bf51b8bf30de084449d2bde089dbacfcffb496e486b6691ae21f1dd601385cee

Analysis

max time kernel
18s
max time network
35s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pygame.exe
Size

7.3MB
MD5

575953145ddb1fa0813244597c8223bd
SHA1

d95767e5af5c913cb6770dfdf6bf9c29625ec99b
SHA256

bf51b8bf30de084449d2bde089dbacfcffb496e486b6691ae21f1dd601385cee
SHA512

4df6dc25ca04a08bc750bb4a7b6195a1ec27720cf6f37a632f4bd91776e13e14bfd8a9fc9b78061a57718eea736e993021f39bc052aa39770edb8b048eed4868
SSDEEP

196608:PIY/qZxXMCHGLLc54i1wN+lokSaPA89wKnOuooocXKk:lcXMCHWUjdodaI89wKOufh

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe
2444	pygame.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2444	3124	pygame.exe	79
PID 3124 wrote to memory of 2444	3124	pygame.exe	79

C:\Users\Admin\AppData\Local\Temp\pygame.exe
"C:\Users\Admin\AppData\Local\Temp\pygame.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Users\Admin\AppData\Local\Temp\pygame.exe
  "C:\Users\Admin\AppData\Local\Temp\pygame.exe"
  2⤵
  - Loads dropped DLL
  PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI31242\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\VCRUNTIME140_1.dll

Filesize
48KB

MD5
68156f41ae9a04d89bb6625a5cd222d4

SHA1
3be29d5c53808186eba3a024be377ee6f267c983

SHA256
82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd

SHA512
f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_bz2.pyd

Filesize
82KB

MD5
fe499b0a9f7f361fa705e7c81e1011fa

SHA1
cc1c98754c6dab53f5831b05b4df6635ad3f856d

SHA256
160b5218c2035cccbaab9dc4ca26d099f433dcb86dbbd96425c933dc796090df

SHA512
60520c5eb5ccc72ae2a4c0f06c8447d9e9922c5f9f1f195757362fc47651adcc1cdbfef193ae4fec7d7c1a47cf1d9756bd820be996ae145f0fbbbfba327c5742

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_ctypes.pyd

Filesize
122KB

MD5
302ddf5f83b5887ab9c4b8cc4e40b7a6

SHA1
0aa06af65d072eb835c8d714d0f0733dc2f47e20

SHA256
8250b4c102abd1dba49fc5b52030caa93ca34e00b86cee6547cc0a7f22326807

SHA512
5ddc2488fa192d8b662771c698a63faaf109862c8a4dd0df10fb113aef839d012df58346a87178aff9a1b369f82d8ae7819cef4aad542d8bd3f91327feace596

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_decimal.pyd

Filesize
250KB

MD5
82321fb8245333842e1c31f874329170

SHA1
81abb1d3d5c55db53e8aca9bdf74f2dec0aba1a3

SHA256
b7f9603f98ef232a2c5bce7001d842c01d76ed35171afbd898e6d17facf38b56

SHA512
0cf932ee0d1242ea9377d054adcd71fdd7ec335abbac865e82987e3979e24cead6939cca19da63a08e08ac64face16950edce7918e02bfc7710f09645fd2fa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_hashlib.pyd

Filesize
64KB

MD5
0abfee1db6c16e8ddaff12cd3e86475b

SHA1
b2dda9635ede4f2841912cc50cb3ae67eea89fe7

SHA256
b4cec162b985d34ab768f66e8fa41ed28dc2f273fde6670eeace1d695789b137

SHA512
0a5cae4e3442af1d62b65e8bf91e0f2a61563c2b971bbf008bfb2de0f038ee472e7bfcc88663dc503b2712e92e6a7e6a5f518ddab1fab2eb435d387b740d2d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_lzma.pyd

Filesize
154KB

MD5
e3e7e99b3c2ea56065740b69f1a0bc12

SHA1
79fa083d6e75a18e8b1e81f612acb92d35bb2aea

SHA256
b095fa2eac97496b515031fbea5737988b18deee86a11f2784f5a551732ddc0c

SHA512
35cbc30b1ccdc4f5cc9560fc0149373ccd9399eb9297e61d52e6662bb8c56c6a7569d8cfad85aeb057c10558c9352ae086c0467f684fdcf72a137eadf563a909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_socket.pyd

Filesize
81KB

MD5
632336eeead53cfad22eb57f795d5657

SHA1
62f5f73d21b86cd3b73b68e5faec032618196745

SHA256
ce3090fff8575b21287df5fc69ae98806646fc302eefadf85e369ad3debad92b

SHA512
77965b45060545e210cdb044f25e5fd68d6a9150caf1cad7645dbafcf1ce8e1ccbdf8436fbdcbf5f9c293321c8916e114de30ed8897c7db72df7f8d1f98dfb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\base_library.zip

Filesize
1.3MB

MD5
bed03063e08a571088685625544ce144

SHA1
56519a1b60314ec43f3af0c5268ecc4647239ba3

SHA256
0d960743dbf746817b61ff7dd1c8c99b4f8c915de26946be56118cd6bedaebdc

SHA512
c136e16db86f94b007db42a9bf485a7c255dcc2843b40337e8f22a67028117f5bd5d48f7c1034d7446bb45ea16e530f1216d22740ddb7fab5b39cc33d4c6d995

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\pywin32_system32\pywintypes312.dll

Filesize
133KB

MD5
da0e290ba30fe8cc1a44eeefcf090820

SHA1
d38fccd7d6f54aa73bd21f168289d7dce1a9d192

SHA256
2d1d60b996d1d5c56c24313d97e0fcda41a8bd6bf0299f6ea4eb4a1e25d490b7

SHA512
bc031d61e5772c60cbac282d05f76d81af1aa2a29a8602c2efa05fc0ce1079390999336237560b408e6539a77c732f5066c1590b7feaedb24baa9371783f2a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\select.pyd

Filesize
30KB

MD5
7e871444ca23860a25b888ee263e2eaf

SHA1
aa43c9d3abdb1aabda8379f301f8116d0674b590

SHA256
dca5e6d39c5094ce599143cb82f6d8470f0c2a4ce4443499e73f32ed13333fd0

SHA512
2e260d3123f7ca612901513b90fe40739e85248da913297d4cca3b2ebd398d9697880d148830e168e474ebfc3d30ede10668c7316ed7668f8b39da7bca59e57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\unicodedata.pyd

Filesize
1.1MB

MD5
098cc6ad04199442c3e2a60e1243c2dc

SHA1
4c92c464a8e1e56e1c4d77cd30a0da474a026aaf

SHA256
64a162d6b11ba10cb11509f3cc445f17beb7acfd064f030b4d59faa1c9894b29

SHA512
73c28488b42a0bc2f0d2861fed3f5dcccf8959ce19d3121c13c998db496f2822deb40f36f86240c8d3954fd2dc2ba5d63c8a125b62324dcd92fb6c8ba49ff170

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\win32\servicemanager.pyd

Filesize
40KB

MD5
f3f807fa749768dd69b6756a980a2494

SHA1
94155ea15665cfd99c0b3ac6ed2da246bba1716f

SHA256
aea25821c55c947ecca47d526330c53cbe4b8b286d6257b8fa1721b42db578ae

SHA512
d82e01bfb4d4771b2b7fbde519e5bf003f08b0306e0080726d3a2e7297fc356cd62fbc4bc5485e7c95a960c66ad969aa7248eb4fee894d378d4b593d0ad871ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\win32\win32api.pyd

Filesize
130KB

MD5
e9d8ab0e7867f5e0d40bd474a5ca288c

SHA1
e7bdf1664099c069ceea18c2922a8db049b4399a

SHA256
df724f6abd66a0549415abaa3fdf490680e6e0ce07584e964b8bfd01e187b487

SHA512
49b17e11d02ae99583f835b8ecf526cf1cf9ceab5d8fac0fbfaf45411ac43f0594f93780ae7f6cb3ebbc169a91e81dd57a37c48a8cd5e2653962ffbdcf9879bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\win32\win32event.pyd

Filesize
28KB

MD5
7a3d5e05276e485931f4409d323beefd

SHA1
2b89eb57ac716476740af3f8e7da33aa69a87564

SHA256
72821756d90c84d3882fdd21c3c1b437ad790fd0fc39b98e5e44a41a1785385f

SHA512
6176ac6b890b7645bff319d417118485229edc199619d7b3e49e4377d3e8a00e35a4f0e63ebccceffa4adf2bd73a12557473a1fd8dc5389d8b89328109dd93e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31242\win32\win32service.pyd

Filesize
58KB

MD5
75de727b2be4f7cd5166d6bba51665c9

SHA1
d2beb340fd54d536977d58edc872216158c9e0cd

SHA256
3e338959c46eff124a7603b2daed6caa7f2a767968e7d54fa31bad1afa7f79c4

SHA512
03fac66e8916ebe244cf8366e2b27fa294d8d51c8faadd5452606424fdfa1213f5077051719c52f079686ded7be73c8a9fabc2cbb0c24686db3426892f4a1313

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads