5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
Size

5.2MB
MD5

a2440e89638ea634172c15aa0a17aa30
SHA1

9f20eba52bce886fb23f2430ca99124ee60be5c9
SHA256

5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4
SHA512

d6bed0c5e34dc5917a448fffb6755ae35d88b4a92233885eaba786ac01dd31065b96fd4d0c31dc8689c017832310106643241306aec0b9c7fa82e46ee7ff4365
SSDEEP

98304:16cwIXHirM3WHijx6V/7JN4GGJo95d5BU6TDynHDIxd0d18zqGGKdahZd0nBzx:NXirMGHisVD95dLU6TWHyd0dpVKdRVx

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2828	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2828	3068	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe	30
PID 3068 wrote to memory of 2828	3068	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe	30
PID 3068 wrote to memory of 2828	3068	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe	30
PID 3068 wrote to memory of 2828	3068	5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe	30

C:\Users\Admin\AppData\Local\Temp\5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
"C:\Users\Admin\AppData\Local\Temp\5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe
  "C:\Users\Admin\AppData\Local\Temp\5ee8b8b62a1f8db4a998293446d418c42049e96973a3461b75163546c52864d4.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30682\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_bz2.pyd

Filesize
72KB

MD5
852cac1ac7232c5788cba284c3122347

SHA1
377720ee26532775b302f28f27e5d7a26e8429fe

SHA256
94d02cbcfac3141ca0107253050d7b9d809fea04b42964142bed3f090783a26a

SHA512
352cee5b66556d2ea87873cbce7b04b22d65288f3df24e9c162dff465ec7d31f3d5e283edcce7bead4f3892ade009c629860d21e59bb2b6c7896371684bc9b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_ctypes.pyd

Filesize
108KB

MD5
36bf6ffd59c04075d50f245ef5de2ab9

SHA1
be48f0e161f2c4c3aec50f46ea8f4dd030aa561c

SHA256
7c11a5b8cbaeb0cd34544a7e4949c1b2a61cc78392c0155c0156306e6ff602e0

SHA512
da3851bbc88d16d142d9401b3c0eb238405b711aa047d183f02b4991880f7c33eaf6f5f137dc301cb5505f7aea849175987255518086e674b2964ab153b92969

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_hashlib.pyd

Filesize
36KB

MD5
9aa769efac1446db1d2e4e1c39500a20

SHA1
8b99c60f749fa83bb2ab79fde561a119c0da8d3e

SHA256
de7c71c90c7f58dcdc3da159d08dda7dc297e39c5f309849290238baed7e230f

SHA512
cef3c7f56675c85669d05b72a9dc5abc3f5dc3b82c5c648c6965a25fa6e013ddccbff5adb57423b2bbee17b09ffcc79d29911d3dec73011786fcd65d13a9a237

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_lzma.pyd

Filesize
181KB

MD5
52e990da9f33d0ef2b83a0b52d42dcd6

SHA1
bc498f0cc9056cb0061d96559c2e3b4f7af95e61

SHA256
17fd3a2750e61fb164f3a9e8e021a0a3b5de107a3cc4c798e127618034e09d6f

SHA512
ecf1462e6ca6422a0d405227aff615ca8876390cbced54c3b46d5c94b0e55f63bf0f99b9bc2c684d90e064fbf52a62f27f96b2502d2c2ba1511c03a280d3f34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_queue.pyd

Filesize
24KB

MD5
bcf5440a884ef33df02ce124557d0c2c

SHA1
dc2e7e3c1d6f730b1b5e3f9487ceef755a033282

SHA256
2f2f30a6b697b7ba7c09db16ec04517c85cdfab13f142b9c810fdf9983522129

SHA512
fc2d9b6c6b3c619cc13b24021dff37f94c057ded40630938c2b3777d9e48d212541c58b6f070af65bb1d0185077b360143fb4a86e225c6ab052a1841f8d0f204

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_socket.pyd

Filesize
67KB

MD5
f7d2fe8cddeded1210b06af09b0fad3c

SHA1
1c54bb73326dc04a34e81c10efab52e5a9a485de

SHA256
c56088832a09820abfd45135ac3874117d0cfe669e982314fdc3fe73ca195dee

SHA512
a8e1391add36b29968be7dc8500bf1c7cefa301e2a45c88cda2158e9104635fbb00320b25b142c1177abd3ba7a6d2f27d7d257d07236067b5c0b0be4a3f62c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\_ssl.pyd

Filesize
108KB

MD5
300ae7faf9fc68d863ead0ee8c58ea86

SHA1
87a041c918e7a3b85fda55ada5a75104d54b7c77

SHA256
080e6a6a26d2054624ae2ab23006c9f2451f614b1948d64232003c3d03fb23e6

SHA512
c400716c23d3a4f303d506156335e1a49749402bb1b269137577d1112d996492ca652cebbe3e6b1de195ad797db176d1f71b9d19b3ffdd6ad520622b8d650ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\base_library.zip

Filesize
821KB

MD5
f4981249047e4b7709801a388e2965af

SHA1
42847b581e714a407a0b73e5dab019b104ec9af2

SHA256
b191e669b1c715026d0732cbf8415f1ff5cfba5ed9d818444719d03e72d14233

SHA512
e8ef3fb3c9d5ef8ae9065838b124ba4920a3a1ba2d4174269cad05c1f318bc9ff80b1c6a6c0f3493e998f0587ef59be0305bc92e009e67b82836755470bc1b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\certifi\cacert.pem

Filesize
284KB

MD5
181ac9a809b1a8f1bc39c1c5c777cf2a

SHA1
9341e715cea2e6207329e7034365749fca1f37dc

SHA256
488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee

SHA512
e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\charset_normalizer\md.cp38-win32.pyd

Filesize
8KB

MD5
ce9a43f60815b8d138e9d3de400d7173

SHA1
e84e9ab3e34be3c370794e5e157ed48f7910ea9a

SHA256
bb2bfaa8a2f2dd14b40658b3437a1ea684d67810da98b22985fc732b689f7909

SHA512
59b50780a9d5009d6662e1698b121ed902cb42c15c53e08bf3d2a7cdbcff3c0f606403358b36c5fa233b56098dcfa97dd66878b77cf07ff5bd62bb277ab63563

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\charset_normalizer\md__mypyc.cp38-win32.pyd

Filesize
98KB

MD5
2d7eab39e0a7588792b84ea0714faec8

SHA1
37088cfae8543419ee5ba695065cec77d16af43f

SHA256
ac6faf33dae52f3345eac1fda80d3258de5fcd8cb237cea87de14be02bd903c1

SHA512
48ad25bce58732eba210dc3294ec77c8698a73c105e31436489fc24d6f6f1b06967282b6d7b96157650cf8e503533f650310b4d1d709d51d1d8e5714b90e0b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\libcrypto-1_1.dll

Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\libffi-7.dll

Filesize
28KB

MD5
64fd05751201bbe3e29fa3a8aa600b5e

SHA1
9e069feff5e961b60c2aa57f0e5265ec898ccb7e

SHA256
8f88c66fd8e046a57deb7d263efb9d79092b1a55fd7f08df7f430654b47ace09

SHA512
79eddef381db46d858a211a9e6167a0504f880a0207a01183834ffe5c762ccd4faf436e55fba22a28a4fd0c8ccfd0e63534fa971a8136e564ed5f7206630aa81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\libssl-1_1.dll

Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\python38.dll

Filesize
3.7MB

MD5
5eb4227ca3526a3c287a3fecc9a91b92

SHA1
35e1cb934a88d1fea2a595b1b48033804d9beeb0

SHA256
c4220a975f093d52702f93f39cc0e7b56f9057f8b6af26c2a0b63f5a555d0e31

SHA512
515403b537e709c0786db8fd689b40173c49310eb43c392a2fb0a8a69eb37946975c9c832715584caf01076da57ae3f812557f1ecbfe3d34907b60b8f4f5e679

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30682\unicodedata.pyd

Filesize
1.0MB

MD5
95985535fb076ace3b57f55d0131b741

SHA1
3e6e2e898436d75c05a4b8aa2e952271a64ff877

SHA256
1766a0a24b3ddd0bfa45f2c631325b05d2b3102a61c3ed73a8f6485d18f6fe94

SHA512
c10e196a654db57de8194baf181e23644945074cb7e86fba4d0675545b0f139b46e4af0ab0e96064fd5ed0c649e574eb5e8b2c16fe592a4ea41b68570abd07e6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30682\select.pyd

Filesize
23KB

MD5
92e930e2c79c7eb898a9843c118cd20f

SHA1
027faf19a7fff169d4e1dd4ff6cb8ef33713b9d4

SHA256
a32041001a74d80482a6f7fa252bb9ba916435b09cd60d3700f6af049b819500

SHA512
a1edb95bdcd847940c9640e346b4fa757acc90b96e6d7676a0a68d408dce612be61ca2e16a7bff6aceb3571ca831f609100e8531f94a7a2ea085fb8d7b62f23d

Download Submit