fa3bfb6af65d6b2b89064b1a1f2684afdb9f7f12e6b34356da962d21cf95e98b

Resubmissions

21-12-2024 15:01

241221-seb9js1pgv 7

06-11-2024 17:06

241106-vmqs1svcnl 7

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

token_generator.exe
Size

8.9MB
MD5

8b78a7c8f03a550b0e359f38ee93b837
SHA1

a9dccd428f58639676615c35bf73c7138d3c656f
SHA256

fa3bfb6af65d6b2b89064b1a1f2684afdb9f7f12e6b34356da962d21cf95e98b
SHA512

a6ed37ba4df0830950e9e8ad5ecc2f9bf7a89861b2bf9b74bdb12222ff324423bf2aa7043f938f577f4dd1983a1f9105d97630048e3e971f6906e6f7b35e4a0e
SSDEEP

196608:HdKd4+o2HDfyGgMwBdnpkYRMHqRdqNm8lFt:9P72HDfDgMc6HqWVFt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 36 IoCs

pid	Process
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe
3112	token_generator.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 3112	1580	token_generator.exe	87
PID 1580 wrote to memory of 3112	1580	token_generator.exe	87

C:\Users\Admin\AppData\Local\Temp\token_generator.exe
"C:\Users\Admin\AppData\Local\Temp\token_generator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Users\Admin\AppData\Local\Temp\token_generator.exe
  "C:\Users\Admin\AppData\Local\Temp\token_generator.exe"
  2⤵
  - Loads dropped DLL
  PID:3112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_Salsa20.pyd

Filesize
13KB

MD5
14a20ed2868f5b3d7dcfef9363cb1f32

SHA1
c1f2ef94439f42aa39dcde1075defac8a6029dc6

SHA256
a072631cd1757d5147b5e403d6a96ef94217568d1dc1ae5c67a1892fbf61409e

SHA512
33be8b3733380c3adfe5d2844819c754fb11fcbc7aa75da8fbb4d6cef938e7d3267fbd215b9666dcfa5795d54484360a61daf193bc75b57c252d44e5f9f0d855

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
6840f030df557b08363c3e96f5df3387

SHA1
793a8ba0a7bdb5b7e510fc9a9dde62b795f369ae

SHA256
b7160ed222d56925e5b2e247f0070d5d997701e8e239ec7f80bce21d14fa5816

SHA512
edf5a4d5a3bfb82cc140ce6ce6e9df3c8ed495603dcf9c0d754f92f265f2dce6a83f244e0087309b42930d040bf55e66f34504dc1c482a274ad8262aa37d1467

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_raw_cfb.pyd

Filesize
13KB

MD5
7256877dd2b76d8c6d6910808222acd8

SHA1
c6468db06c4243ce398beb83422858b3fed76e99

SHA256
dbf703293cff0446dfd15bbaeda52fb044f56a353dda3beca9aadd8a959c5798

SHA512
a14d460d96845984f052a8509e8fc44439b616eeae46486df20f21ccaa8cfb1e55f1e4fa2f11a7b6ab0a481de62636cef19eb5bef2591fe83d415d67eb605b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
b063d73e5aa501060c303cafbc72dad3

SHA1
8c1ca04a8ed34252eb233c993ddba17803e0b81e

SHA256
98baca99834de65fc29efa930cd9dba8da233b4cfdfc4ab792e1871649b2fe5c

SHA512
8c9ad249f624bdf52a3c789c32532a51d3cc355646bd725553a738c4491ea483857032fb20c71fd3698d7f68294e3c35816421dff263d284019a9a4774c3af05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
1c74e15ec55bd8767968024d76705efc

SHA1
c590d1384d2207b3af01a46a5b4f7a2ae6bcad93

SHA256
0e3ec56a1f3c86be1caa503e5b89567aa91fd3d6da5ad4e4de4098f21270d86b

SHA512
e96ca56490fce7e169cc0ab803975baa8b5acb8bbab5047755ae2eeae177cd4b852c0620cd77bcfbc81ad18bb749dec65d243d1925288b628f155e8facdc3540

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Cipher\_raw_ofb.pyd

Filesize
12KB

MD5
134f891de4188c2428a2081e10e675f0

SHA1
22cb9b0fa0d1028851b8d28dafd988d25e94d2fd

SHA256
f326aa2a582b773f4df796035ec9bf69ec1ad11897c7d0ecfab970d33310d6ba

SHA512
43ce8af33630fd907018c62f100be502565bad712ad452a327ae166bd305735799877e14be7a46d243d834f3f884abf6286088e30533050ed9cd05d23aacaeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Hash\_BLAKE2s.pyd

Filesize
14KB

MD5
c3ba97b2d8fffdb05f514807c48cabb2

SHA1
7bc7fbde6a372e5813491bbd538fd49c0a1b7c26

SHA256
4f78e61b376151ca2d0856d2e59976670f5145fbabab1eec9b2a3b5bebb4eef6

SHA512
57c1a62d956d8c6834b7ba81c2d125a40bf466e833922ae3759cf2c1017f8caf29f4502a5a0bcbc95d74639d86baf20f0335a45f961cfcac39b4ed81e318f4eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Hash\_SHA1.pyd

Filesize
19KB

MD5
74daaab71f93bce184d507a45a88985c

SHA1
3d09d69e94548ec6975177b482b68f86eda32bb8

SHA256
e781d6daf2baaa2c1a45bd1cddb21ba491442d49a03255c1e367f246f17e13bf

SHA512
870ec2752304f12f2f91be688a34812ac1c75d444a0107284e3c45987639d8d07116eb98db76931f9c8487666e1b2c163fc5743bbfc5a72f20f040670cdeb509

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Hash\_SHA256.pyd

Filesize
21KB

MD5
b4e18c9a88a241fd5136faf33fb9c96a

SHA1
077af274aa0336880391e2f38c873a72bfc1de3b

SHA256
e50db07e18cb84827b0d55c7183cf580fb809673bcafbcef60e83b4899f3aa74

SHA512
81a059115627025a7bbf8743b48031619c13a513446b0d035aa25037e03b6a544e013caaeb139b1be9ba7d0d8cf28a5e7d4cd1b8e17948830e75bdfbd6af1653

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Hash\_ghash_portable.pyd

Filesize
13KB

MD5
20702216cda3f967df5c71fce8b9b36f

SHA1
4d9a814ee2941a175bc41f21283899d05831b488

SHA256
3f73f9d59eb028b7f17815a088ceb59a66d6784feef42f2da08dd07df917dd86

SHA512
0802cf05dad26e6c5575bbecb419af6c66e48ed878f4e18e9cec4f78d6358d751d41d1f0ccb86770a46510b993b70d2b320675422a6620ce9843e2e42193dcd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Protocol\_scrypt.pyd

Filesize
12KB

MD5
9e7b28d6ab7280bbb386c93ef490a7c1

SHA1
b088f65f3f6e2b7d07ddbe86c991ccd33535ef09

SHA256
f84667b64d9be1bcc6a91650abcee53adf1634c02a8a4a8a72d8a772432c31e4

SHA512
16a6510b403bf7d9ed76a654d8c7e6a0c489b5d856c231d12296c9746ac51cd372cc60ca2b710606613f7bc056a588c54ea24f9c0da3020bbea43e43ceeb9ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Util\_cpuid_c.pyd

Filesize
10KB

MD5
1547f8cb860ab6ea92b85d4c1b0209a1

SHA1
c5ae217dee073ac3d23c3bf72ee26d4c7515bd88

SHA256
1d2f3e627551753e58ed9a85f8d23716f03b51d8fb5394c4108eb1dc90dc9185

SHA512
40f0b46ee837e4568089d37709ef543a987411a17bdbae93d8ba9f87804fb34dca459a797629f34a5b3789b4d89bd46371ac4f00ddfe5d6b521dea8dc2375115

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\Cryptodome\Util\_strxor.pyd

Filesize
10KB

MD5
16f42de194aaefb2e3cdee7fa63d2401

SHA1
be2ab72a90e0342457a9d13be5b6b1984875edea

SHA256
61e23970b6ced494e11dc9de9cb889c70b7ff7a5afe5242ba8b29aa3da7bc60e

SHA512
a671ea77bc8ca75aedb26b73293b51b780e26d6b8046fe1b85ae12bc9cc8f1d2062f74de79040ad44d259172f99781c7e774fe40768dc0a328bd82a48bf81489

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_bz2.pyd

Filesize
81KB

MD5
86d1b2a9070cd7d52124126a357ff067

SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503

SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_ctypes.pyd

Filesize
120KB

MD5
1635a0c5a72df5ae64072cbb0065aebe

SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f

SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_elementtree.pyd

Filesize
125KB

MD5
9dc3969ee6304eec0cf502fe34c9bbc9

SHA1
be8895abf3fcbe4e7df3f95d0d0c030377548ea0

SHA256
262d771de19a071c2d086717c29dc9a704b33f95f6aa06ec2092f3e8f54495ae

SHA512
d5c02a0e4b4ba4fe1348e218123d56a91efeff291dec10a4c8df6d7c86bad47ad95501396af35ea7103b3b5a9f27a81a67f8c8ca604e8da3922209b71d46e5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_hashlib.pyd

Filesize
63KB

MD5
d4674750c732f0db4c4dd6a83a9124fe

SHA1
fd8d76817abc847bb8359a7c268acada9d26bfd5

SHA256
caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9

SHA512
97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_lzma.pyd

Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_queue.pyd

Filesize
30KB

MD5
d8c1b81bbc125b6ad1f48a172181336e

SHA1
3ff1d8dcec04ce16e97e12263b9233fbf982340c

SHA256
925f05255f4aae0997dc4ec94d900fd15950fd840685d5b8aa755427c7422b14

SHA512
ccc9f0d3aca66729832f26be12f8e7021834bbee1f4a45da9451b1aa5c2e63126c0031d223af57cf71fad2c85860782a56d78d8339b35720194df139076e0772

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_socket.pyd

Filesize
77KB

MD5
819166054fec07efcd1062f13c2147ee

SHA1
93868ebcd6e013fda9cd96d8065a1d70a66a2a26

SHA256
e6deb751039cd5424a139708475ce83f9c042d43e650765a716cb4a924b07e4f

SHA512
da3a440c94cb99b8af7d2bc8f8f0631ae9c112bd04badf200edbf7ea0c48d012843b4a9fb9f1e6d3a9674fd3d4eb6f0fa78fd1121fad1f01f3b981028538b666

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_ssl.pyd

Filesize
156KB

MD5
7910fb2af40e81bee211182cffec0a06

SHA1
251482ed44840b3c75426dd8e3280059d2ca06c6

SHA256
d2a7999e234e33828888ad455baa6ab101d90323579abc1095b8c42f0f723b6f

SHA512
bfe6506feb27a592fe9cf1db7d567d0d07f148ef1a2c969f1e4f7f29740c6bb8ccf946131e65fe5aa8ede371686c272b0860bd4c0c223195aaa1a44f59301b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\base_library.zip

Filesize
1.0MB

MD5
6c3a4d3cca5a924e5585af615b6aa801

SHA1
f1f0a814b7c11a25db3d1582152c25ac4e0a7748

SHA256
a15832e7c094998c3513d5e17b0d1beb82556204d220f7bf8b56352406ee4489

SHA512
cbc54b07e3402dafe10e1e9893c9fc5095dc490f7bf54a21ce7d1041d4379ee8d050298048046e76fbebedd2fdf0438641d0528a6af49240e23c93b717492b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pyexpat.pyd

Filesize
194KB

MD5
1118c1329f82ce9072d908cbd87e197c

SHA1
c59382178fe695c2c5576dca47c96b6de4bbcffd

SHA256
4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c

SHA512
29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\select.pyd

Filesize
29KB

MD5
a653f35d05d2f6debc5d34daddd3dfa1

SHA1
1a2ceec28ea44388f412420425665c3781af2435

SHA256
db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9

SHA512
5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\ucrtbase.dll

Filesize
987KB

MD5
6b9880ec69f2988d1035fa11969fa894

SHA1
add955b1826c79aa43afb268682aad5614d5f1e6

SHA256
c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

SHA512
747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\unicodedata.pyd

Filesize
1.1MB

MD5
81d62ad36cbddb4e57a91018f3c0816e

SHA1
fe4a4fc35df240b50db22b35824e4826059a807b

SHA256
1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e

SHA512
7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads