f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-08-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/@New_x32OD/@New_x32OD.exe
Size

12.4MB
MD5

eb82a685cf9348bff8cd0a5bb710518a
SHA1

1e179c8dbb68f9a272e703f20e54f45d0f78ae6f
SHA256

bbfc49b0c160e7d0231ad70f3e45c9e9e7a7935da863792fde2732a2ce594614
SHA512

4dbecaa1b0fa0fa59e3e040942f0512207678cf4a4e182bd4657a576d70829b532e40b77bf6a719a156af10fb63ec97a193c5e0cc88043676c7889d148e14516
SSDEEP

196608:sWzB9ZNJm3AqJ8Ef+r9onJ5hrZEK3e9tGPqK5N0wTbcKC9L3tm565:dzB9Z/m3p2E+r9c5hlEK/PN8w3cb59m

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe
2672	@New_x32OD.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2672	@New_x32OD.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 35	2672	@New_x32OD.exe
Token: SeDebugPrivilege	2672	@New_x32OD.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 708 wrote to memory of 2672	708	@New_x32OD.exe	29
PID 708 wrote to memory of 2672	708	@New_x32OD.exe	29
PID 708 wrote to memory of 2672	708	@New_x32OD.exe	29

C:\Users\Admin\AppData\Local\Temp\$TEMP\@New_x32OD\@New_x32OD.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\@New_x32OD\@New_x32OD.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:708
- C:\Users\Admin\AppData\Local\Temp\$TEMP\@New_x32OD\@New_x32OD.exe
  "C:\Users\Admin\AppData\Local\Temp\$TEMP\@New_x32OD\@New_x32OD.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI7082\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\base_library.zip

Filesize
1000KB

MD5
8386cf8add72bab03573064b6e1d89d2

SHA1
c451d2f3eed6b944543f19c5bd15ae7e8832bbd4

SHA256
2eea4b6202a6a6f61cb4d75c78be5ec2e1052897f54973797885f2c3b24d202c

SHA512
2bb61f7fac7ecc7d5654756ae8286d5fd9e2730e6ac42f3e7516f598e00fd8b9b6d3e77373994bb31d89831278e6833d379f306d52033fa5c48a786ac67da2b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\pythonnet\runtime\Python.Runtime.dll

Filesize
421KB

MD5
d94eea13862fa10cc55075a7b595c3ee

SHA1
af8607c0a6f67917d5f9d9136d7b981caaaa6a32

SHA256
22822869023482e6d15314a8cbd7cb700e5c1ef4d89ecff65ff4144b1840da79

SHA512
591359cdf1108297c49b68dc1c375f747aad19b0dc609fe625f0e8ed16d46804ae05a14c7fa3343493589bd3e5f6e8f485d7e54b1398c3f3881b4911cb38c643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI7082\pywin32_system32\pythoncom37.dll

Filesize
680KB

MD5
53cf89c12cd651b824bf19ea86822b7e

SHA1
da16db3464f268c202670d0b379c24e3cf8a886a

SHA256
1dd7f1beb75529a090e8157bac0cac3c55ed49579b48d8bcab6fc756931662fb

SHA512
3ad7c7c6ba790ae4f5eef055a4af1611b5b02331abe64a4923c699cafdeafd28da307d67d3a77ea2284f6824ed04300aa46a2e7f95d8a11acebc3a8d181d4e92

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\_cffi_backend.cp37-win_amd64.pyd

Filesize
177KB

MD5
daccb97b9214bb1366ed40ad583679a2

SHA1
89554e638b62be5f388c9bdd35d9daf53a240e0c

SHA256
b714423d9cad42e67937531f2634001a870f8be2bf413eacfc9f73ef391a7915

SHA512
99fd5c80372d878f722e4bcb1b8c8c737600961d3a9dffc3e8277e024aaac8648c64825820e20da1ab9ad9180501218c6d796af1905d8845d41c6dbb4c6ebab0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\_ctypes.pyd

Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\clr_loader\ffi\dlls\amd64\ClrLoader.dll

Filesize
8KB

MD5
e8a52f61db8eb35ef3b8211bfbb821e9

SHA1
835d394badb777e9c7e4ef59c72a309500a3971e

SHA256
4942106eb2b86a37c63eba972a2c6c5870d4ae7535075bb5252556e2ff2357f6

SHA512
48e7f25ea4a4af1dc09fe594c25e8a962304922445a1e9708873cef4578a783eea913b59cc390d0e318c9d35995f01109b9a104b6176cd8cd081449988913626

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\pyexpat.pyd

Filesize
198KB

MD5
6500aa010c8b50ffd1544f08af03fa4f

SHA1
a03f9f70d4ecc565f0fae26ef690d63e3711a20a

SHA256
752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

SHA512
f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\pywin32_system32\pywintypes37.dll

Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI7082\win32\win32api.pyd

Filesize
136KB

MD5
ba792c828797ab1b1ec5062b12872540

SHA1
15745e8c75c7d46a08a2efc301c6d6f95d3676e9

SHA256
e86a8623f4532645419bd753baf239c77198a51c0663d5441ad6e8b56093f530

SHA512
0e5f02a25789d47a686a18186fd6811e1cecbbc3104b0b3135eea5cc99240c59a3c24a760f8fe77bca8bffa2b4b1e0c305c5f73a28af4f84772a67db00544b82

Download Submit
memory/2672-89-0x0000000004A40000-0x0000000004AB0000-memory.dmp

Filesize
448KB

Download
memory/2672-85-0x0000000004490000-0x000000000449A000-memory.dmp

Filesize
40KB

Download
memory/2672-86-0x000007FEFA9E0000-0x000007FEFA9EA000-memory.dmp

Filesize
40KB

Download
memory/2672-82-0x000007FEF4FA3000-0x000007FEF4FA4000-memory.dmp

Filesize
4KB

Download
memory/2672-88-0x00000000049D0000-0x0000000004A40000-memory.dmp

Filesize
448KB

Download
memory/2672-81-0x0000000004780000-0x0000000004800000-memory.dmp

Filesize
512KB

Download
memory/2672-90-0x00000000044C0000-0x00000000044DA000-memory.dmp

Filesize
104KB

Download
memory/2672-91-0x00000000045F0000-0x00000000045F8000-memory.dmp

Filesize
32KB

Download
memory/2672-92-0x0000000004600000-0x0000000004608000-memory.dmp

Filesize
32KB

Download
memory/2672-93-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download
memory/2672-94-0x0000000004780000-0x0000000004800000-memory.dmp

Filesize
512KB

Download
memory/2672-95-0x000007FEF4FA3000-0x000007FEF4FA4000-memory.dmp

Filesize
4KB

Download
memory/2672-96-0x000007FEF4FA0000-0x000007FEF598C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads