Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2024 08:24

General

  • Target

    a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50.exe

  • Size

    8.7MB

  • MD5

    1e2b162c2e47cc8d0027d87a2be80fb2

  • SHA1

    295516b1552baf25770dcb593c26e66f68d73fdb

  • SHA256

    a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50

  • SHA512

    4a4305dae0c2cf58c27035e82643f1f901620712516ae94ce6b3ec36f166d99434ba038ce386e3154e642e7f91b8e786344aa35b8d8eb8b5a0b4cb494643718a

  • SSDEEP

    196608:D+XY+H6QTLMMiUs5n7W99q7riZINE5MLXthfMcR5u7JhepRsBVximgEyVFAcm2nR:D+XY+XJClW7KrSINEI0468

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 36 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50.exe
    "C:\Users\Admin\AppData\Local\Temp\a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50.exe
      "C:\Users\Admin\AppData\Local\Temp\a5fead260ed164d0df541b1548ca9a05ce4a73e53ba9ec8adaa6c2c006e8ba50.exe"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 316
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\VCRUNTIME140.dll

    Filesize

    81KB

    MD5

    55c8e69dab59e56951d31350d7a94011

    SHA1

    b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

    SHA256

    9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

    SHA512

    efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\_hashlib.pyd

    Filesize

    24KB

    MD5

    a9918e714e28a0d4a167c4a73f554d81

    SHA1

    69a4fef9eb1e3bc779bece2ab946e2604dad419a

    SHA256

    661aa7ab2cd173b112fef560a3bf63a87c906c8b184cb261632c5a32c6c25185

    SHA512

    2d295fb57021f1cb9cdf15aaabbaf6a7393f918f675c3bfea58a2205ba948ce15a787254008ba7b146eb55474b24e772b2886fee4e3f98a68011df54ff5d4408

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\_socket.pyd

    Filesize

    57KB

    MD5

    2e407bb1a3a58191c0f68c1ec3cd5b36

    SHA1

    bb5998b7113dcb2b2229a8c6e35ddb6b09ddbf91

    SHA256

    2ba14eda8ac2189ee7c0b136f653030c5078deaf3a792ee47e9b9a4b859a0675

    SHA512

    47d4bdc956916c0444984a42dce9713cefb06053eea24010721f41b3a5ec2b8e15c16a80531a84ee12067b7283d332356ca69cd6b9c51a07d7ce3ee139869fb6

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\_sqlite3.pyd

    Filesize

    60KB

    MD5

    f1218553c9cac6b919bc02fb1797bf13

    SHA1

    86fda1e8e284aebdb8759b8f969cedf5ae8358e4

    SHA256

    c219f1422e72e14e821fe15acea9593cfa05dfe20ba177085784d858df3895ef

    SHA512

    5799823767d0d72dca0ee970f32c60b6a7c5a9a19a20c19371e8832eb984124b1824cb340bcf04082508ed60fa1e74f026e5ee88928bb2e0392fb2ce30cc68f6

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-core-file-l1-2-0.dll

    Filesize

    17KB

    MD5

    79ee4a2fcbe24e9a65106de834ccda4a

    SHA1

    fd1ba674371af7116ea06ad42886185f98ba137b

    SHA256

    9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

    SHA512

    6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-core-file-l2-1-0.dll

    Filesize

    17KB

    MD5

    3f224766fe9b090333fdb43d5a22f9ea

    SHA1

    548d1bb707ae7a3dfccc0c2d99908561a305f57b

    SHA256

    ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

    SHA512

    c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-core-localization-l1-2-0.dll

    Filesize

    20KB

    MD5

    23bd405a6cfd1e38c74c5150eec28d0a

    SHA1

    1d3be98e7dfe565e297e837a7085731ecd368c7b

    SHA256

    a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

    SHA512

    c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-core-processthreads-l1-1-1.dll

    Filesize

    18KB

    MD5

    95c5b49af7f2c7d3cd0bc14b1e9efacb

    SHA1

    c400205c81140e60dffa8811c1906ce87c58971e

    SHA256

    ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

    SHA512

    f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-core-timezone-l1-1-0.dll

    Filesize

    18KB

    MD5

    c9a55de62e53d747c5a7fddedef874f9

    SHA1

    c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

    SHA256

    b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

    SHA512

    adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-conio-l1-1-0.dll

    Filesize

    18KB

    MD5

    a668c5ee307457729203ae00edebb6b3

    SHA1

    2114d84cf3ec576785ebbe6b2184b0d634b86d71

    SHA256

    a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503

    SHA512

    73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-convert-l1-1-0.dll

    Filesize

    21KB

    MD5

    9ddea3cc96e0fdd3443cc60d649931b3

    SHA1

    af3cb7036318a8427f20b8561079e279119dca0e

    SHA256

    b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5

    SHA512

    1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-environment-l1-1-0.dll

    Filesize

    18KB

    MD5

    39325e5f023eb564c87d30f7e06dff23

    SHA1

    03dd79a7fbe3de1a29359b94ba2d554776bdd3fe

    SHA256

    56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a

    SHA512

    087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-filesystem-l1-1-0.dll

    Filesize

    19KB

    MD5

    228c6bbe1bce84315e4927392a3baee5

    SHA1

    ba274aa567ad1ec663a2f9284af2e3cb232698fb

    SHA256

    ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065

    SHA512

    37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-heap-l1-1-0.dll

    Filesize

    18KB

    MD5

    1776a2b85378b27825cf5e5a3a132d9a

    SHA1

    626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df

    SHA256

    675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee

    SHA512

    541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-locale-l1-1-0.dll

    Filesize

    18KB

    MD5

    034379bcea45eb99db8cdfeacbc5e281

    SHA1

    bbf93d82e7e306e827efeb9612e8eab2b760e2b7

    SHA256

    8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65

    SHA512

    7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-math-l1-1-0.dll

    Filesize

    28KB

    MD5

    8da414c3524a869e5679c0678d1640c1

    SHA1

    60cf28792c68e9894878c31b323e68feb4676865

    SHA256

    39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672

    SHA512

    6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-process-l1-1-0.dll

    Filesize

    18KB

    MD5

    9d3d6f938c8672a12aea03f85d5330de

    SHA1

    6a7d6e84527eaf54d6f78dd1a5f20503e766a66c

    SHA256

    707c9a384440d0b2d067fc0335273f8851b02c3114842e17df9c54127910d7fb

    SHA512

    0e1681b16cd9af116bcc5c6b4284c1203b33febb197d1d4ab8a649962c0e807af9258bde91c86727910624196948e976741411843dd841616337ea93a27de7cb

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-runtime-l1-1-0.dll

    Filesize

    22KB

    MD5

    fb0ca6cbfff46be87ad729a1c4fde138

    SHA1

    2c302d1c535d5c40f31c3a75393118b40e1b2af9

    SHA256

    1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df

    SHA512

    99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-stdio-l1-1-0.dll

    Filesize

    23KB

    MD5

    d5166ab3034f0e1aa679bfa1907e5844

    SHA1

    851dd640cb34177c43b5f47b218a686c09fa6b4c

    SHA256

    7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5

    SHA512

    8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-time-l1-1-0.dll

    Filesize

    20KB

    MD5

    9b79fda359a269c63dcac69b2c81caa4

    SHA1

    a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb

    SHA256

    4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138

    SHA512

    e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\base_library.zip

    Filesize

    760KB

    MD5

    fd5fe899ed57da817989475a9fa80b17

    SHA1

    c0a99e0b7c9c182384d38905193182355a65a053

    SHA256

    f3a57a4a006a3e6b9b335d1593f39f9dacdb61fc46d0c5e416dd10bf41e6c663

    SHA512

    3460cd47a3ff27b433a122a302afbd535918ba528ab8e24b71a3b25f118b5c67d4a2f83710f89c1c7f04543d6684fe0ad23ddb64a2c7ffe19ac8244f1d25ab49

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\cryptography\hazmat\bindings\_rust.pyd

    Filesize

    1.3MB

    MD5

    656648dec6c8869cd06ce78f925d2ef0

    SHA1

    eff515fdebee02707c48f785938d7714588f050e

    SHA256

    85d4d4359fe3a74b04d9c6faebe95a37a9327a5101b0d8b2a394b23362914c6a

    SHA512

    995527a74a0fbe1ffd8c16c598c203b64af3bfaf99c1d99428d8cf7aa08246c5c8001bdced892dd64ae35f64536612cbfe2db32fa953ae1b52abcfc97b8aeaa4

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\libcrypto-1_1.dll

    Filesize

    2.4MB

    MD5

    c5683ecbe1584f225b666a54c95ce73f

    SHA1

    014430aabc070c583441aa121291f9bb06dae670

    SHA256

    0054ced974ae447c3d6e9ca312feb8a0a5dcca81dd92e940d3d8276add3e2f00

    SHA512

    f46472ba5276a0d6c5826d158e24224e2c2de285807999cf90d3793f6c8a103de9f412de9cefa56b24a18ef3996cc695ba437d8957b87bfd0ee7e7810909cdbe

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\python3.DLL

    Filesize

    50KB

    MD5

    d099405b08a79927f08ab28246810866

    SHA1

    1af78315a6cf2d1fdc6555b568118c174658d104

    SHA256

    b51c88ac791ed574edfb2e346095fbc296a2c36250c2bffdd28bb424d8135ae7

    SHA512

    7874b354792d2244d1484367ef6a6ab09d620d431c812f206c4c976b81433d6c4f17d14d1f642622271c15931f190e3aa9042245873faa51d36705aad578562c

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\python37.dll

    Filesize

    2.9MB

    MD5

    286dd0bde2b853a611e7e193a28d411d

    SHA1

    460eb1717bff4e358cbf10d73b779f475a36e11d

    SHA256

    5a2547ffc53680bca395e61714e36f35f25ddd7099e1e7ee0bda04865e9012b6

    SHA512

    f900c830592ff64145bde86ed7331bf6655a6ed12b55bdedf7666e5d96bf53865637ae08e62541b06211952887db0d229c47e30447ac3f9567d31c3f3730a2fe

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\pywintypes37.dll

    Filesize

    115KB

    MD5

    77719818e673e7fa6e1c570859530fb7

    SHA1

    5f4d3ee11c55f561924c9a3261fb7b5067b2e2c4

    SHA256

    15744c8a510b30c7574d4a687ab42e934b9dbc43ba64fa0ed0d6b4e4a68dc81d

    SHA512

    85a58f98c5759eadc37f4c606a1b717c3618bfd46113361805f2b893e0146399bb3ddd112f2ec7da029f9ba5e2e23ba604f775497db40209547e7f99eb7fe71f

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\select.pyd

    Filesize

    16KB

    MD5

    1997b89ddd2df6c3b4fcf6f05ab15aab

    SHA1

    cde9100e69cfa8020328db4c56824dbcdab3e9f1

    SHA256

    f94e54d25ba8c9c41ee2496a1887df215b7ca5b4f8ee47aa7db98168a2498b60

    SHA512

    3110dac4d9430dddda868e54eb6de1865e88e4e5a912fc4d267eee1f84712aa7103c71119a2cc43f7eb15287073725e69d7e7f102a32936fdb85530521eedd2b

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\sqlite3.dll

    Filesize

    1.1MB

    MD5

    d2611a4ecb84a924b53e6175e81dd923

    SHA1

    3d7dd01e3f7e851a689a2180cf0df7c1a230e3f7

    SHA256

    d2e2270be83e25a1895407cf087b5dbfdf1c82478dc19d7e4e6ac00060a2e121

    SHA512

    78cff3a5905e64ee162806e63c229593cd332e47bcf0044c9a8aed9b92d3bc11d6c90673ebdd0c6764d7c4db9455a6c7eeea241c062c70e302b81afcd1eae6e6

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\ucrtbase.dll

    Filesize

    1.1MB

    MD5

    6343ff7874ba03f78bb0dfe20b45f817

    SHA1

    82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

    SHA256

    6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

    SHA512

    63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

  • C:\Users\Admin\AppData\Local\Temp\_MEI21482\win32crypt.pyd

    Filesize

    105KB

    MD5

    8922e3edd7e8a956d5992f1b23b13926

    SHA1

    c98507e702395abba0add66e23461edef18c8a9e

    SHA256

    b4acd9df9ee1ad1df6ea247695bf980d3d60e2ce4a8b163101f4dfb2530eb097

    SHA512

    724ba6ff0b1ecae8cf44d86568ac5fce7d3318dd50a5e164af964ba20fb0338ad2f7b6e44b4438ebaafb4e988a91c9fe88aee91aae234019f81d0434cac2f381

  • \Users\Admin\AppData\Local\Temp\_MEI21482\_queue.pyd

    Filesize

    16KB

    MD5

    0c637a3df9380c487613bca1c6c9f741

    SHA1

    f958597c6503599964e26d8df7d4804bb3993c0e

    SHA256

    9774e28ffca8b222f32afca5a34bfefb01e53188630be7cffcf615b3a068b0c1

    SHA512

    e0e5f3814d6942e96fb21cc3ea42b523cfafcf3c32b9ffa1a8a05631c85b45226a7523546cd13a22998e71498ae6e1c051d84f6335391cc80990702d4780188d

  • \Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-string-l1-1-0.dll

    Filesize

    23KB

    MD5

    ad99c2362f64cde7756b16f9a016a60f

    SHA1

    07c9a78ee658bfa81db61dab039cffc9145cc6cb

    SHA256

    73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

    SHA512

    9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

  • \Users\Admin\AppData\Local\Temp\_MEI21482\api-ms-win-crt-utility-l1-1-0.dll

    Filesize

    18KB

    MD5

    70e9104e743069b573ca12a3cd87ec33

    SHA1

    4290755b6a49212b2e969200e7a088d1713b84a2

    SHA256

    7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

    SHA512

    e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9