339b2b8d9e0820f927bab449138d2cc698d3caa48ab4bc10206ad0e8bb9f0854

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 21:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bsod.exe
Size

7.0MB
MD5

f1a7f7591afd01597fbf67f7b83c2e7f
SHA1

e0701a484b4a9f53ef955cff4fe42a0c03c7890c
SHA256

339b2b8d9e0820f927bab449138d2cc698d3caa48ab4bc10206ad0e8bb9f0854
SHA512

7c86841c59ab8296195507208e29a73d5235eaa0ea9c4a218a898486aa0d3bda1ef8dcbbe89ce8a526bfaecf72bc533d7a0a300dc0bbc874c0582081b466ab46
SSDEEP

98304:S6PMfow8xocA1h9eT393YigJhH0y1Tu/NWPdHdda9D4oRFKX0tgMF+G1w:Sgh5A1HeT39Iighc0/aFFWXmr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe
392	bsod.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	392	bsod.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 392	3560	bsod.exe	85
PID 3560 wrote to memory of 392	3560	bsod.exe	85

C:\Users\Admin\AppData\Local\Temp\bsod.exe
"C:\Users\Admin\AppData\Local\Temp\bsod.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Users\Admin\AppData\Local\Temp\bsod.exe
  "C:\Users\Admin\AppData\Local\Temp\bsod.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI35602\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_bz2.pyd

Filesize
82KB

MD5
37eace4b806b32f829de08db3803b707

SHA1
8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9

SHA256
1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b

SHA512
1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_ctypes.pyd

Filesize
121KB

MD5
a25cdcf630c024047a47a53728dc87cd

SHA1
8555ae488e0226a272fd7db9f9bdbb7853e61a21

SHA256
3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac

SHA512
f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_decimal.pyd

Filesize
247KB

MD5
e4e032221aca4033f9d730f19dc3b21a

SHA1
584a3b4bc26a323ce268a64aad90c746731f9a48

SHA256
23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c

SHA512
4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_hashlib.pyd

Filesize
63KB

MD5
ba682dfcdd600a4bb43a51a0d696a64c

SHA1
df85ad909e9641f8fcaa0f8f5622c88d904e9e20

SHA256
2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

SHA512
79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_lzma.pyd

Filesize
155KB

MD5
3273720ddf2c5b75b072a1fb13476751

SHA1
5fe0a4f98e471eb801a57b8c987f0feb1781ca8b

SHA256
663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948

SHA512
919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\_socket.pyd

Filesize
77KB

MD5
485d998a2de412206f04fa028fe6ba90

SHA1
286e29d4f91a46171ba1e3c8229e6de94b499f1d

SHA256
8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

SHA512
68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\base_library.zip

Filesize
1.4MB

MD5
bf5042cc71e23f81744bbe70d54925ba

SHA1
3447e86b4b1aaaef22ca2ee187e5dd885f6842bf

SHA256
36df63e04e48252e58104dd23f7ab4abc6cdea1fdd694cb74357dbcea0096f73

SHA512
8f20f6ace2cc0a99d9f1efbca29ecc2bec659c90a8046528195b3718de291d1938cc1ef934d64ea8181e5695f1edd6bdac3fa956608e6ccc84df820cf26acdbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\psutil\_psutil_windows.pyd

Filesize
65KB

MD5
3e579844160de8322d574501a0f91516

SHA1
c8de193854f7fc94f103bd4ac726246981264508

SHA256
95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333

SHA512
ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\python3.DLL

Filesize
65KB

MD5
35da4143951c5354262a28dee569b7b2

SHA1
b07cb6b28c08c012eecb9fd7d74040163cdf4e0e

SHA256
920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802

SHA512
2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\select.pyd

Filesize
29KB

MD5
e07ae2f7f28305b81adfd256716ae8c6

SHA1
9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

SHA256
fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

SHA512
acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35602\unicodedata.pyd

Filesize
1.1MB

MD5
5cc36a5de45a2c16035ade016b4348eb

SHA1
35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

SHA256
f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

SHA512
9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads