Analysis

  • max time kernel
    327s
  • max time network
    337s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-11-2024 17:54

General

  • Target

    Danger/Danger.exe

  • Size

    60.6MB

  • MD5

    5fa0e84b2cc83b5e9907e90501054a42

  • SHA1

    67e8ef65c7021d17e8574eb67d58b01faf127ef1

  • SHA256

    a2999cefe2a54df2561c3072afced1e112e2a0ddb6b5c4908d517a70d96e65f8

  • SHA512

    457490b9e5af5b6d189642409bdcf7d71b534db56d46de6341aa1722bc7965948a0bf84930b67c18dc4c81e4fa95f93968b9c88a426db4abdca20fdeb3c32290

  • SSDEEP

    1572864:Iy45SSDpXGMK4XRg/bfCMj+AetfgSK7aSCU/+PwXyp:Iy49gYRczqgSK7aSC++PwX2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 33 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
    "C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe
      "C:\Users\Admin\AppData\Local\Temp\Danger\Danger.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1460
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:5032
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c mode 162,25
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2988
          • C:\Windows\system32\mode.com
            mode 162,25
            4⤵
              PID:2340
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c cls
            3⤵
              PID:1884

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\MSVCP140.dll

          Filesize

          552KB

          MD5

          cb75d6437418afe1a7b52acf75730ff1

          SHA1

          54c2da9552671b161cc87eb50fbdb86319b00f56

          SHA256

          7c4ce9d6bfcd6d9db4eef4e75ecdcf5a8e5320106e80f1eca617439fa43f33e8

          SHA512

          f58abb740a30467e2d8aedd7eed357da020fdc7d966e245890d102a52e96fea296e122c1d2bc112423fc64b6f5e70b7df3f3eb7de1bf5c2f5f0eb3644f1e06d6

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\PIL\_imaging.cp39-win_amd64.pyd

          Filesize

          3.0MB

          MD5

          7bdda60c9136dfcef785132a0c77b193

          SHA1

          f6bcd152d638cf54767203edb238eef2993b98bd

          SHA256

          bec23da5408f0fff9fe31c0ba49f6cd305ab6e242c270305c904295e54e88266

          SHA512

          b2e3df1aefdf271e494c91a9fa19bf0dbf8696fe30e524827659198080467dc5dc5d4a2394f27cefd8bb9923ece8757ccedaae3b5f836d4175690f128032098d

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\PIL\_imagingft.cp39-win_amd64.pyd

          Filesize

          1.3MB

          MD5

          baa02aa14b1fb55c1c429b295a9f5113

          SHA1

          34bd3ad57f42769aaf42a4ea155091d0e1c5e87f

          SHA256

          726a3fa1c2f187805d7af8a4021b6c97cb843c1f8383adec5c3c4634592d2025

          SHA512

          0bdc0740a28c88afc0b873fe2fb446b302f346207b3a7cb009bf7a3ebe77bbe3de75d9be18676f8785238087c78fc4b3852edf8a21bb25a73ab8345f803727d9

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140.dll

          Filesize

          93KB

          MD5

          4a365ffdbde27954e768358f4a4ce82e

          SHA1

          a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

          SHA256

          6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

          SHA512

          54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140_1.dll

          Filesize

          35KB

          MD5

          9cff894542dc399e0a46dee017331edf

          SHA1

          d1e889d22a5311bd518517537ca98b3520fc99ff

          SHA256

          b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

          SHA512

          ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_brotli.cp39-win_amd64.pyd

          Filesize

          861KB

          MD5

          2c7528407abfd7c6ef08f7bcf2e88e21

          SHA1

          ee855c0cde407f9a26a9720419bf91d7f1f283a7

          SHA256

          093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441

          SHA512

          93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_bz2.pyd

          Filesize

          84KB

          MD5

          e91b4f8e1592da26bacaceb542a220a8

          SHA1

          5459d4c2147fa6db75211c3ec6166b869738bd38

          SHA256

          20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f

          SHA512

          cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_cffi_backend.cp39-win_amd64.pyd

          Filesize

          179KB

          MD5

          3d48e9bc9a3b68e816e1d0be284f2d3f

          SHA1

          410921af4383bdc898df691ea39e3e9f558c3d85

          SHA256

          88451f322707b22c43b36796c3711bace64f50ef7b22c94fbf29a04a2838e533

          SHA512

          829c0e0458f927ffd8e60194c5ef75c9e4f9da86d3fa7d7184715a869a2765b5e3a0d4263ab9acbbdb752f451acc87eb5a7b1d63712c67e21fcef8c228da3db3

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ctypes.pyd

          Filesize

          124KB

          MD5

          6fe3827e6704443e588c2701568b5f89

          SHA1

          ac9325fd29dead82ccd30be3ee7ee91c3aaeb967

          SHA256

          73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391

          SHA512

          be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_elementtree.pyd

          Filesize

          175KB

          MD5

          37ce940391c061734bbb44f51725c502

          SHA1

          05f9ef31382524504a41b06ab1b14c94eb4acedb

          SHA256

          46e3e9e4dee333231d12381de9c0a7d44f877c0f8c0c48d49c78005f5aa237a6

          SHA512

          9e7d36da259acb56e03b6f4ca108b47ca0588b3333fba14f32e99cc1678f025a72b7729de0c09be22f5064303e2185a7477636786cbc7541000e6a6470947143

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_hashlib.pyd

          Filesize

          64KB

          MD5

          7c69cb3cb3182a97e3e9a30d2241ebed

          SHA1

          1b8754ff57a14c32bcadc330d4880382c7fffc93

          SHA256

          12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

          SHA512

          96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_lzma.pyd

          Filesize

          159KB

          MD5

          493c33ddf375b394b648c4283b326481

          SHA1

          59c87ee582ba550f064429cb26ad79622c594f08

          SHA256

          6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16

          SHA512

          a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_queue.pyd

          Filesize

          28KB

          MD5

          103a38f7fbf0da48b8611af309188011

          SHA1

          1db9e2cb2a92243da12efdca617499eb93ddcbf8

          SHA256

          3bc50ac551635b9ce6fbcddea5d3d621c1216e49e9958fa24546ab8f6f2d111a

          SHA512

          2e6c4b9786034cbf6a6d94761ed31807657ee10edd679147c838a2e6e97a0c13acd6e59bc6e69edf1ca725f12e0f972a0de0ae4b331da46dccd687c59096a250

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_socket.pyd

          Filesize

          78KB

          MD5

          fd1cfe0f0023c5780247f11d8d2802c9

          SHA1

          5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc

          SHA256

          258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6

          SHA512

          b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ssl.pyd

          Filesize

          151KB

          MD5

          34b1d4db44fc3b29e8a85dd01432535f

          SHA1

          3189c207370622c97c7c049c97262d59c6487983

          SHA256

          e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6

          SHA512

          f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\_tkinter.pyd

          Filesize

          63KB

          MD5

          0b6ec42276cbbf7aafcde5b0f72211f4

          SHA1

          2f9d09ab988a269c44df080224851dd880371d78

          SHA256

          ac4262aaa4689a0e08f6f03af3928491d023c8b65fcfbf6a030dd884f3900150

          SHA512

          265317961130c9cbee5ee6982d21446bc3ed3fd2a57bd6f60909e082c39f26b44b8a974430b4f841cdfaba4217a559568a009b996308ba4173d7fbe1c3fe8c15

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\base_library.zip

          Filesize

          779KB

          MD5

          846fa247f4d15a129d33f112ff46af2c

          SHA1

          75bd773e594de5b696d8c06c90b10421f8f60781

          SHA256

          fb44ead9d13642b3b41f042d6041732f715438a6d5788270f0e1d5a5f66ccf22

          SHA512

          46a466d950fdd309e66809048f07cfe5e6f9b8b0f33a98af3b0349a9a4b9ae512a4d5eb10a85704ceb308073392aac1e0646d5077213dab710653ba101b2ac3f

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\bcrypt\_bcrypt.pyd

          Filesize

          31KB

          MD5

          cf00c6c161757c4d8d22bf17454d81fc

          SHA1

          09e58262814824182bdf7d5a003add397fa1e8dd

          SHA256

          bc04e7527f98b38befb68e96fea1d25eb61e360398539d26d8cfcd7b910e0a61

          SHA512

          4a6aad3798a76c38d15ceebce147d4e0f9af231ec054cedab087f32f594768af6baddee0b8748c3f2cae820c863225ee3cc5e8df0f0fe0a9e05d95746a090e00

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\cryptography\hazmat\bindings\_openssl.pyd

          Filesize

          2.9MB

          MD5

          4c0ad2eb9d030a088d00e90d2c57cbe9

          SHA1

          83710a36227ce0a277094c902f15a8aa365cec18

          SHA256

          dec59340c5854502551980c0ff1e013897d68be237e7c38ba9ee80c96d3ef7cd

          SHA512

          018e7236f9fe76ef124ff0b65d8832c47480bd31b40f435163566706cafaa326b5b234024c08afe80262b87c00310dc6bfa175a36c9f9d0d9a77040998f72f73

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\cryptography\hazmat\bindings\_rust.pyd

          Filesize

          1.8MB

          MD5

          4da297b15026197ab45cb5eadd60d2df

          SHA1

          dac6196e00a505f79156975866c7ca9389ac07ee

          SHA256

          fdc01f1c3eb583f060c8cc2be5753da86b55c5672174ba2ee9876e1bbcd54856

          SHA512

          c3cc8ba8fead48a6d58bb8e35e9f2c656c2c3433e1bd8cd4eb8726e9e9644345bdd2599a95b82111cff6d9d74c48bc6db7e91594dd5bc92d865a104ececc2aec

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\libcrypto-1_1.dll

          Filesize

          3.2MB

          MD5

          89511df61678befa2f62f5025c8c8448

          SHA1

          df3961f833b4964f70fcf1c002d9fd7309f53ef8

          SHA256

          296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

          SHA512

          9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\libffi-7.dll

          Filesize

          32KB

          MD5

          eef7981412be8ea459064d3090f4b3aa

          SHA1

          c60da4830ce27afc234b3c3014c583f7f0a5a925

          SHA256

          f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

          SHA512

          dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\libssl-1_1.dll

          Filesize

          674KB

          MD5

          50bcfb04328fec1a22c31c0e39286470

          SHA1

          3a1b78faf34125c7b8d684419fa715c367db3daa

          SHA256

          fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

          SHA512

          370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\lxml\_elementpath.cp39-win_amd64.pyd

          Filesize

          133KB

          MD5

          cdf12790ea7e452038c634d16a8018cf

          SHA1

          988a0d6ab1064c5bdc05e268424a194f1bfd3034

          SHA256

          78a6c7c21de5e1c6f4d47bdd7622ff7c904b25ee7ff93994dfda8c43fc610c07

          SHA512

          91ca1de9a5dfc793ed8ff80abc97020c522e5795ad02eb38c8ae38506539965c28b87a73b475951d668d5129c052dc5cca5a636e1257ebc1e4421df7c7e406b1

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\lxml\etree.cp39-win_amd64.pyd

          Filesize

          3.7MB

          MD5

          ce13539dd689624aedf9949b5ad04a4d

          SHA1

          30ac4d8d2125d514c04b7bfd7fc6184b8c99dab1

          SHA256

          e9ad04d14fa84ccad696ea50bdcf420dc58b3ad15e2c47737dcb16b34a14da57

          SHA512

          81b2b465278a4ba9036cc12854b8e8cba1f31a3f8834b560a556034dfa761f847719e524e63d7e975a722f8f79034fa835123b616bad640de2f58f4b376ad21b

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\pyexpat.pyd

          Filesize

          187KB

          MD5

          96d55e550eb6f991783ece2bca53583d

          SHA1

          7b46eaae4e499a1f6604d3c81a85a0b827cc0b9e

          SHA256

          f5d8188c6674cbd814abd1e0dd4e5a8bfadb28e31b5088ae6c4346473b03d17e

          SHA512

          254b926690a565bc31cae88183745397c99d00b5d5417ab517a8762c8874dff8fcc30a59bda1cd41b0e19e2d807ac417293a3a001005996a5d4db43b9b14d5eb

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\python3.dll

          Filesize

          58KB

          MD5

          e438f5470c5c1cb5ddbe02b59e13ad2c

          SHA1

          ec58741bf0be7f97525f4b867869a3b536e68589

          SHA256

          1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

          SHA512

          bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\python39.dll

          Filesize

          4.3MB

          MD5

          5cd203d356a77646856341a0c9135fc6

          SHA1

          a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

          SHA256

          a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

          SHA512

          390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\select.pyd

          Filesize

          28KB

          MD5

          0e3cf5d792a3f543be8bbc186b97a27a

          SHA1

          50f4c70fce31504c6b746a2c8d9754a16ebc8d5e

          SHA256

          c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460

          SHA512

          224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\setuptools-56.0.0.dist-info\INSTALLER

          Filesize

          4B

          MD5

          365c9bfeb7d89244f2ce01c1de44cb85

          SHA1

          d7a03141d5d6b1e88b6b59ef08b6681df212c599

          SHA256

          ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

          SHA512

          d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\tcl86t.dll

          Filesize

          1.6MB

          MD5

          c0b23815701dbae2a359cb8adb9ae730

          SHA1

          5be6736b645ed12e97b9462b77e5a43482673d90

          SHA256

          f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

          SHA512

          ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\tcl\encoding\cp1252.enc

          Filesize

          1KB

          MD5

          5900f51fd8b5ff75e65594eb7dd50533

          SHA1

          2e21300e0bc8a847d0423671b08d3c65761ee172

          SHA256

          14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

          SHA512

          ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\tk86t.dll

          Filesize

          1.4MB

          MD5

          fdc8a5d96f9576bd70aa1cadc2f21748

          SHA1

          bae145525a18ce7e5bc69c5f43c6044de7b6e004

          SHA256

          1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

          SHA512

          816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

        • C:\Users\Admin\AppData\Local\Temp\_MEI10682\unicodedata.pyd

          Filesize

          1.1MB

          MD5

          7af51031368619638cca688a7275db14

          SHA1

          64e2cc5ac5afe8a65af690047dc03858157e964c

          SHA256

          7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6

          SHA512

          fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326