9a6113a66e0af2be3955ec88f8a752d9d80be82d6122de7f263049feedadc814

Analysis

max time kernel
1702s
max time network
1714s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Astra-image-logger-main/Astra.exe
Size

16.3MB
MD5

20c2f6afd2d1c8d46c0744e2ed602754
SHA1

ceed279e60088267b95b3ea0c34a385cc3a91b73
SHA256

2f3132fd67bf355cfa3313fa6928e7f5186022502db32ba9d4f1f5d7f74c6f53
SHA512

d689eab9d035787ce209aa165f7f74d97918b27f7258cb8cb0400b3c40687efed53f72d49be37c5e0ce5f49a6f31a6bda91e4f034ff172694f8a1578c82f7be8
SSDEEP

393216:SxdyJhoonb3pVL2Vmd6ml/m3pmMBkqQCwY9BJHdJzHfSF:SzyJ+UjpVyVmdXKmkhZN13z/SF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 47 IoCs

pid	Process
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe
4544	Astra.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4544	Astra.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 4544	540	Astra.exe	83
PID 540 wrote to memory of 4544	540	Astra.exe	83

C:\Users\Admin\AppData\Local\Temp\Astra-image-logger-main\Astra.exe
"C:\Users\Admin\AppData\Local\Temp\Astra-image-logger-main\Astra.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\Astra-image-logger-main\Astra.exe
  "C:\Users\Admin\AppData\Local\Temp\Astra-image-logger-main\Astra.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Cipher\_raw_cbc.pyd

Filesize
22KB

MD5
0d0450292a5cf48171411cc8bfbbf0f7

SHA1
5de70c8bab7003bbd4fdcadb5c0736b9e6d0014c

SHA256
cb3ce4f65c9e18be6cbb504d79b594b51f38916e390dad73de4177fe88ce9c37

SHA512
ba6bbcc394e07fe09bb3a25e4aae9c4286516317d0b71d090b91aaec87fc10f61a4701aa45bc74cb216fff1e4ad881f62eb94d4ee2a3a9c8f04a954221b81d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Cipher\_raw_cfb.pyd

Filesize
23KB

MD5
0f4d8993f0d2bd829fea19a1074e9ce7

SHA1
4dfe8107d09e4d725bb887dc146b612b19818abf

SHA256
6ca8711c8095bbc475d84f81fc8dfff7cd722ffe98e0c5430631ae067913a11f

SHA512
1e6f4bc9c682654bd18e1fc4bd26b1e3757c9f89dc5d0764b2e6c45db079af184875d7d3039161ea93d375e67f33e4fb48dcb63eae0c4ee3f98f1d2f7002b103

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Cipher\_raw_ctr.pyd

Filesize
25KB

MD5
8f385dbacd6c787926ab370c59d8bba2

SHA1
953bad3e9121577fab4187311cb473d237f6cba3

SHA256
ddf0b165c1c4eff98c4ac11e08c7beadcdd8cc76f495980a21df85ba4368762a

SHA512
973b80559f238f6b0a83cd00a2870e909a0d34b3df1e6bb4d47d09395c4503ea8112fb25115232c7658e5de360b258b6612373a96e6a23cde098b60fe5579c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Cipher\_raw_ecb.pyd

Filesize
21KB

MD5
ade53f8427f55435a110f3b5379bdde1

SHA1
90bdafccfab8b47450f8226b675e6a85c5b4fcce

SHA256
55cf117455aa2059367d89e508f5e2ad459545f38d01e8e7b7b0484897408980

SHA512
2856d4c1bbdd8d37c419c5df917a9cc158c79d7f2ee68782c23fb615d719d8fe61aaa1b5f5207f80c31dc381cd6d8c9dabd450dbc0c774ff8e0a95337fda18bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Cipher\_raw_ofb.pyd

Filesize
22KB

MD5
b894480d74efb92a7820f0ec1fc70557

SHA1
07eaf9f40f4fce9babe04f537ff9a4287ec69176

SHA256
cdff737d7239fe4f39d76683d931c970a8550c27c3f7162574f2573aee755952

SHA512
498d31f040599fe3e4cfd9f586fc2fee7a056635e9c8fd995b418d6263d21f1708f891c60be09c08ccf01f7915e276aafb7abb84554280d11b25da4bdf3f3a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Hash\_BLAKE2s.pyd

Filesize
24KB

MD5
96789921c688108cac213fadb4ff2930

SHA1
d017053a25549ebff35ec548e76fc79f778d0b09

SHA256
7e4b78275516aa6bdea350940df89c0c94fd0ee70ab3f6a9bac6550783a96cad

SHA512
61a037b5f7787bb2507f1d2d78a31cf26a9472501fb959585608d8652af6f665922b827d45979711861803102a07d4a2148e9be70ab7033ece9e0484fe110fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\Crypto\Util\_strxor.pyd

Filesize
21KB

MD5
8070eb2be9841525034a508cf16a6fd6

SHA1
84df6bceba52751f22841b1169d7cd090a4bb0c6

SHA256
ee59933eba41bca29b66af9421ba53ffc90223ac88ccd35056503af52a2813fe

SHA512
33c5f4623a2e5afe404056b92556fdbaf2419d7b7728416d3368d760ddfde44a2739f551de26fa443d59294b8726a05a77733fee66abc3547073d85f2d4ebeee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_asyncio.pyd

Filesize
60KB

MD5
3aea41c0a41765d6b0eb3363804d94d0

SHA1
26f05e3e458d5b90326ea40c6bbf236a3dbd49f0

SHA256
2c9f565254e4b2744d52b58f4960d5da1330c7846059b772044e4415804d933e

SHA512
a1f5eb597c43a053d28e16b48f365760189eeb129ac3ea1eaa3bb6648332c5f11a4a446d29dcd90e773858fb4b6367568fcd9c778ea1efee5d4972dcdfe4a0e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_bz2.pyd

Filesize
78KB

MD5
d61719bf7f3d7cdebdf6c846c32ddaca

SHA1
eda22e90e602c260834303bdf7a3c77ab38477d0

SHA256
31dd9bfb64b1bee8faf925296028e2af907e6d933a83ddc570ebc82d11c43cfb

SHA512
e6c7eab95c18921439f63a30f76313d8380e66bd715afc44a89d386ae4e80c980c2632c170a445bad7446ee5f2c3ee233ccc7333757358340d551e664204e21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_cffi_backend.cp310-win_amd64.pyd

Filesize
177KB

MD5
6f1b90884343f717c5dc14f94ef5acea

SHA1
cca1a4dcf7a32bf698e75d58c5f130fb3572e423

SHA256
2093e7e4f5359b38f0819bdef8314fda332a1427f22e09afc416e1edd5910fe1

SHA512
e2c673b75162d3432bab497bad3f5f15a9571910d25f1dffb655755c74457ac78e5311bd5b38d29a91aec4d3ef883ae5c062b9a3255b5800145eb997863a7d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_ctypes.pyd

Filesize
117KB

MD5
3fc444a146f7d667169dcb4f48760f49

SHA1
350a1300abc33aa7ca077daba5a883878a3bca19

SHA256
b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68

SHA512
1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_hashlib.pyd

Filesize
60KB

MD5
0d75220cf4691af4f97ebcbd9a481c62

SHA1
dadc3d5476c83668a715750ed80176dbbb536ec7

SHA256
9da79abfed52c7432a25a513f14134f3782c73ec7142e2d90223610eaef54303

SHA512
c00bd7a768e2eef7956d05f10330f3669b279866221085f9e9b97c4e553bb44356d041e29fd4337142ccbdf4e200769d69a235c1c5ddeb6fc64d537629eac112

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_lzma.pyd

Filesize
151KB

MD5
afff5db126034438405debadb4b38f08

SHA1
fad8b25d9fe1c814ed307cdfddb5cd6fe778d364

SHA256
75d450e973cd1ccbd0f9a35ba0d7e6d644125eb311cc432bb424a299d9a52ee0

SHA512
3334d2ad9811e3be70b5a9fd84bc725c717a3ac59e2fd87e178cb39ac9172db7f9ec793011c4e613a89773b4f2425be66d44a21145a9051bed35f55a483759cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_overlapped.pyd

Filesize
45KB

MD5
84609daeef4ebd0725098c74a3772cbb

SHA1
d4a9487f34ea36d097ecbba53a9410be268944af

SHA256
622171218fab2952c569acdbf0489d0098fa0664f61624d1c4f040410731be41

SHA512
b80e77d851137181445c8056abecf8b40647d49458897e306409f56084196cbef03d12d64ac2abd351dc6901fb5b3914bb5dbc5d490cfdb1aebb04be41e02eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_queue.pyd

Filesize
27KB

MD5
c8a1f1dc297b6dd10c5f7bc64f907d38

SHA1
be0913621e5ae8b04dd0c440ee3907da9cf6eb72

SHA256
827a07b27121200ed9fb2e9efd13ccbf57ca7d32d9d9d1619f1c303fb4d607b7

SHA512
e5f07935248f8d57b1f61fe5de2105b1555c354dd8dd98f0cff21b08caba17b66272a093c185ca025edb503690ba81d5fa8b7443805a07338b25063e2f7ea1b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_socket.pyd

Filesize
74KB

MD5
f59ddb8b1eeac111d6a003f60e45b389

SHA1
e4e411a10c0ad4896f8b8153b826214ed8fe3caa

SHA256
9558dda6a3f6ad0c3091d643e2d3bf5bf20535904f691d2bdb2ce78edf46c2da

SHA512
873c6841ebf38b217465f1ead02b46a8823ef1de67d6608701e30faf5024ed00ab3c4cc4aa8c4836552ecdb16c7470fe965cf76f26ee88615746d456ff6a2bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_sqlite3.pyd

Filesize
93KB

MD5
34abb557f431aa8a56837a2a804befeb

SHA1
c4ad5e35ef6971991dd39b06d36b8f61ef039061

SHA256
6dfb89e5c0b6c5c81ab081d3fdf5f35921466d2ddcede5394d3c4516655b66e0

SHA512
e078eaadecbbf57b618d301910b72a2737c65f1bbb3999fe8523396ce3a46eef1a774b94221eb83678e0e8c5e92459f3d45192535a498fd4d981b580c337a850

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\_ssl.pyd

Filesize
153KB

MD5
80f2475d92ad805439d92cba6e657215

SHA1
20aa5f43ca83b3ff07e38b00d5fbd0cf3d7dbbab

SHA256
41278e309382c79356c1a4daf6dbb5819441d0c6e64981d031cda077bb6f1f79

SHA512
618cd6ca973a0b04159a7c83f1f0cda5db126a807982983fea68f343c21e606a3cdb60b95a2b07f4d9379149d844755b9767fea0a64dd1d4451ab894a1f865b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\base_library.zip

Filesize
812KB

MD5
3a9f69ba6d4dc842211efe5941cc550f

SHA1
a1613276ad29158b6b48fd7404f888faa39cc718

SHA256
7d708c87dd587c6c367fd581ab030d0ecabb19f4f83825ad1ed60d9ecf3f4747

SHA512
30d6b3a08e3a9a15a6695e076f8b1d393d232f73e0d3999561333d39cc23aade901f5032475f8761d6290378bd85582904c527f2faee642d8646b8928e9288d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\psutil\_psutil_windows.cp310-win_amd64.pyd

Filesize
64KB

MD5
7c46d46a2ffdf05793e83c9fabf472ff

SHA1
27d38da2cfd0b8fb35671d7fa3739d7446d0ac09

SHA256
a47da972f8440f6713328c5d9e5d805a0fb5d6325e45ed921f0f86c1ca662b59

SHA512
2ff79a51991cf5a6efbaf6135096c53b3614d1d772852892745c3e44f871caf52c374e4fd8d794c3f04c0a54dd77d1a0acf10cb9c43875409d9598980e79aff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\pyexpat.pyd

Filesize
191KB

MD5
4cb923b0d757fe2aceebf378949a50e7

SHA1
688bbbae6253f0941d52faa92dedd4af6f1dfc3b

SHA256
e41cff213307b232e745d9065d057bcf36508f3a7150c877359800f2c5f97cfc

SHA512
9e88542d07bd91202fcf13b7d8c3a2bbd3d78e60985b45f4fa76c6cd2a2abdee2a0487990bea0713f2ad2a762f120411c3fbbfaa71ef040774512da8f6328047

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\python310.dll

Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\pythoncom310.dll

Filesize
673KB

MD5
020b1a47ce0b55ac69a023ed4b62e3f9

SHA1
aa2a0e793f97ca60a38e92c01825a22936628038

SHA256
863a72a5c93eebaa223834bc6482e5465379a095a3a3b34b0ad44dc7b3666112

SHA512
b131e07de24d90a3c35c6fa2957b4fe72d62b1434c3941ad5140fb1323aacba0ec41732dac4f524dc2f492b98868b54adc97b4200aa03ff2ba17dd60baea5a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\pywintypes310.dll

Filesize
143KB

MD5
bd1ee0e25a364323faa252eee25081b5

SHA1
7dea28e7588142d395f6b8d61c8b46104ff9f090

SHA256
55969e688ad11361b22a5cfee339645f243c3505d2963f0917ac05c91c2d6814

SHA512
d9456b7b45151614c6587cee54d17261a849e7950049c78f2948d93a9c7446b682e553e2d8d094c91926dd9cbaa2499b1687a9128aec38b969e95e43657c7a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\select.pyd

Filesize
26KB

MD5
994a6348f53ceea82b540e2a35ca1312

SHA1
8d764190ed81fd29b554122c8d3ae6bf857e6e29

SHA256
149427a8d58373351955ee01a1d35b5ab7e4c6ac1a312daa9ba8c72b7e5ac8a4

SHA512
b3dfb4672f439fa43e29e5b1ababca74f6d53ea4bad39dfe91f59382e23dbb2a3aea2add544892e3fcd83e3c5357ee7f09fe8ab828571876f68d76f1b1fcee2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\sqlite3.dll

Filesize
1.4MB

MD5
4ca15508e6fa67f85b70e6096f44ccc9

SHA1
8d2ad53c9dc0e91a8f5ab0622f559254d12525d9

SHA256
4b3f88de7acfcac304d1d96f936d0123ad4250654e48bd412f12a7bd8ec7ebb3

SHA512
581aa0b698045c55778e7c773c7c326fcafa39aa9a248f91d061c49096a00b3a202d3746c5a8d33100b9bc57910299db6858b7ef9337ae628d3041f59e9b4df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\unicodedata.pyd

Filesize
1.1MB

MD5
c01a5ce36dd1c822749d8ade8a5e68ca

SHA1
a021d11e1eb7a63078cbc3d3e3360d6f7e120976

SHA256
0f27f26d1faa4f76d4b9d79ad572a3d4f3bbe8020e2208d2f3b9046e815b578a

SHA512
3d4e70a946f69633072a913fe86bada436d0c28aca322203aa5ec9d0d7ae111129516d7adb3fdeef6b1d30b50c86c1de2c23a1bc9fba388474b9d9131c1e5d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\win32api.pyd

Filesize
136KB

MD5
fc7b3937aa735000ef549519425ce2c9

SHA1
e51a78b7795446a10ed10bdcab0d924a6073278d

SHA256
a6949ead059c6248969da1007ea7807dcf69a4148c51ea3bc99c15ee0bc4d308

SHA512
8840ff267bf216a0be8e1cae0daac3ff01411f9afc18b1f73ba71be8ba70a873a7e198fd7d5df98f7ca8eee9a94eab196f138a7f9f37d35c51118f81860afb7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads