03f465505ded1fc79e566d7e81bd1cf33fab2876a11ec4ac7e39da238db467f7

Analysis

max time kernel
86s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06/07/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spotify/resc/lib.exe
Size

11.1MB
MD5

db84d160a0bc7c225b7f40cd3517c070
SHA1

363eaf4c468775cd90bd987d5fe9c234ad057212
SHA256

82eced0c60a3d89e563eecd81842d0caf33693395e12174d7080fdb4b173db95
SHA512

c32d55c2e7bbbd603211051c3a9cb1b25c9e479d97598925bb32086e61354d84ea62e928966913c80dee0c1be13e0da30cc34536c9177b318ae804192eed3e7d
SSDEEP

196608:YegaVcz64fioP1HqsimvlG2etbYPvbJQlHJCOI5sw8CYP7Jg44EMo5Wiu:1cz64NP1RimtokJQlpFC7uMi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe
1620	lib.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 1620	4348	lib.exe	79
PID 4348 wrote to memory of 1620	4348	lib.exe	79
PID 4348 wrote to memory of 1620	4348	lib.exe	79
PID 1620 wrote to memory of 4336	1620	lib.exe	80
PID 1620 wrote to memory of 4336	1620	lib.exe	80
PID 1620 wrote to memory of 4336	1620	lib.exe	80
PID 1620 wrote to memory of 8	1620	lib.exe	81
PID 1620 wrote to memory of 8	1620	lib.exe	81
PID 1620 wrote to memory of 8	1620	lib.exe	81
PID 8 wrote to memory of 2952	8	cmd.exe	82
PID 8 wrote to memory of 2952	8	cmd.exe	82
PID 8 wrote to memory of 2952	8	cmd.exe	82

C:\Users\Admin\AppData\Local\Temp\spotify\resc\lib.exe
"C:\Users\Admin\AppData\Local\Temp\spotify\resc\lib.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Users\Admin\AppData\Local\Temp\spotify\resc\lib.exe
  "C:\Users\Admin\AppData\Local\Temp\spotify\resc\lib.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4336
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c mode con: cols=110 lines=32
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:8
  - - C:\Windows\SysWOW64\mode.com
      mode con: cols=110 lines=32
      4⤵
      PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI43482\VCRUNTIME140.dll

Filesize
81KB

MD5
2ebf45da71bd8ef910a7ece7e4647173

SHA1
4ecc9c2d4abe2180d345f72c65758ef4791d6f06

SHA256
cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b

SHA512
a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_bz2.pyd

Filesize
76KB

MD5
2002b2cc8f20ac05de6de7772e18f6a7

SHA1
b24339e18e8fa41f9f33005a328711f0a1f0f42d

SHA256
645665cf3338e7665e314f53fbbcb3c5d9174e90f3bf65ddbdc9c0cb24a5d40d

SHA512
253d0c005758fcb9e0980a01016a34073e7cdffb6253a2ba3d65a2bb82764638f4bd63d3f91a24effd5db60db59a8d28155e7d6892d5cc77c686f74bf0b05d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_cffi_backend.cp38-win32.pyd

Filesize
143KB

MD5
10e3e0f4d6b4939100422e3b8d5fddc8

SHA1
dda3f85a8ebb63f1394180f544bf19c0011324e4

SHA256
d45600ac91ba75b88bcdc8730161371a57fb9ab4248d25ef96b82b171da293ca

SHA512
7300e15bc6b5bb8eba34d2d04c58f79eb6c10d941250f77abbeb6862f983372706ef74bd5e3901ad33cf0bfb6d59bb00610c67e80674acf8f43cac95276906cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ctypes.pyd

Filesize
113KB

MD5
c827a20fc5f1f4e0ef9431f29ebf03b4

SHA1
ee36cb853d79b0ba6b4e99b1ef2fbae840c5489d

SHA256
d500cff28678eced1fc4b3aeabecc0f3b30de735fdefe90855536bc29fc2cb4d

SHA512
d40b816cde6bdf6e46c379674c76f0991268bd1617b96a4e4f944b80e12692ce410e67e006b50b6a8cfaef96aacc6cb806280bac3aa18ee8690669702d01065c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_hashlib.pyd

Filesize
37KB

MD5
f9799b167c3e4ffee4629b4a4e2606f2

SHA1
37619858375b684e63bffb1b82cd8218a7b8d93d

SHA256
02dd924d4ebfbb8b5b0b66b6e6bb2388fccdad64d0493854a5443018ad5d1543

SHA512
1f273bb5d5d61970143b94696b14887faa5ed1d50742eccec32dbd87446d696ff683053542c3be13d6c00597e3631eb1366abb6f145d8cc14d653d542893001b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_lzma.pyd

Filesize
154KB

MD5
38c434afb2a885a95999903977dc3624

SHA1
57557e7d8de16d5a83598b00a854c1dde952ca19

SHA256
bfe6e288b2d93905f5cbb6d74e9c0fc37145b9225db6d1f00c0f69eb45afd051

SHA512
3e59b79c47cb022d7acec0af164c0225cd83588d5e7f8ca3e8a5dfae27510646391a1b08d86d5ee0b39d1b6bf08409d3758488df3c8cc4d458bed9faab7686e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_queue.pyd

Filesize
24KB

MD5
33a3af108a41c487d6eb6fbc0bbf54dc

SHA1
6b6dd40f7fb163fd2f6ea113dbec0316026b945d

SHA256
e7859d57a449ba5d5e78bef573d9ff4c68d3c9df692a04737f0737b340d2b618

SHA512
65a88ede3c9cd370dd0ba9c1b8676f252cdc14238a4d7b06c63634f255eec846856fd7248e6e00c04f335664687b91f96208278d1477653591841879f624dcbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_socket.pyd

Filesize
67KB

MD5
6b59705d8ac80437dd81260443912532

SHA1
d206d9974167eb60fb201f2b5bf9534167f9fb08

SHA256
62ed631a6ad09e96b4b6f4566c2afc710b3493795edee4cc14a9c9de88230648

SHA512
fa44386b9a305a1221ed79e1ca6d7edf7a8e288836b77cdca8793c82ebf74a0f28a3fc7ae49e14e87029642d81773d960c160c8b3bcb73e8a4ec9a2fd1cdc7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ssl.pyd

Filesize
139KB

MD5
e28ee2be9b3a27371685fbe8998e78f1

SHA1
fa01c1c07a206082ef7bf637be4ce163ff99e4ac

SHA256
80041ce67e372f1b44b501334590c659154870286d423c19f005382039b79476

SHA512
708e4069bafa9c5fb0d324e60cc81b1a3a442113f84a4e832a97b4196bee0a4a91f2e13239c91757512e1b42bb23166360ad44a5dce68316799aafc91e5bba04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\base_library.zip

Filesize
767KB

MD5
df2666d9ca8bd120e83706ffcdff8ca8

SHA1
65c44d51c75e8d06eb7724c7f895ce2f4c356cb1

SHA256
b76f9ce38c1168888b6cb237a22916baeea455af7b97d8dd62f8c7c2c8fce9ce

SHA512
4fedc74a01af38b799ab4122fe1eba11b34bc89848b435033caf5848ff3473d3af684ed28498b3c740d909b97aa2a34ca658eaa0a6f3c551986c98958e8ff5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\certifi\cacert.pem

Filesize
277KB

MD5
edd513e1d62ca2b059821b8380c19d19

SHA1
7e785afc6a7174f008b8b6e775c91c018d72aee3

SHA256
870068ef78059c5d012a23f715029f1b7db19060e1c65e12c024221f6ac32abd

SHA512
31450f875b46bbbb8e8d2f2e075f82ab4cfe175dadd966be22c66206d5dc2517a870a8cfc46f2f094b6810c09b447bd46354b67c128843b997957522d3cf4f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\cryptography\hazmat\bindings\_openssl.cp38-win32.pyd

Filesize
2.2MB

MD5
ce862548071804a5fc023233b1cce15e

SHA1
a969f5428ea104f664811ec4a2fa108397671c53

SHA256
4364a4845940d3565e9cd2ee33fb8c621111771e48eb6517e7c4bcbdc09c1b05

SHA512
72d8be8a11413baad0408bbaafb7a478fa5dcac92fafa9bd6fa8dcdf1c8c5095005394444e759004fadd39e1547a0a552fe786fbdc027261b0d66a89805329c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libcrypto-1_1.dll

Filesize
2.1MB

MD5
aad424a6a0ae6d6e7d4c50a1d96a17fc

SHA1
4336017ae32a48315afe1b10ff14d6159c7923bc

SHA256
3a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377

SHA512
aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libssl-1_1.dll

Filesize
525KB

MD5
697766aba55f44bbd896cbd091a72b55

SHA1
d36492be46ea63ce784e4c1b0103ba21214a76fb

SHA256
44a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b

SHA512
206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\main.exe.manifest

Filesize
1KB

MD5
0890f6b07d2b6670166756d55421bfb4

SHA1
606b3964554edafba39ce59a717bed8b14e627f5

SHA256
c66443f5afed808ab11300d57b739c40ec2c0e9961d9c4cd70d5c9297ede46c0

SHA512
d815e134d027b66737e6053e0cbdda1c590dbc6f08821c9a183017bce7d0934a50e796b87c7d58c453686a9536f1ce6b01eb28a306c184abd390f7c09a85492c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python38.dll

Filesize
3.9MB

MD5
c512c6ea9f12847d991ceed6d94bc871

SHA1
52e1ef51674f382263b4d822b8ffa5737755f7e7

SHA256
79545f4f3a658865f510ab7df96516f660e6e18fe12cadaaec3002b51fc29ef6

SHA512
e023a353d6f0267f367276344df5f2fdbc208f916ca87fa5b4310ea7edcac0a24837c23ab671fb4b15b109915dfd0e57fbe07593a764b3219312ed5737052822

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\select.pyd

Filesize
23KB

MD5
441299529d0542d828bafe9ac69c4197

SHA1
da31b9afb68ba6e2d40bbc8e1e25980c2afeb1b3

SHA256
973f851dfaf98617b3eb6fa38befeb7ede49bd993408917e207dc7ea399de326

SHA512
9f0fb359a4291d47b8dc0ec789c319637dde0f09e59408c4d7fd9265e51c978aa3ba7ea51ca9524833814bca9e7978d9817658655ee339191634d4ae5f426ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43482\unicodedata.pyd

Filesize
1.0MB

MD5
a6d810b309ab234056f2ec5617afd5ca

SHA1
e11da3968d94b3358fbaf2c39d2a300ffc287dc6

SHA256
9b0b201f338c8c2844be144ac7622d38e3b85ec9c24c0ac128863820da8c41f6

SHA512
94b5bb2e3c430fcb5f9e1d83a3c56dee898afb7e872db5763a3bd05bd7a9b38bf017d71f71b692bc29801b5b2566cc19f91f8b100f48c81c0267d827620e1ab9

Download Submit
memory/1620-998-0x0000000003E30000-0x0000000003E31000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads