7b7375dbd8fc6089d9c74f15b97126582e50625b2790ece0707c15837de22574

Analysis

max time kernel
213s
max time network
284s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12-07-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

8.6MB
MD5

75c773432e8687e11cbef1c57d0f51da
SHA1

c773ab179485ea2d470a1b8fa9b7e2c551c2652c
SHA256

9c4d909ca35d48d6267328c191a18cfcc16156a9a9e274023bbc91970e4b78a1
SHA512

a4b55473fa8516f6fffb2a1b9c648ff1344c55d836446f670d80b14bc3fb8df304b9c46bca9c73ee1813c5c35b8db04513f4ec5333955b83df571f6b0a5d1778
SSDEEP

196608:Tpk/EOlXEGH1qvuVj5EmqxWdMe7cb5nNARzQY:V6lXEGHcvuVdErIdMdbjU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4936	main.exe

Loads dropped DLL 42 IoCs

pid	Process
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe
4936	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 4936	1884	main.exe	79
PID 1884 wrote to memory of 4936	1884	main.exe	79
PID 4936 wrote to memory of 4864	4936	main.exe	80
PID 4936 wrote to memory of 4864	4936	main.exe	80

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ecb.pyd

Filesize
20KB

MD5
951193b354e4e64d0c0aebc56a7998e8

SHA1
0f56e3651f627dc3e42ec9aa7155b4a0f1b9926e

SHA256
b6f781ea8fea9d282daaddf5d220488e3db594bea8f972889224eaf89b75333c

SHA512
b1e2836b4815d73bd7fa0a45efcc5974a5981b110efda7f571e2a07dde60ce173b1815ab92068a92c741ca0c000cf84e270cbb26bc97b204b3f4a5d425080db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ofb.pyd

Filesize
21KB

MD5
c6d7d885bdca38b262917674814b7e8b

SHA1
62dbad83c1cd5757939435765ccf51e56ee072e1

SHA256
37f10f2ae5ee3641ee5734a1df125f6018c46774a3ecd083978d5005a8408315

SHA512
ac897bbe2b7c1cf48602378d46d631785df0c93b7bd2afeee4f1877cf6b728e1e13cf5188b6ffda50ba2f9e8e37005deceb128b4ce99b62947cabb6102d93982

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Hash\_BLAKE2s.pyd

Filesize
23KB

MD5
104cb75c4aadd2affb9353c2cd4f536b

SHA1
3841cc609bc3e6ba5add9e73208d58405f897962

SHA256
46e4c7c1a722b0934a4548f8b38629df02708b0797f3184733b65b08f2fc1ffe

SHA512
381c1b2a3de1c7fdfd3a7589fb950dc08e6ada83dc8654a4da08f80abfc4538285edcd90e24b084faf336d23d850a69884d0a141df13e4c1229dba6f4209db96

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
287KB

MD5
2a6bef11d1f4672f86d3321b38f81220

SHA1
b4146c66e7e24312882d33b16b2ee140cb764b0e

SHA256
1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c

SHA512
500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\Crypto\Cipher\_raw_cbc.pyd

Filesize
21KB

MD5
12dddb922810111a514894f48d4bc01c

SHA1
f32d9d9705c4f55906bd9d07e860c9a5d6b3a4bd

SHA256
c21ece2a625f62c1745ce5d3a9c9ce820f99210e49b45812e74fd3d4c4ec3e9d

SHA512
08c9dde2ac6e7385c07167b11c5bff9e30309764d4dd18aa0d6524b52e75e8edfe89e69a3553acd262d71c121f233200f4783e98a82e72d6b8a56abcbb055213

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\Crypto\Cipher\_raw_cfb.pyd

Filesize
23KB

MD5
eaaf8b001a65dbe4a412b85b2743a51c

SHA1
56f96dfef0a07424317b524d58899fda4e937c72

SHA256
613a464b026f52c714f2583671daa47ef87c05aab7f8b11685594ec9f509ce45

SHA512
85d01a80822f18280f467ac4354cb9f7e500486683f917245e90215e1d4c8bc3514739b6a320e7685f32ece7f424086f79539f3585da8657ef93a68778c4c1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\Crypto\Cipher\_raw_ctr.pyd

Filesize
24KB

MD5
817c9c0eef3ffd9a479cbfef4ce3b184

SHA1
47e6b6cc6fa244cf72600fac6a0326d11d9ad7f4

SHA256
19acb39247602d53929be014d3b13c72ee43139eb3813cf8444e1e9475db21fd

SHA512
3e1c41c6ef5683d42dd86316df65a84cc4913ba53cdc39828cff93534e432972f9da69e5a84f4b7ad756407922a5cef38af83c5feb6a740793fa442baed24a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\Crypto\Hash\_SHA1.pyd

Filesize
27KB

MD5
f8af8b1f0bbcaaaeb1669cb1426fba85

SHA1
548011d49f0c08332619f6a69a729e4b2367b99e

SHA256
8b20477e6f661ba1ba0edf647c2c1b575a2d18b9b80d8bfb9f1d8c953198f0a1

SHA512
4e79543f1fe543be23cff3106b01f5e96cc1a102f44212a1442ff99702fdc399abd2f848e3a82dc28b33ea159807e4bc0afc7f0603eec2c8e30779cc0c03471c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\Crypto\Util\_strxor.pyd

Filesize
20KB

MD5
2b3643a69518d2d0d8bd8a9c5dfbeb7e

SHA1
666abc726584dcefc32d33dd8d5dddfc737d42ea

SHA256
0bf0defa8abf73afbbd966b635d9cd939118b0d7ac591efff32711642eb998ae

SHA512
4dc7fa69d8b88090a6ef730ed0ea60de5516d7dfa2bdcb83dd2c062bbba84e884a13d8c3dc9f9db7ceb378aa37b17c2886ad57754673bbd37e55ce08db4007c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_brotli.pyd

Filesize
801KB

MD5
d9fc15caf72e5d7f9a09b675e309f71d

SHA1
cd2b2465c04c713bc58d1c5de5f8a2e13f900234

SHA256
1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf

SHA512
84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_cffi_backend.pyd

Filesize
177KB

MD5
210def84bb2c35115a2b2ac25e3ffd8f

SHA1
0376b275c81c25d4df2be4789c875b31f106bd09

SHA256
59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf

SHA512
cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\charset_normalizer\md.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\charset_normalizer\md__mypyc.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\main.exe

Filesize
13.1MB

MD5
0ee11c96580848976a1448b2b5b3565a

SHA1
6a197f072367ae46da7b4ce42e1a138224ae9c96

SHA256
0be2745974ce704c41712b526ca559a8b8d885f1f29ea007e1f488e3c2a1b6aa

SHA512
5c064e9278b52556eeccd6093e09e2ef6595dfa843d5b9295eda2ba23d5f08d38f46655e3642428281307dbd06b965c29a737900f5b992a7cb0595de140e705e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\vcruntime140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\win32console.pyd

Filesize
58KB

MD5
e11176263ae848376b70c669f45237c6

SHA1
93e0de78a593d9ac1cec6d46d87b42c8061ae84b

SHA256
a0dfe487c14dc323b3268d4152fb1a646d931272e648b2fb60f58338d6a8c915

SHA512
59cd639a76ab73e4ed6e424da45b14574018f209b09a84bf63766b0927cba53dcbb446141f331a6c898e129bf7fc1564a9291e4b779a1a889db270062e9a5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\win32gui.pyd

Filesize
212KB

MD5
3c81c0ceebb2b5c224a56c024021efad

SHA1
aee4ddcc136856ed2297d7dbdc781a266cf7eab9

SHA256
6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629

SHA512
f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1884_133652779597049278\zstandard\backend_c.pyd

Filesize
512KB

MD5
dc08f04c9e03452764b4e228fc38c60b

SHA1
317bcc3f9c81e2fc81c86d5a24c59269a77e3824

SHA256
b990efbda8a50c49cd7fde5894f3c8f3715cb850f8cc4c10bc03fd92e310260f

SHA512
fbc24dd36af658cece54be14c1118af5fda4e7c5b99d22f99690a1fd625cc0e8aa41fd9accd1c74bb4b03d494b6c3571b24f2ee423aaae9a5ad50adc583c52f7

Download Submit