6e7c6114a8e35292c1b311d8ab5cd98f5a51538ebd7a0b5f2b3770e16767f245

Analysis

max time kernel
91s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix/Netflix.exe
Size

21.7MB
MD5

80f1c338777a4278ef751963007a7ffe
SHA1

16e4394c9c41b15213ac42dfea549df66a51b9bc
SHA256

54c8b7a5693eff259f9cd4fc5696e93822a9dfac1f6a869a0d81d6d24eaeebbd
SHA512

83fa5e9817f3e0bb63d9a3bb17439acbdfd5ab7c4da71546c1805f1e3314781e2a7902040d0f117173b17d583955925f55f05a1a7d4b44591efe6da914788597
SSDEEP

393216:A/NpwOmci2Jp2sXYWejqYnyB/aYu/kliCirfe72CiKhJlgYTW1yvkP1:ALY232xqYyBSf/kliCYCvPX4yvkt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4152	Netflix.exe

Loads dropped DLL 24 IoCs

pid	Process
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe
4152	Netflix.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 4152	4188	Netflix.exe	78
PID 4188 wrote to memory of 4152	4188	Netflix.exe	78

C:\Users\Admin\AppData\Local\Temp\Netflix\Netflix.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix\Netflix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\Netflix.exe
  C:\Users\Admin\AppData\Local\Temp\Netflix\Netflix.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_brotli.pyd

Filesize
801KB

MD5
ee3d454883556a68920caaedefbc1f83

SHA1
45b4d62a6e7db022e52c6159eef17e9d58bec858

SHA256
791e7195d7df47a21466868f3d7386cff13f16c51fcd0350bf4028e96278dff1

SHA512
e404adf831076d27680cc38d3879af660a96afc8b8e22ffd01647248c601f3c6c4585d7d7dc6bbd187660595f6a48f504792106869d329aa1a0f3707d7f777c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

Filesize
78KB

MD5
10b1525361440923f3ef04b141cf3f1c

SHA1
b814868694a2a83ced84660b8af0c353f66f6d24

SHA256
2b2920ef7a211e053296aac9965ac569433be0843ea6ba403ab5c9e23604ada5

SHA512
d3d438926b4786df86eed7439e215754967ab0abb544a8782947e78adb8d5be86255e3d067cb0bdb63332173e2bc4d0042642a0093a5ba6851f6ef8fd470e7d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
117KB

MD5
c6aa0b1d3eebaa0ef624f81976f32d64

SHA1
a26e1c0f5887bab7c1fad78caff5d1c753846b16

SHA256
5c4bcc88d2c55a2fbc843cd50b407e23b8b8fd572a2574e633228885b619c6e1

SHA512
fcc64e298ffdf6b94a87510769931955306b79fa4c8c2a581cd42116c35fa95e3cf325efd75aa5c92509570a3ae3ca5c726bbd216bbf6154fbde4272258e6c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd

Filesize
73KB

MD5
dd1d1c2d2f5f1ffebf169b814d5b7ee7

SHA1
3af5882535c263e1ed7e3ca8f89f904ad6c1960d

SHA256
8515f2e5ec194bc43e3a8b7e924b4e9e09e0adb2fdecb9c8930b0ac20807544a

SHA512
857e7bf0dfc9e42315b3c0a29cd83518be8966689a257c456685db859b42bfb2e44570b5f055adb3295a61c9201df99504cb7cd30ce98b9866c2435df6eb17bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
284KB

MD5
181ac9a809b1a8f1bc39c1c5c777cf2a

SHA1
9341e715cea2e6207329e7034365749fca1f37dc

SHA256
488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee

SHA512
e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\unicodedata.pyd

Filesize
1.1MB

MD5
32860cb4f785e434e8292d51add03da9

SHA1
5e9878604ef4c2488a8a0775f9281c66015c3832

SHA256
6bd9381806be2c2ee608cdcf3f6379086918c5f7a9494f81f9d7699e2e8e3c01

SHA512
1c3fc8bbc638e84955000bf567551afd5a74734d3c20fac53dfe969bdd88180bb4615bf6918df9dd7529e220ba6c1a89580dd53733f372ee87b077c1f5aca30d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\xxhash\_xxhash.pyd

Filesize
57KB

MD5
a4a7210126590e20150c2dd48e57daff

SHA1
0f0c48ce86920145302f680755e6b4f0c58c5c09

SHA256
d82a6dc42684fa5766729935be65ac827a4b33249f7150265c04a26c88f5f05c

SHA512
b9f49f5a06113fb256e85db1ef9971dc6a421b9180efe7ecd1f18cfd936d2267afed8bb37ec83decb0a10043754e79bc988d33ceb4f9e50ee69f7fd8f8838994

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\_cffi.pyd

Filesize
635KB

MD5
008913e1eabd08fe254e0c9f74bafb64

SHA1
fe98b675ad56cd585e3c353a4b5edd1c653aefd2

SHA256
72641a30b94a6b56d8162a5946e4e64487711978f8368924cef51fa9411ca81a

SHA512
3e236c46ddc77a1d9419129f6fd69c1b991532e6e1819c11cbe2fe004bd3583a6287db24892c87d41998f6d38366eb112beebd9d9a0ff2356b585257f942ebb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
507KB

MD5
ee146c36c6f83a972594c2621e34212d

SHA1
71f41b8f4b779060fc96de58122e6c184cbe259c

SHA256
4378881d850bc5796f2d66f7689e7966915b11dfd9130449137fbcb61c296b84

SHA512
2964939a0091ffd3b0ec85afab65d6b447af8fc09e39d9f655f1fb0edaaa52b9b5cb8258b4621b787e787b9b1eccc53335ca83090be7d4739d77340dc31e46b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\Netflix.exe

Filesize
26.7MB

MD5
fc916f7af61b336fb2e5f178d4c6f86d

SHA1
31a32a35e7c7f92a84bedac6a555e92685f4c485

SHA256
307e4e35f4c4164947c84dcadc11046707e2104996013e8d3456bfdcc58f0f80

SHA512
aa4536c556fc2f4c15b4a64d3b432ad68c3a4f3a7f32a33c093a4a9ca6b46723715e27897f73b790994c754a2d503864e08e96e7cd73fc2721ebb79beb585f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\_cffi_backend.pyd

Filesize
177KB

MD5
ebb660902937073ec9695ce08900b13d

SHA1
881537acead160e63fe6ba8f2316a2fbbb5cb311

SHA256
52e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd

SHA512
19d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\_hashlib.pyd

Filesize
57KB

MD5
97b37cfd6b49ee97523d97cd067d36e6

SHA1
a8094bdeb30e85a7955f6102b3a0bde495ceba61

SHA256
b0d44ecec14cd64d562281604e9f2e31213bdc24833479f49924c4750f928f96

SHA512
737c72b5391c01a44f2e94d5746757872af22c5b280034bbd1ad7be55e3d962fc724b47d28949706a31f0511519e20f25256a2c2fa1501be1437f3807016609a

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\_lzma.pyd

Filesize
149KB

MD5
cddacf71702e25d930a952eb57772771

SHA1
3d383a5f36858f5808645b5d5d5190e2fc7d01d4

SHA256
8abf48bdd1e24cb5405aaa7529b63f0a83b080a98dd86223ae615ef8fb74f46a

SHA512
9d05fd1b9f00083ed2f27518a26913eeccfe0e4cf1819f6a1d880f7a2d03f5946a7674716ff72a867a777fd54bfb897a482f47252b372085c1a92d3f80137d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\_queue.pyd

Filesize
26KB

MD5
bb3535a61e265d9ea56521b805de1e30

SHA1
b892b71da975fc3d179987d8fa6890f0febe4c17

SHA256
cd8e05021d6b17e2e43af604c1a760f5b71b32cb556d07c0ce0ffe341c35a186

SHA512
5577e7878601505c6aab3838471459d4bedd346f752149bf70a274e048a42b23b71e1d64230bb2e6a1bba115ce360b205e99ddde85a18974c643b003f50d91aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\_ssl.pyd

Filesize
152KB

MD5
e1b3495e82d7e3c6baea5c17533940eb

SHA1
465f0c9de0e778b36cfa4780f92bf2b42691e22a

SHA256
1a4c3b75a0a641260d6457e9007f11ba9d3233494b2847e6d8368da7349053e1

SHA512
8060a462d345632e64d173371864f214455bdb37462a264d18d98e0755642d6966fc7502c21db04b804240758b42ad79b4b136cdae5ec578101b66cf4aafb912

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\charset_normalizer\md.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\python3.dll

Filesize
60KB

MD5
fb5f5886e6415c6746102a0bebb5fce7

SHA1
a9c8bf6cf81bc9c1be033085ecae84961f96e022

SHA256
b3dbc18b47b9b47a1a43d67de2b0435f3121fb232fe9bd26e071d0c45cebbfd1

SHA512
41052c1da22c75cb2aa27efaccac6367ec4ea2492fb957f9a1a8852c0c63c295a1bccecfd693ca595c673330ae2eb1497c76f42ecb1169c7cdc4716920965ef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\python310.dll

Filesize
4.2MB

MD5
c98916b26adeb981be257033ff149b47

SHA1
de60fa540ac696ec0bdecfe8848424ac0bc57763

SHA256
217835a7afe449a9f835efe19ffd36e9191c9eca66826df8e813b4ccce2aebbc

SHA512
d09e5e18496239d739a677b0a5777388e22aad93a37b3a2f935d6028d618606e8d26dc3f6a483d46390a4f478ecf1b44a77ab9d7fb9b9432fbe75d2f6e180a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\select.pyd

Filesize
25KB

MD5
e790a9ff2175e6985cd96235d575e7a1

SHA1
171a32ba7c2820fcf524f7e51945b5922768cd2d

SHA256
122be1167bf1315af6f784ff0c96beda96d740b87f24771cf59bd1522158a5a2

SHA512
0f471afb3ff10aa56eee4374221d76604dca4d93be1e0718ebddad2fd71f0d715f5b5df131411f8433978d6be553badee69a43e0be8fe30dc7b72ec0f64c2089

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4188_133729907666380489\vcruntime140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit