eba0858da0cb603cb22fc4a78472290fd5550d7cb98d29c9725179858f82b401

Resubmissions

28-09-2024 14:36

240928-ryyffs1app 7

28-09-2024 14:32

240928-rwa75stbkg 7

Analysis

max time kernel
17s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20240910-de
resource tags

arch:x64arch:x86image:win10v2004-20240910-delocale:de-deos:windows10-2004-x64systemwindows
submitted
28-09-2024 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RegeditCheck.exe
Size

6.4MB
MD5

4529f711884c8e84adb821542f5076dc
SHA1

62bd1c4f35eb9edba00036093cdf41b28d0a14ef
SHA256

eba0858da0cb603cb22fc4a78472290fd5550d7cb98d29c9725179858f82b401
SHA512

315ab2911c9f5517edf29acfaffdb80e0eaaae91fd0eb66236ad18ec27eefa072c492702a2d24b36a397f51c3400d0bbb4dfffc638c7ef2dc6fe87d0203645f1
SSDEEP

98304:pm8FIfo3y7MD/x/0feyGutbQ940BDlgwdnpka9R/k9t+2+SpXqLGt+ZKkqLcGLKB:pmYP35DfyGuwBdnpkYRMoSENZKk2Lg

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
112	RegeditCheck.exe
112	RegeditCheck.exe
112	RegeditCheck.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 112	4900	RegeditCheck.exe	86
PID 4900 wrote to memory of 112	4900	RegeditCheck.exe	86

C:\Users\Admin\AppData\Local\Temp\RegeditCheck.exe
"C:\Users\Admin\AppData\Local\Temp\RegeditCheck.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\RegeditCheck.exe
  "C:\Users\Admin\AppData\Local\Temp\RegeditCheck.exe"
  2⤵
  - Loads dropped DLL
  PID:112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI49002\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49002\base_library.zip

Filesize
1.0MB

MD5
f1aa8a7f41b5fcfac3d47b2ce48c9cb1

SHA1
0efb0bf9d8c6c7fb4f9020f6e0af3544a72c66fb

SHA256
55a93c1e77170cdde4eedf6ba65378cdc3ddc690ca639819cca83e00bf225b1a

SHA512
c8f7f5ec5f49277daba5de0ff835cfa59ccd8594318bdd8f6912f1c9d2c4cbbf0fb70542111e24cf12923c75dd71362df42ae16b0e49c0312104c87afd4bf34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49002\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49002\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads