d6cd3fe0695060e8b50d3a856f4e2256743922425eef450d52ab805a10d916ae

Analysis

max time kernel
93s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

amdsmi.exe
Size

6.7MB
MD5

d00aae4adb0b3bbd51e30088366fa73f
SHA1

ba1d7bddb7bb067e7ceba868003f78b063835134
SHA256

d6cd3fe0695060e8b50d3a856f4e2256743922425eef450d52ab805a10d916ae
SHA512

7c33310ec7de8d673752de3aef9378a1347661a05cdc12721d31bcb9ea09618d8fe786fa3b8f982267b8cd642d63ad4ba2c878bd5cdb1d43954cdb139488d8a1
SSDEEP

196608:G0mBAeSL2Vmd6+DjnNgwQ+dtLLpg7kzGKciDLol7Rp:M+L2Vmd6mzNjnpg7hKcsofp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2632	amdsmi.exe
2632	amdsmi.exe
2632	amdsmi.exe
2632	amdsmi.exe
2632	amdsmi.exe
2632	amdsmi.exe
2632	amdsmi.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2632	376	amdsmi.exe	31
PID 376 wrote to memory of 2632	376	amdsmi.exe	31
PID 376 wrote to memory of 2632	376	amdsmi.exe	31

C:\Users\Admin\AppData\Local\Temp\amdsmi.exe
"C:\Users\Admin\AppData\Local\Temp\amdsmi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Users\Admin\AppData\Local\Temp\amdsmi.exe
  "C:\Users\Admin\AppData\Local\Temp\amdsmi.exe"
  2⤵
  - Loads dropped DLL
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI3762\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
20KB

MD5
d1b3cc23127884d9eff1940f5b98e7aa

SHA1
d1b108e9fce8fba1c648afaad458050165502878

SHA256
51a73fbfa2afe5e45962031618ec347aaa0857b11f3cf273f4c218354bfe70cb

SHA512
ee5e0d546190e8ba9884ab887d11bb18fc71d3878983b544cd9ab80b6dd18ad65e66fe49fe0f4b92cbc51992fb1c39de091cf789159625341a03f4911b968fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
20KB

MD5
36165a5050672b7b0e04cb1f3d7b1b8f

SHA1
ef17c4622f41ef217a16078e8135acd4e2cf9443

SHA256
d7ab47157bff1b2347e7ae945517b4fc256425939ba7b6288ff85a51931568a7

SHA512
da360ff716bb66dd1adb5d86866b4b81b08a6fe86362fded05430f833a96934ccdada1b3081b55766a4a30c16d0d62aa1715b8839ea5c405a40d9911715dae68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\python310.dll

Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3762\ucrtbase.dll

Filesize
1002KB

MD5
298e85be72551d0cdd9ed650587cfdc6

SHA1
5a82bcc324fb28a5147b4e879b937fb8a56b760c

SHA256
eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84

SHA512
3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads