1dc42a5492beb9f421d61c16adb4e859c8f34b43fc4d3e7e122d8ede40be4972

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

AUU.exe
Size

15.2MB
MD5

68d0f08ce7022a9efc6040811e210a87
SHA1

4cf6b6b407c1e38ea7d7513a71c7e0838f8cc41c
SHA256

1dc42a5492beb9f421d61c16adb4e859c8f34b43fc4d3e7e122d8ede40be4972
SHA512

7db67192313c47f7400914905c475978d8ca9e3190ebe0477af6327f72352b7217b24c1bb097a2680a5e6eb21cbabaa40bd2873624467f10460695d37cafd056
SSDEEP

393216:LSIgLFKv6KD8INvH/IiD+J7js83uN0EWXHIcNC:LSIgRvKDTpHzDi7Q8+aEcIcs

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1720	AUU.exe
1720	AUU.exe
1720	AUU.exe
1720	AUU.exe
1720	AUU.exe
1720	AUU.exe
1720	AUU.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 1720	484	AUU.exe	30
PID 484 wrote to memory of 1720	484	AUU.exe	30
PID 484 wrote to memory of 1720	484	AUU.exe	30

C:\Users\Admin\AppData\Local\Temp\AUU.exe
"C:\Users\Admin\AppData\Local\Temp\AUU.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:484
- C:\Users\Admin\AppData\Local\Temp\AUU.exe
  "C:\Users\Admin\AppData\Local\Temp\AUU.exe"
  2⤵
  - Loads dropped DLL
  PID:1720

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1056

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
19df2b0f78dc3d8c470e836bae85e1ff

SHA1
03f2b5b848a51ee52980bf8595c559b89865de07

SHA256
bd9e07bbc62ce82dbc30c23069a17fbfa17f1c26a9c19e50fe754d494e6cd0b1

SHA512
c1c2b97f484e640bfdda17f7ed604d0583c3d4eaf21abf35491ccedc37fa4866480b59a692776687e5fda3eaeafb4c7bdb34dec91f996fd377a328a89c8d5724

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
adb3471f89e47cd93b6854d629906809

SHA1
2cfc0c379fd7f23db64d15bdff2925778ff65188

SHA256
355633a84db0816ab6a340a086fb41c65854c313bd08d427a17389c42a1e5b69

SHA512
f53e11aa35911d226b676d454e873d0e84c189dd1caea8a0fe54d738933cd6b139eca48630f37f5979ef898950d99f3277cba6c7a697103f505d876bea62818c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
247061d7c5542286aeddade76897f404

SHA1
7285f85440b6eff8731943b73502f58ae40e95a2

SHA256
ccb974c24ddfa7446278ca55fc8b236d0605d2caaf273db8390d1813fc70cd5b

SHA512
23ef467f6bb336d3e8c38000d30a92dac68e2662891863475ff18dbddbbbce909c12d241b86dbdea085e7d19c82cd20d80a60ffb2845f6afebedf06507afe5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
bdd63ea2508c27b43e6d52b10da16915

SHA1
2a379a1ac406f70002f200e1af4fed95b62e7cb8

SHA256
7d4252ab1b79c5801b58a08ce16efd3b30d8235733028e5823f3709bd0a98bcf

SHA512
b0393f0d2eb2173766238d2139ae7dea7a456606f7cb1b0e8bc0375a405bc25d28ef1c804802dddb5c3dbd88cfd047bfa5c93cbb475d1d6b5a9a893b51e25128

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4842\python311.dll

Filesize
5.7MB

MD5
953fc00f36fda68583d1226ae79ba516

SHA1
baa1a725f215047da02517107d2e6f962064af5c

SHA256
bb7a2138115e4107d6745e66e89f8be77ac269ae04098545e9ad51bc2772e9d6

SHA512
341ca85781b3db95927234fedd6a017d22a2593c99cd0bad0487ac0380d3baac5a477d091376e3c3e903497bf01ae72f39b07da3a3348c759ac40aacb0ca3662

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4842\ucrtbase.dll

Filesize
959KB

MD5
34168a4af676d6a5733bbf7a0905d3c7

SHA1
ba63e51ab3cd90666eb9a9bb0232502a5ec629ff

SHA256
2ab2a74bcb5bfd8248d232eb3bc56698fb5173b9ff7fc0daf87d8120d0f448d7

SHA512
c049c166b2b00dc30b0edae5d78badfffea7fb105f0cff9f3ae2c947ddf3ecde6331855b7ebed3f4ce923cc365b053b3a679319b2c6efa85ed0b9a7ddb5676ab

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
6b4f2ca3efceb2c21e93f92cdc150a9d

SHA1
2532af7a64ef4b5154752f61290dcf9ebeea290f

SHA256
b39a515b9e48fc6589703d45e14dcea2273a02d7fa6f2e1d17985c0228d32564

SHA512
63a42dd1cb95fd38ddde562108c78e39cb5d7c9406bf749339e717c2cd866f26268d49b6bd966b338de1c557a426a01a24c2480f64762fef587bc09d44ada53b

Download Submit
memory/1056-1997-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/1332-1998-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads