7e1af74c31a8bcd49460affcb260a985685ec2e2b39389756

SHA512
5e7ee84d07cdd4ada2f853c7617fe07470a68dc08fc039458839015a5fa3f464884cede27f55aa067fd8265275cfd8d0bcd317ba5fe181d306af66a6fc1ef226

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\multidict\_multidict.cp36-win_amd64.pyd

Filesize
44KB

MD5
c23d8eafae6f8266d379720567ddfcf3

SHA1
799ffadd50d17aec0cbd05da3d3b0ffa59a7bef5

SHA256
4cb82fb164dd122043771dfeb512448d12d88296724423659c8b9b4b1700fe53

SHA512
6c447b7b2af9aaeb47661c117dc48bb69bf4842bf4de97dfdd8770c190cc61a34fe7cb79068c566c78429ef7bd7cc09e9d942218444b76117a012b0057992815

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\pycares\_cares.cp36-win_amd64.pyd

Filesize
132KB

MD5
07cbbd5323c7d9f43e3838e3eb32ec73

SHA1
e9b3c997041e1db0ff9162a0dc371f03b1a09094

SHA256
8aa8185d7bf4d9754271433c2892b9010a9149452053b0c24ad9b9951c0e11ba

SHA512
ee316232db08f76f4622dec80a86e188684f2745be9c2afb7e9cb6ab90b2965a4d3c4124b65662a709200cba4c7e535049d14810a94e13bcce60e6b278755711

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\pyexpat.pyd

Filesize
183KB

MD5
39d84649515d95284f2f7297bc84fcec

SHA1
465069ac60032b2377d9827c9ad0c416e23081c2

SHA256
72f3d5932ba5387cae504ddd30bee963628df8ef13d6d99e4497b1531a736dfb

SHA512
2903e41c40b8483f2941a429f126b8e443e7d2633b6cf76eaa9f269de2bbf5b72074c1835609c52e6488ab784048014a42aa37f2e13b7bcda6a8052d9e55ac73

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\pythoncom36.dll

Filesize
541KB

MD5
a7833a6016871d71f28239975f8fc8d5

SHA1
78133db32d58f059c199121b10c22308ea182086

SHA256
378297e34d14face229008029eeb4e8b0dba510adaa1e925a529418ff60508e4

SHA512
73a8e31418da02021fc54222bc89cca2679b31a10e79d77398d267f61fda49d5fb5191790dd1b9ba769095d2763db3dcaf3ee55dee1e7eafe1fd4b6975c1d391

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\pywintypes36.dll

Filesize
136KB

MD5
162e744b4e6508c2a02371cd5d82abd1

SHA1
0e9582b70ffc7fbec5c7178f06b9166f1dc99c82

SHA256
dd4019ea124054ef6f3cc74f5b4c50cdac55f1d289f9611d0f8e2f1c6738a8bb

SHA512
1578d88ed296ad5f8389ccc0fca8757fa8840db5db0d4589b4dba0dd44ded1aa83ff0ef2679a58f3b155ee97e8cf009bdbaa04f427ebee9881faff73dfa85ddd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\select.pyd

Filesize
26KB

MD5
290242633745524a3fb673798faabbe1

SHA1
7a5df2949b75469242c9287ae529045d7a85fd4c

SHA256
df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd

SHA512
a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\sqlite3.dll

Filesize
1.1MB

MD5
381f7d517392477dc535f25ac3343557

SHA1
97b92e3585a130fcddaa6d908c0aa421107a51f0

SHA256
cc93a60116b834a4367b37741fdfcc3a32b4a2edb315ee765ea0019e11b102f2

SHA512
1e1ed9c40e80e788cade1c52f9aa960081dfcb38cbba0fe807fc930041e7118c2f5c9c2a029f3bd23f19fb2d1f9b5c3201afdd35fafbf018ea68d9ae082418c2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21282\win32api.pyd

Filesize
129KB

MD5
79c853c9e1c11447c6085f6fe977bdd5

SHA1
ee9b302a2849959f8d41bb99e1891fc2106d68b9

SHA256
8f64315eccdcddb7c8b9b1ebc702078d5f260717f61fd4a5903284ab39118306

SHA512
aa830c2a874b9820e96ace8aa7fd7d778d74150fbc5c33c643cabc0b9e20b3aa409360fac1cf7ce3f017e94dd24fd43387bda44946128743c50b91f0e360c0fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads