273ffc020f3bae8049be32d6b73371f35147f84ef19dfdad91217cdca3632d23

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

decryptor.exe
Size

9.6MB
MD5

4de3f7ed12fda2142563c791fe609867
SHA1

bce2ddb9861406067270a6e3bd19c42f50babc0d
SHA256

3f03e20b29331ecd88d69309adb9897ce749265441f13e049c458894fbc189ca
SHA512

13c8c101655f1169ac9a66ce62aae426b73d33c1a43923a2bd9847493b7b068f630e9cb9e1593cb23fd0120dc4a84f4809ba37a110da49187b0d1a2bf0ca48f8
SSDEEP

196608:ZegEmz+mWeeNuWJysVYvsO2DeECRl2Ewf8jI48RmU/3ZlsPv+djd8CaL3:QmXWeeEWJ4HykUtN3ZWMs3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 45 IoCs

Processes:

decryptor.exe

pid	Process
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe
3068	decryptor.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

decryptor.exe

description	pid	Process
Token: 35	3068	decryptor.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

decryptor.exe

description	pid	Process	procid_target
PID 2580 wrote to memory of 3068	2580	decryptor.exe	30
PID 2580 wrote to memory of 3068	2580	decryptor.exe	30
PID 2580 wrote to memory of 3068	2580	decryptor.exe	30

C:\Users\Admin\AppData\Local\Temp\decryptor.exe
"C:\Users\Admin\AppData\Local\Temp\decryptor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Users\Admin\AppData\Local\Temp\decryptor.exe
  "C:\Users\Admin\AppData\Local\Temp\decryptor.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25802\Crypto\Cipher\_raw_cbc.cp37-win_amd64.pyd

Filesize
12KB

MD5
975677038380fe2055348ef1cfead173

SHA1
fc13d734e4a762692b4763b0bb69f54f65961baa

SHA256
183c2b948acfee01ee53acdbcfd5ea1161819dd91e26a711f6bcae54ea4f1d68

SHA512
a84a1a1babc5e29fe3b3b52da550506b4a51d9974c044cae977d22082b9293f72c55339b936b4b01e13ac7f482fd15bac20129ed008421e00270275970548447

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\Crypto\Cipher\_raw_ofb.cp37-win_amd64.pyd

Filesize
11KB

MD5
f61b7704ddc6e8a3cdef746ce273e9b4

SHA1
724ca28ece5e600397b37ca92ab73d8ef28420d1

SHA256
bb04cfa6485c766cc980b317c4bc6afa776b9fb2f550cd24d4d31091942aa579

SHA512
56b1f4f6aa275303afdd1ec292f4f5908bb2eae0d71236cb00ade785c74ea0180f494c78a73269c8a0532e4daa71cd9a5cbebde5db3788d93f343ac7f53bcae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\_ctypes.pyd

Filesize
131KB

MD5
9a69561e94859bc3411c6499bc46c4bd

SHA1
3fa5bc2d4ffc23c4c383252c51098d6211949b99

SHA256
6bbde732c5bcb89455f43f370a444bb6bca321825de56f9a1f2e947b0a006f1c

SHA512
31d9e3844f1b8e72ec80acd1e224a94d11039c130e69c498a668e07e0d8bba8d1ed1ebe0b7a16376ca597d0e2b74a0d5e3bf53d1cbadf5bf099d3bf78db659a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\_lzma.pyd

Filesize
251KB

MD5
16fb5a2363ce8dd12a65a9823a517b59

SHA1
59979d9195259f48c678cdaa36b5efee13472ff5

SHA256
bb78ca0dd1478027e2e9f06f56fc7c3cc6f157b4151562d58a7f6646e463fcc2

SHA512
d9801cdd8cc9809781b79882a226ee7a56d93eac0181295c80cb1f088f0fbf46e3eb35c7d8ff208dbd5a3e93a190a04c48fd254c9971a3740b020547973683e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
03dd721008f2c381d5d5c7cf57509d23

SHA1
b45a754cbda6d47b9df564fa61246ea7b4f405c4

SHA256
77059cc0036311541ddb7f5182c0a3e81fd19f262de8306f84373e9b5b2854b6

SHA512
652df41311ba3c1137faff51723b8ecb403fbceb1e07a3d034a7c0cacd97e392d72e77f3e74ce3ba54b355074bbd2511fd0d4e151c67a8928769a8aa6cbf908e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
217ca9b1f7e0c141cfc7f00f17b76ca0

SHA1
ce2245c649ec9356b8379c3c0472e3a82a3cd61c

SHA256
380d5872d01f3bd52a5e9094f0f855db18306bd6215a02e134be970f0c0d9c77

SHA512
2cbd037d45bdac48f6b8f2298d105b28cfe6f07134a07894a5603826dfc05ed862ddeb91d7f1fb416d2496d48d705417c6d6608d52281d8b878102d9523e17f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
561211c711778a0d17b5b00d5debd5e9

SHA1
3430979d10342c923f72c2703dd69e3ab8b7f08b

SHA256
5ae2d370948811935300bf4ded67c21aab8137e1365c419b2c27d11e91dc591f

SHA512
3f782130a59aeb722065509933eeeaf0ec7368e6c082ceb0d3435de74c5e680696a2271a1198388da9fff7d9ee285abadbffc6808f1d773ec4b1a29d86067670

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
4a6fc6c389a3d807163dd5edf362174d

SHA1
c1990674102062f873055609a14a456b13aefe02

SHA256
a2c259e61c4ec1bb7611ac23830588747dde103363bdc671cf91a2433afce283

SHA512
b860456e04fbaae73e39b7e7e9a69e3bed17fc2c72c86f56ff7aa61a6b5a68bc6cb40018921c874d6aec68a7ec76a6e8b73b9d4d79b9e3f2c00f493f118789cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
dc07b990d787b9aed770693ff90d173a

SHA1
70b7b03dd71714b5ab52de1407a9070789063be4

SHA256
ea0f6c20f03568641c01b4eddbd263a7122a2c61c88136085b3339cbce56c4c7

SHA512
344e20d51c990cbaa76b93afef2c5ea367243751b1c1b85c7afe9e56dbcee901d7d82d16e159583290408686a05dc819e12d021cd62d9629e6079f10367d5726

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
a98ec7edb339cd967e5cbd5eec174ceb

SHA1
12d54e0874928e157a357d666f4099b6f0e895f0

SHA256
f17517f46361328aebf52954dd1b9181df5a98cbdb2395701e3e73c4da7a7a84

SHA512
c32926b41d0d40da7a8824b70b6dd1958a1c02cef5d6d91409adb7d7b09576d1bf3bf08d3ba1300c79b992d8e9b1faf7c6bdd3d4e6916cab0f3002f6560e7e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
d8f7a8440c5b23a587d981e7b9a4892c

SHA1
4782b169363f7bb135ca2637fe8926da9b0ab60b

SHA256
177e190aca8cc88c1ad1fa1f8848f9abcbbc24a5dfd046cfff06f72fff1a3566

SHA512
60f2be466952f3c75ba8cc963832076eb99c7f29163cdd2e3c2d9e01ee3dbc29ba4eeb00b90a3d9e64146e3cd350e1675e186de6efeceac95c41174131d1d344

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
0753722e5bd0af130c1b465f2981477c

SHA1
1d6e6702496a5d68bb50a7f96492d6fcd31267fd

SHA256
fbd4bde83228c37de6043f36a98610fa4bb053355ead44a59d33a464ccdb9fac

SHA512
0607657f33235284f577480ffbf3ffbe25a0133ce709ded6356351fb2383c15fd9a835fabc159a6efb3a481491c36eac9b825aa38cd5b87f09cb6d487764e1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
c2f694722f8d98990b218ecab729b0fe

SHA1
95fd1390dd8247759b2463d9ad415d0a45fe659e

SHA256
1fc7051de0d107ac25badb41bc6062bd3a67aaf5553b6256052c65e51b548df5

SHA512
f48973d0fc2f4cf90f7e5d63ec3ca9968884a22f1139845cb01dd554c83403c23edb8067e5fa3b43b3c4079a71e2b6bd5799edb7c0dba75f8e7c753b7f4f2882

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
62ed9da33afe5624a08d9427527536fe

SHA1
15aac6f0001ca1084d449969f70a3f4ff9a5a067

SHA256
860b4ebcf673ee4c389e0ff8f502f540fd1ce8b2614a9c16b7f65cdf5c2ae0f2

SHA512
8c6c391bfb6c066fe716cb1d5f0ea84fe8af25226220602532c921af8e663a6bc95b8efda83dd196eb3f5e3dacf7262c244719791a825c1a287162f0cdce530a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
a4fa9ca07855a7f237d1908e62b5b1c7

SHA1
40906f74ccb58923f7776657484443010157db92

SHA256
733d3c3856868107e5708c92e747aac6df968a4d072328a8e8f36425d0e81770

SHA512
bb26ef58883a94dd04fc334a26f100ab7d2146d59a34903e1e0f074110a822cd1d33b940e117cae1837f08ac33e66b5157f03872e65bb8a7ee70cce7c4b9a203

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4cdce034568c1177325799a60f987f27

SHA1
43d680d815c64b4c6cdff9c212923e507c89d6aa

SHA256
b27cfa62dc7a0a115b1593d6f4b0c90ae494505dab3cceeacc013e2135d25969

SHA512
5cbf4d38059f13b7dcb78fd060846b1f44b32fc382ee8371fc44e254a68447cbbc9f0fe3eae35987b490ac90c680723a03a5b701255429e85bd206510b38611a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
020e0dcc82a7c5afdee3fba57c5f30d3

SHA1
ce7e1791a5326f5f527aaa0b16208f0f3997ff99

SHA256
e1bd3f4b19a0c7e574673b88b12d819d97d503350ed280ce2204afbdd7c9bc5a

SHA512
e8c2841415e3a596600fa90c551794790ac86613bcff48c81ad893b99a1a980198b8ef4bbac972da72218c1b50f2e0956a65ab1e33c502220f367ec02069223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
6a2c655bc6b7e2edfc98b632b521697d

SHA1
f7000ba98d92ddbaf268647a4e95da5debbb332c

SHA256
7e69bbbc6ef5072b6c8e17af5f842f9959bc12335ef61cc6398d18ec8e03c41d

SHA512
23248d09e095904fc8665eea4ce3a2b937293b8ed20b70973101104bd18ad37f032bcb8a3c851af23812de560208d9c96521c9060852394eb45cf7410460cd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
cb20ccf93e34cc08ab4b58a344e76dd1

SHA1
9895feb39e4b29799b7adb3972b774093093246b

SHA256
50cf24a5b850ab992431f98dfe208704e7bc07427f74dee9873d0146900d56f4

SHA512
72f2490f5aedced9eb0a398134360f6f2affda8d493575d3e2920a17a72f9d03397e462bf2d27fa8260f255da15fde808fe31a6388b65a1f4180ccb29a07fd7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
1ea4f3d5312c15a64904a6e9e457612d

SHA1
f399df3e88b7f3a865d5a79a1873f3be5191da2f

SHA256
33ca12e689203e92d20e1407169fce64f318ac327327e833061b4aad9bac9cab

SHA512
0a2e2b69a58f74585ccb1c1d4c6200c4a2fc92ddf5bf17c2fc47b49abdc3a801f30dc2bcdd36d730f2da396ed2e2379765e2e2c0a95a69e22c7f6f3ba774388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\base_library.zip

Filesize
764KB

MD5
ad3f73c30a8cc258f6f62b46d6721a32

SHA1
0c7f53fb062dc30669660b8ab7fc59c0ba2be88f

SHA256
12763f88b6573a9864d2aa2a232ada5d2eddeaccc4c225030a2efcf28ffc9888

SHA512
bc265198eaccf9d164c1a8538173652887961e158c123c9b34fd9bd4584299027063217bb779a1d8e115e8e85bcd761d6a04b5b664fe1001cdbb45c717215f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\decryptor.exe.manifest

Filesize
1KB

MD5
42db3bf552d255d27dc69f2e9825d56d

SHA1
1328e72f3d0b327b3ef2e3316b0851f324ce1cda

SHA256
6d09f699c9ef5ab1027cd5543cae2c2926e7f2dd92b5ab8919a6c9e706738415

SHA512
899dd7fe1a9887f279db90657e7856830752ed2d697b40bfde7f31c68f0481e5dc2d502c46b95de9d11e5deb4bade6046647c7a5dc374bfc6e15334e92e92b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\python37.dll

Filesize
3.6MB

MD5
86af9b888a72bdceb8fd8ed54975edd5

SHA1
c9d67c9243f818c0a8cc279267cca44d9995f0cf

SHA256
e11aa3893597d7c408349ebb11f47a24e388fd702c4d38b5d6f363f7ad6e8e5f

SHA512
5d8fd9040f466e23af7f17772e3769ad83c5f55f8c70dcc3cfb1f827e105f0f4e6133f0e183fabc67dd44799495c47f931bf92546342b30b9c4a5c2b4aeee7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\tk86t.dll

Filesize
1.4MB

MD5
fdc8a5d96f9576bd70aa1cadc2f21748

SHA1
bae145525a18ce7e5bc69c5f43c6044de7b6e004

SHA256
1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

SHA512
816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25802\ucrtbase.dll

Filesize
971KB

MD5
1eb17f650462eea820f4cd727d2d3ab1

SHA1
688f59160589ffa293502bffcd5c0e62e1993903

SHA256
24968e69daf49f58e812ada3e4cb24a66d6fb9ef14fc211538dd992b08ed1c3b

SHA512
4b2fd6f202d2c697d10e0a2751ec05128071c7a3f1296c9f41fdbf07b334d8eb48dad674d91150966e0ea925c8e2aeceff904bb3d055989de2e1f94dd7d4bf18

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\Crypto\Cipher\_raw_cfb.cp37-win_amd64.pyd

Filesize
12KB

MD5
eaeb30f73165bef13c17703e524ba4e7

SHA1
375396d0d6287739a78d192b6c99f63adb850621

SHA256
37dceb92e4712f70725b79309e1b3313c9a6fe4f0129eb873ec283f8a4fc966a

SHA512
6a8997a2bd80c62cee369636b8e33130ab983b5a58211901312624d961fd8c2630eee10df7891bc87bfc51c85e6fae3eec1e7537c35859604db754084bfcf226

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\Crypto\Cipher\_raw_ecb.cp37-win_amd64.pyd

Filesize
10KB

MD5
dc7b8a32b583dddd095e4a586790e196

SHA1
899addf5f7160c3e9dcf0b70a277b37f9cfe1a99

SHA256
1e14ce917a8fda673def4e59ec95f3cbebc053adee0f4c1916b6cd580dc5451a

SHA512
04a8cef79f8f644af9daf937c20c1372eea55c747e2e3ebc7511263cc6d803ca5d959f856bcab3d1df8ac98939b2eb66c5ae506418f8317475b566480fe32fb2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\_bz2.pyd

Filesize
87KB

MD5
8b40a68ae537c0aab25a8b30b10ab098

SHA1
1c8ac1f7f5c3697c457dd98f05296c2354ff7f55

SHA256
0b86ef4810d53e79f1d934b427fdbacf3792eebb37ed241bc89148238af763fa

SHA512
620ad61ff05c73adee4ac8f4b88a3880c11893eaac77ccca4e88edb29b492366a5bcf813d18628f005730f7e45ce373af9275776ea768b67b8d0e3bc62949229

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\_tkinter.pyd

Filesize
67KB

MD5
e994387279fec56a0eda4ca03eec759e

SHA1
f3a3872b42c7c5bc3379a605dac398e8596e1179

SHA256
01604c20b2ef42ed854c84c75a4227a844f543e54e1c05949281f9adabb762ff

SHA512
f005e4916d0fb468c70946ca884cd38870a74dd8936ca49925e79cc0aa0458ca578b61e0be436aa2497e98c45f95513e14085289746f41027a2bfec540d3dc79

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
eba98af7ba9fc4696bfd3f03d43ce07b

SHA1
24d1632cdc55d6e513888c0f119aaff418668b21

SHA256
c31cfd12bd6c3da456bada513bb381d33ebb6980465ff0d586b24fe84719b50a

SHA512
2019fac652141e1a49e85f9929132a0a84227d680488df3709243205cc69c350451be5c0ddef94a13f615aa22e09790091d21306091b4d4e996ac5f19935e86f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
cab18eac01b9fcf6a0ca74e95fadb8b7

SHA1
f5770816a0547c28780572cb24c257071ae7fd36

SHA256
7aaf66c87221eaac91c50ec1368f4accd32b63970f0e826f7ffffb2c4306664b

SHA512
c8eef88370c5696c2a27e6a857ae3675f9b800c5181837a8ec97d3eb3997e546b54761261d567ec23cc698f7e4334589784503f81620a7c932acfd66cb7e0e2b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25802\tcl86t.dll

Filesize
1.6MB

MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit