e6844580a1f34017f39c9ccb18701d35dc188906627c160e9e7560797ce96b61

Resubmissions

22-08-2024 23:30

240822-3hhkvatcqa 10

12-05-2024 12:29

240512-ppdzcahh26 10

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RC7_UI.exe
Size

6.8MB
MD5

f42aa2d94c14285803251e1391a9a316
SHA1

df81d77ec0ee8b57197d9a0c5516f8154d01a81f
SHA256

e6844580a1f34017f39c9ccb18701d35dc188906627c160e9e7560797ce96b61
SHA512

c751bed23ca0e275c70e6b124998f225618d25eaa6302cc9926d77af79ebc2e82d519834899a539e9dc6667e0f76b09d3067496437984567f6142e54990f8d61
SSDEEP

196608:bh/MzQ01k/w1W903eV4QS993iObMGuLmGQ1Zc:+Q02/mW+eGQ493iObyLxQc

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
5008	RC7_UI.exe
5008	RC7_UI.exe
5008	RC7_UI.exe
5008	RC7_UI.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 5008	2332	RC7_UI.exe	84
PID 2332 wrote to memory of 5008	2332	RC7_UI.exe	84

C:\Users\Admin\AppData\Local\Temp\RC7_UI.exe
"C:\Users\Admin\AppData\Local\Temp\RC7_UI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\RC7_UI.exe
  "C:\Users\Admin\AppData\Local\Temp\RC7_UI.exe"
  2⤵
  - Loads dropped DLL
  PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23322\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\_bz2.pyd

Filesize
82KB

MD5
28ede9ce9484f078ac4e52592a8704c7

SHA1
bcf8d6fe9f42a68563b6ce964bdc615c119992d0

SHA256
403e76fe18515a5ea3227cf5f919aa2f32ac3233853c9fb71627f2251c554d09

SHA512
8c372f9f6c4d27f7ca9028c6034c17deb6e98cfef690733465c1b44bd212f363625d9c768f8e0bd4c781ddde34ee4316256203ed18fa709d120f56df3cca108b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\_decimal.pyd

Filesize
247KB

MD5
baaa9067639597e63b55794a757ddeff

SHA1
e8dd6b03ebef0b0a709e6cccff0e9f33c5142304

SHA256
6cd52b65e11839f417b212ba5a39f182b0151a711ebc7629dc260b532391db72

SHA512
7995c3b818764ad88db82148ea0ce560a0bbe9594ca333671b4c5e5c949f5932210edbd63d4a0e0dc2daf24737b99318e3d5daaee32a5478399a6aa1b9ee3719

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\_hashlib.pyd

Filesize
63KB

MD5
c888ecc8298c36d498ff8919cebdb4e6

SHA1
f904e1832b9d9614fa1b8f23853b3e8c878d649d

SHA256
21d59958e2ad1b944c4811a71e88de08c05c5ca07945192ab93da5065fac8926

SHA512
7161065608f34d6de32f2c70b7485c4ee38cd3a41ef68a1beacee78e4c5b525d0c1347f148862cf59abd9a4ad0026c2c2939736f4fc4c93e6393b3b53aa7c377

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\_lzma.pyd

Filesize
155KB

MD5
d386b7c4dcf589e026abfc7196cf1c4c

SHA1
c07ce47ce0e69d233c5bdd0bcac507057d04b2d4

SHA256
ad0440ca6998e18f5cc917d088af3fea2c0ff0febce2b5e2b6c0f1370f6e87b1

SHA512
78d79e2379761b054df1f9fd8c5b7de5c16b99af2d2de16a3d0ac5cb3f0bd522257579a49e91218b972a273db4981f046609fdcf2f31cf074724d544dac7d6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\_socket.pyd

Filesize
77KB

MD5
2c0ec225e35a0377ac1d0777631bffe4

SHA1
7e5d81a06ff8317af52284aedccac6ebace5c390

SHA256
301c47c4016dac27811f04f4d7232f24852ef7675e9a4500f0601703ed8f06af

SHA512
aea9d34d9e93622b01e702defd437d397f0e7642bc5f9829754d59860b345bbde2dd6d7fe21cc1d0397ff0a9db4ecfe7c38b649d33c5c6f0ead233cb201a73e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\base_library.zip

Filesize
1.4MB

MD5
d220b7e359810266fe6885a169448fa0

SHA1
556728b326318b992b0def059eca239eb14ba198

SHA256
ca40732f885379489d75a2dec8eb68a7cce024f7302dd86d63f075e2745a1e7d

SHA512
8f802c2e717b0cb47c3eeea990ffa0214f17d00c79ce65a0c0824a4f095bde9a3d9d85efb38f8f2535e703476cb6f379195565761a0b1d738d045d7bb2c0b542

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\select.pyd

Filesize
29KB

MD5
8472d39b9ee6051c961021d664c7447e

SHA1
b284e3566889359576d43e2e0e99d4acf068e4fb

SHA256
8a9a103bc417dede9f6946d9033487c410937e1761d93c358c1600b82f0a711f

SHA512
309f1ec491d9c39f4b319e7ce1abdedf11924301e4582d122e261e948705fb71a453fec34f63df9f9abe7f8cc2063a56cd2c2935418ab54be5596aadc2e90ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23322\unicodedata.pyd

Filesize
1.1MB

MD5
57f8f40cf955561a5044ddffa4f2e144

SHA1
19218025bcae076529e49dde8c74f12e1b779279

SHA256
1a965c1904da88989468852fdc749b520cce46617b9190163c8df19345b59560

SHA512
db2a7a32e0b5bf0684a8c4d57a1d7df411d8eb1bc3828f44c95235dd3af40e50a198427350161dff2e79c07a82ef98e1536e0e013030a15bdf1116154f1d8338

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads