08b9d0fccb22de5647b33b2fe736f86bc82770bcb42033f8b27fa75ab2a7fdb3

Analysis

max time kernel
92s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

14.8MB
MD5

4c09ed86770fd315cbb9e21f8cea607c
SHA1

a68ed8bba689c4d64f5d5b1e3076cf04444ef0be
SHA256

08b9d0fccb22de5647b33b2fe736f86bc82770bcb42033f8b27fa75ab2a7fdb3
SHA512

e09f145f701855ff54a66c70ef6f16a05f5206cb6a224772eb95c20c51587f1a01bac6a78ab43199e573deb21de719420c99e3aa52cdc1a44ccd5dea47be2451
SSDEEP

393216:vnHY3afP8AxYDkNZARqDfDGRLSld9pfaMPeDdyeE3c:vHY3HXUARqb3lNf9PeRyS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

pid	Process
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe
4860	loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com
9	raw.githubusercontent.com
12	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4860	loader.exe
4860	loader.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4860	3012	loader.exe	89
PID 3012 wrote to memory of 4860	3012	loader.exe	89

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30122\MSVCP140.dll

Filesize
561KB

MD5
72f3d84384e888bf0d38852eb863026b

SHA1
8e6a0257591eb913ae7d0e975c56306b3f680b3f

SHA256
a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde

SHA512
6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_brotli.cp311-win_amd64.pyd

Filesize
801KB

MD5
d9fc15caf72e5d7f9a09b675e309f71d

SHA1
cd2b2465c04c713bc58d1c5de5f8a2e13f900234

SHA256
1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf

SHA512
84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\certifi\cacert.pem

Filesize
272KB

MD5
8d0619bfe30deadf6f21196f0f8d53d3

SHA1
e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad

SHA256
b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514

SHA512
5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
11a4e6a68aad14e40bd979c38f2fbc5f

SHA1
96e95be9088df5916e251a0d0dfe3dd5505bd8d7

SHA256
50306755215a450536e7886467058f2b87b5f2eadbba5e8cc1e92484a71ca59b

SHA512
1b079bce9872033a3ad8899fac675814709263a4f3b4e6218efa324bc4ea65fbf42da07cc942aa732d2ad493bd27545edd7ab5717ca70bbd8cc9300166c386e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
111KB

MD5
f9147c6f276a965bc48089e586c9bdec

SHA1
b83aabd22a44a4f2b64a9cc2af916d38ad96e710

SHA256
93fc0205166b18d1b2c13ccf9bc33f3ed79f99789200de1bd48c324cf026fa03

SHA512
646794fdfdb224adc6f8002d991b3cfe74dcc0a40af052a059aa20192be97e3e7e0e2947cd001c4bbde758f9cdd0b329e8c369bc591d328d268c52bf4ab0bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\dearpygui\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\dearpygui\_dearpygui.pyd

Filesize
3.7MB

MD5
4bfb2125d7a8e3b21a6e9b9f12932561

SHA1
ebbe00b2b497c65a18ed9d00bb1a97fd4267db23

SHA256
70d9e457eb34eadb6d76ab1f81d9d238ba47ead958471172bcb5950dad8e085d

SHA512
ba5f80e80a131d81d24cc33a161578c96350b5fc23472106c9f951a3ea4f2b2917715e8ade9b4d9d5b489d4d7af1a2a61ab0dfe3cdf3c1c1f655575d6b442eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\pyMeow.pyd

Filesize
3.0MB

MD5
182d82b3ce09c6d0eebf593df3d77c30

SHA1
8d007603b8cbc327c10abc6e9f74fcc967952df5

SHA256
fb7885ade153420a679febebb532db474493281ba021fbbcf605789b22e85266

SHA512
6c49d1d74a03a41d4bcd79b3792e588dac830a1a2e4a4b1818e8b2a370c585b9821b89407ea3d5a6a9cf0e4eebc6891a06e7638d30b1a13b0b69f5b4614c330c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
memory/4860-131-0x00007FFB1A840000-0x00007FFB1AB7E000-memory.dmp

Filesize
3.2MB

Download
memory/4860-132-0x00007FFB1A840000-0x00007FFB1AB7E000-memory.dmp

Filesize
3.2MB

Download