0cfa8a2cc0abc8ee55c22a89707e8eef44e5c86a3749a2592fb9ab56ac623061

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dist\start_https.bat
Size

43B
MD5

86bc09836c9847e69205ea4d4f1d732c
SHA1

b90414a05d208d1b219cb8ea1f2aa1b4c49dccb7
SHA256

8151236e589a1ba42305d959d4e8a36035763e0482dd75a5f595c88aa8ca9450
SHA512

d223a6330b054644587ee454b308ec3406e08f24a116a56e757ee3a7bf37e0e5bb3abd4eaaee0893290ba3084a799a11ff876132ebdc14b5e058c5587d0d725b

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2696	main.exe
2696	main.exe
2696	main.exe
2696	main.exe
2696	main.exe
2696	main.exe
2696	main.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2552	3012	cmd.exe	31
PID 3012 wrote to memory of 2552	3012	cmd.exe	31
PID 3012 wrote to memory of 2552	3012	cmd.exe	31
PID 2552 wrote to memory of 2696	2552	main.exe	32
PID 2552 wrote to memory of 2696	2552	main.exe	32
PID 2552 wrote to memory of 2696	2552	main.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\dist\start_https.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\dist\main.exe
  main.exe cui --https true --no_cui True
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\dist\main.exe
    main.exe cui --https true --no_cui True
    3⤵
    - Loads dropped DLL
    PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5a72a803df2b425d5aaff21f0f064011

SHA1
4b31963d981c07a7ab2a0d1a706067c539c55ec5

SHA256
629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

SHA512
bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
721b60b85094851c06d572f0bd5d88cd

SHA1
4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

SHA256
dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

SHA512
430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1ed0b196ab58edb58fcf84e1739c63ce

SHA1
ac7d6c77629bdee1df7e380cc9559e09d51d75b7

SHA256
8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

SHA512
e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7e8b61d27a9d04e28d4dae0bfa0902ed

SHA1
861a7b31022915f26fb49c79ac357c65782c9f4b

SHA256
1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c

SHA512
1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
91a2ae3c4eb79cf748e15a58108409ad

SHA1
d402b9df99723ea26a141bfc640d78eaf0b0111b

SHA256
b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34

SHA512
8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\filelock-3.15.4.dist-info\INSTALLER

Filesize
12B

MD5
181e6d10c10fbb82457d1cc5766260e4

SHA1
b1877d05da334d4d158fb1af07b92e1e979d8828

SHA256
e04a1b815644b686729bffdef8c2213584545dc58530c6ebaedeb14692b26684

SHA512
ac57addad619e6ad6b74f6342554799034e6ca0489c7c3340418c43cf49637ce624d7f38bc2547e8a9ca70c22f00e4d14ff9b8d3e2a5b31c1949bb2fc3acd423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\torch\ao\nn\quantizable\__init__.py

Filesize
38B

MD5
54a7946252f28e14598915be3050508e

SHA1
8c456681871f607004826b8b1fc9588aba0bc337

SHA256
b04fb4aaf5e74d8e629432aec768d9ba4371ce4791f86da6941a79b2cd9be329

SHA512
01e264aa91128e202dd2505e5b55f359c1082056b41ce2c85470b368b14475db7b3fea3391a0aeda56dcc218489de8a33fd0a36cca4507399fc8ae7978e0c792

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\ucrtbase.dll

Filesize
1011KB

MD5
849959a003fa63c5a42ae87929fcd18b

SHA1
d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

SHA256
6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

SHA512
64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads