Analysis

  • max time kernel
    14s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-07-2024 09:29

General

  • Target

    IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe

  • Size

    12.3MB

  • MD5

    57bf838c7b78b1d6382492047c5e58e7

  • SHA1

    e9f399ec58e2435305193cd3685c99f87622cd42

  • SHA256

    1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933

  • SHA512

    4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70

  • SSDEEP

    196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)\IP Scanner.exe
    "C:\Users\Admin\AppData\Local\Temp\IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)\IP Scanner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)\IP Scanner.exe
      "C:\Users\Admin\AppData\Local\Temp\IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)\IP Scanner.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\VCRUNTIME140.dll

    Filesize

    85KB

    MD5

    89a24c66e7a522f1e0016b1d0b4316dc

    SHA1

    5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

    SHA256

    3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

    SHA512

    e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_bz2.pyd

    Filesize

    92KB

    MD5

    cf77513525fc652bad6c7f85e192e94b

    SHA1

    23ec3bb9cdc356500ec192cac16906864d5e9a81

    SHA256

    8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

    SHA512

    dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_ctypes.pyd

    Filesize

    129KB

    MD5

    5e869eebb6169ce66225eb6725d5be4a

    SHA1

    747887da0d7ab152e1d54608c430e78192d5a788

    SHA256

    430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

    SHA512

    feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_hashlib.pyd

    Filesize

    38KB

    MD5

    b32cb9615a9bada55e8f20dcea2fbf48

    SHA1

    a9c6e2d44b07b31c898a6d83b7093bf90915062d

    SHA256

    ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

    SHA512

    5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_lzma.pyd

    Filesize

    172KB

    MD5

    5fbb728a3b3abbdd830033586183a206

    SHA1

    066fde2fa80485c4f22e0552a4d433584d672a54

    SHA256

    f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

    SHA512

    31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_socket.pyd

    Filesize

    75KB

    MD5

    8ea18d0eeae9044c278d2ea7a1dbae36

    SHA1

    de210842da8cb1cb14318789575d65117d14e728

    SHA256

    9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

    SHA512

    d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\_tkinter.pyd

    Filesize

    68KB

    MD5

    09f66528018ffef916899845d6632307

    SHA1

    cf9ddad46180ef05a306dcb05fdb6f24912a69ce

    SHA256

    34d89fe378fc10351d127fb85427449f31595eccf9f5d17760b36709dd1449b9

    SHA512

    ed406792d8a533db71bd71859edbb2c69a828937757afec1a83fd1eacb1e5e6ec9afe3aa5e796fa1f518578f6d64ff19d64f64c9601760b7600a383efe82b3de

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-core-file-l1-2-0.dll

    Filesize

    13KB

    MD5

    fa6953700659b11c2d82fb521d2e8664

    SHA1

    07c7d14fdfd1686a424820f77733d1d4f3c75e31

    SHA256

    4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e

    SHA512

    1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-core-file-l2-1-0.dll

    Filesize

    13KB

    MD5

    621a34a36c202e4c4e59a6077c22cb5e

    SHA1

    ec696fd4e8e5935a722e88a551593593a12e882e

    SHA256

    746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079

    SHA512

    04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    15KB

    MD5

    2395f675152f25bdc501c1b698b3f70a

    SHA1

    829eb4dee9604330072c124b9bddf4a4e96a7c98

    SHA256

    4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563

    SHA512

    7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    13KB

    MD5

    81a255549e9b3467276810f94a67512d

    SHA1

    c3bf694f5d030d5a29ebb9ae70010be4571cec17

    SHA256

    8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2

    SHA512

    05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    13KB

    MD5

    59f3aeb2eda80ffc000b99f27ec99d14

    SHA1

    2961c514b480424b3512d424dcd7d295477b243a

    SHA256

    e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab

    SHA512

    ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-conio-l1-1-0.dll

    Filesize

    14KB

    MD5

    218334da1ed369d2b694d3dff42da6ce

    SHA1

    afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a

    SHA256

    b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff

    SHA512

    9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-convert-l1-1-0.dll

    Filesize

    17KB

    MD5

    d360a829d5376ff0961f62bbe5ac9e06

    SHA1

    7965077b47bf9949570656df5160f55d27eed1a4

    SHA256

    6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe

    SHA512

    aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-environment-l1-1-0.dll

    Filesize

    13KB

    MD5

    0ed33abfad3cedf07f538e2152443683

    SHA1

    78eed147eb33efd14f03d8e2fbe0ec0f41ae4056

    SHA256

    f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a

    SHA512

    42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-filesystem-l1-1-0.dll

    Filesize

    15KB

    MD5

    442a686b00c22cc9affcecb15a569267

    SHA1

    10f02b15493737d30aacebad19ecadb8bab81817

    SHA256

    cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05

    SHA512

    3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-heap-l1-1-0.dll

    Filesize

    14KB

    MD5

    dd79fe03815d8d96a70955257b85d025

    SHA1

    d98f5a2d2d52fc361064427fdecffbe1620b1d68

    SHA256

    505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638

    SHA512

    3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-locale-l1-1-0.dll

    Filesize

    13KB

    MD5

    ed7e63157d241abb713998265b3987d1

    SHA1

    00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f

    SHA256

    3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657

    SHA512

    3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-math-l1-1-0.dll

    Filesize

    22KB

    MD5

    0d517e23b98b6e465214a25b0e73a49b

    SHA1

    8900d523d919a42ef4750eee7ce87cfb835fa455

    SHA256

    90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a

    SHA512

    d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-process-l1-1-0.dll

    Filesize

    14KB

    MD5

    e9208bf204cc2f705533328fa24f3a8b

    SHA1

    d2d6549d7a85dfb4d5877c59f3ba110985a202c9

    SHA256

    c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86

    SHA512

    fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-runtime-l1-1-0.dll

    Filesize

    17KB

    MD5

    9206d6bb749266ac31da559029003fbb

    SHA1

    496d3051b66d93951253686b73023b64350b521b

    SHA256

    19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814

    SHA512

    cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-stdio-l1-1-0.dll

    Filesize

    19KB

    MD5

    7f21f2ae857b6ed53ba086feca60e4d9

    SHA1

    abf957cf28b85c48a86ae255c36a978b4f1e0744

    SHA256

    479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2

    SHA512

    1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-string-l1-1-0.dll

    Filesize

    19KB

    MD5

    017cd4317c9ff229fe723b4cef459e06

    SHA1

    d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75

    SHA256

    9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf

    SHA512

    513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-time-l1-1-0.dll

    Filesize

    15KB

    MD5

    7e767ac571d63bcaeb64e243b2600b8d

    SHA1

    995ce687f655ff937fdf80c1ac7bae043e23e45a

    SHA256

    c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab

    SHA512

    10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\api-ms-win-crt-utility-l1-1-0.dll

    Filesize

    13KB

    MD5

    3138b144c99759b77dbd488dc91134ae

    SHA1

    664718852f84ad49623ffd401fac7959eda57704

    SHA256

    3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835

    SHA512

    4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\base_library.zip

    Filesize

    1000KB

    MD5

    eb879c6861570dff2d8e68c5fc3d82c5

    SHA1

    465fc892fa9953da5984c84d8272f149afd54fc8

    SHA256

    666d0a0a05d795181a4b6fc5a46774d200ef9ac2befd02f4e5ae4b85e28147c3

    SHA512

    d108b905cb3e71475773e6b918b3516a762852fc360b1fece9f48d7ced114fd6555a232f55ea11d3ae8804cf9f4b1db3aa0ef6fcc593b1169507175889be0eda

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\libcrypto-1_1.dll

    Filesize

    3.2MB

    MD5

    cc4cbf715966cdcad95a1e6c95592b3d

    SHA1

    d5873fea9c084bcc753d1c93b2d0716257bea7c3

    SHA256

    594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

    SHA512

    3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\pyexpat.pyd

    Filesize

    198KB

    MD5

    6500aa010c8b50ffd1544f08af03fa4f

    SHA1

    a03f9f70d4ecc565f0fae26ef690d63e3711a20a

    SHA256

    752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

    SHA512

    f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\python3.DLL

    Filesize

    57KB

    MD5

    274853e19235d411a751a750c54b9893

    SHA1

    97bd15688b549cd5dbf49597af508c72679385af

    SHA256

    d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

    SHA512

    580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\python37.dll

    Filesize

    3.6MB

    MD5

    c4709f84e6cf6e082b80c80b87abe551

    SHA1

    c0c55b229722f7f2010d34e26857df640182f796

    SHA256

    ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

    SHA512

    e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\select.pyd

    Filesize

    26KB

    MD5

    fb4a0d7abaeaa76676846ad0f08fefa5

    SHA1

    755fd998215511506edd2c5c52807b46ca9393b2

    SHA256

    65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

    SHA512

    f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\tcl86t.dll

    Filesize

    1.6MB

    MD5

    c0b23815701dbae2a359cb8adb9ae730

    SHA1

    5be6736b645ed12e97b9462b77e5a43482673d90

    SHA256

    f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

    SHA512

    ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\ucrtbase.dll

    Filesize

    987KB

    MD5

    637c17ad8bccc838b0cf83ffb8e2c7fd

    SHA1

    b2dd2890668e589badb2ba61a27c1da503d73c39

    SHA256

    be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

    SHA512

    f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776