142482b54e8df90d91524768c5df2009899da7d011d6eff3082c9d4b26368a97

Submit
Reports

Overview

overview

Static

static

096bb2bde6...8f.exe

windows10-2004-x64

2decc47201...a2.exe

windows10-2004-x64

44f28cd6ea...7e.exe

windows10-2004-x64

82ad518318...3a.exe

windows10-2004-x64

92c50cd253...b9.exe

windows10-2004-x64

a58b5f2e81...39.exe

windows10-2004-x64

c531015ec0...86.exe

windows10-2004-x64

ca8b0ebbb3...0e.exe

windows10-2004-x64

d8fd9ad2f3...3b.exe

windows10-2004-x64

f241f35bb0...e5.exe

windows10-2004-x64

$APPDATA/c...56.dll

windows10-2004-x64

$APPDATA/c...om.dll

windows10-2004-x64

$APPDATA/c...er.dll

windows10-2004-x64

$APPDATA/c...or.dll

windows10-2004-x64

$APPDATA/c...es.dll

windows10-2004-x64

$APPDATA/c...ib.dll

windows10-2004-x64

$APPDATA/cl/_ssl.dll

windows10-2004-x64

$APPDATA/cl/bz2.dll

windows10-2004-x64

$APPDATA/cl/cl.exe

windows10-2004-x64

$APPDATA/cl/mklnk.cmd

windows10-2004-x64

$APPDATA/c...at.dll

windows10-2004-x64

$APPDATA/c...27.dll

windows10-2004-x64

$APPDATA/c...27.dll

windows10-2004-x64

$APPDATA/c...ve.cmd

windows10-2004-x64

$APPDATA/c...ct.dll

windows10-2004-x64

$APPDATA/cl/ui.exe

windows10-2004-x64

$APPDATA/c...ta.dll

windows10-2004-x64

$APPDATA/c...pi.dll

windows10-2004-x64

$APPDATA/c...dh.dll

windows10-2004-x64

$APPDATA/c...pe.dll

windows10-2004-x64

$APPDATA/c...et.dll

windows10-2004-x64

$PLUGINSDIR/INetC.dll

windows10-2004-x64

Analysis

max time kernel
407s
max time network
408s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 15:28

Sharing

Copy URL

Twitter E-mail

Static task

static1

pyinstaller ransomware

4 signatures

Behavioral task

behavioral1

Sample

096bb2bde62238273995a3a4446818a4b6b7df00fadb7ea3d068d88ca8e2798f.exe

Resource

win10v2004-20240709-en

defense_evasion evasion execution impact ransomware spyware stealer

windows10-2004-x64

20 signatures

600 seconds

Behavioral task

behavioral2

Sample

2decc47201a1d43aeec5853c4c89b7273bfdd782fcc52106a3675944739998a2.exe

Resource

win10v2004-20240709-en

persistence ransomware spyware stealer

windows10-2004-x64

7 signatures

600 seconds

Behavioral task

behavioral3

Sample

44f28cd6ea894c05030ab913e2a0f1f1596b4aa7c551df9381f521cb88a92f7e.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral4

Sample

82ad5183183a5fa7d9f2324c67b21bb7c97ed1dd46cfb7b63494a6b94f8b893a.exe

Resource

win10v2004-20240709-en

defense_evasion execution impact ransomware spyware stealer

windows10-2004-x64

12 signatures

600 seconds

Behavioral task

behavioral5

Sample

92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral6

Sample

a58b5f2e8172be31e3d1fcc046d044bd862393f3d3e12922287bedf6f8c18e39.exe

Resource

win10v2004-20240709-en

mimikatz defense_evasion discovery evasion execution impact ransomware spyware stealer

windows10-2004-x64

16 signatures

600 seconds

Behavioral task

behavioral7

Sample

c531015ec09adf346131a375df9b9d04c90657fac9b80f2b1e269dae6186de86.exe

Resource

win10v2004-20240709-en

spyware stealer

windows10-2004-x64

7 signatures

600 seconds

Behavioral task

behavioral8

Sample

ca8b0ebbb30f371219c2ae79cdc0bd1dd3114cdf27821e71cfbcc11f9daca30e.exe

Resource

win10v2004-20240709-en

ransomware

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral9

Sample

d8fd9ad2f30cade8bf0c36f5a3acc64ccc95f625b9f3e2c0654046a531b4e83b.exe

Resource

win10v2004-20240709-en

gandcrab backdoor ransomware spyware stealer

windows10-2004-x64

14 signatures

600 seconds

Behavioral task

behavioral10

Sample

f241f35bb0f53a1baf0e5da26ef7bb86f3de83e94f3ccab04086b26f2f95dde5.exe

Resource

win10v2004-20240709-en

persistence

windows10-2004-x64

5 signatures

600 seconds

Behavioral task

behavioral11

Sample

$APPDATA/cl/Crypto.Hash._SHA256.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral12

Sample

$APPDATA/cl/Crypto.Random.OSRNG.winrandom.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral13

Sample

$APPDATA/cl/Crypto.Util._counter.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral14

Sample

$APPDATA/cl/Crypto.Util.strxor.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral15

Sample

$APPDATA/cl/_ctypes.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral16

Sample

$APPDATA/cl/_hashlib.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral17

Sample

$APPDATA/cl/_ssl.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral18

Sample

$APPDATA/cl/bz2.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral19

Sample

$APPDATA/cl/cl.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

600 seconds

Behavioral task

behavioral20

Sample

$APPDATA/cl/mklnk.cmd

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral21

Sample

$APPDATA/cl/pyexpat.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral22

Sample

$APPDATA/cl/python27.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral23

Sample

$APPDATA/cl/pywintypes27.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral24

Sample

$APPDATA/cl/remove.cmd

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral25

Sample

$APPDATA/cl/select.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral26

Sample

$APPDATA/cl/ui.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral27

Sample

$APPDATA/cl/unicodedata.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral28

Sample

$APPDATA/cl/win32api.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral29

Sample

$APPDATA/cl/win32pdh.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral30

Sample

$APPDATA/cl/win32pipe.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral31

Sample

$APPDATA/cl/win32wnet.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral32

Sample

$PLUGINSDIR/INetC.dll

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

600 seconds

Report Analysis Logs

General

Target

$APPDATA/cl/_hashlib.dll
Size

698KB
MD5

3c58062b89379f2d29a12bffd3d01af8
SHA1

0e0cf91da17d972f02a4983e7dc67142d89b2f4e
SHA256

706beba9f66b1422ac45f35e9094846f1e6e76cf1120fcab0835ea6be4236b61
SHA512

54cf110b88fa2ee2d69a03952776cf1a3022ab3d340aa71bc79e90725262f2c946cf5bcc719756b483a5dfacf38ba5dca09efc39cbb8a400165efe140ab2fcd4
SSDEEP

12288:mKubGdOpMSgMeHHXRN8xvs4JuJfcNBxH6Mzo3BDcrtLo9:mKulMSg/HBN8xvs4kKt6MzmBDGJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 1740	4824	rundll32.exe	84
PID 4824 wrote to memory of 1740	4824	rundll32.exe	84
PID 4824 wrote to memory of 1740	4824	rundll32.exe	84

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\cl\_hashlib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\cl\_hashlib.dll,#1
  2⤵
  PID:1740

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads