7d212f9db88825f5c5adebafe15eb8b4c10332dba4739e352dd4bea31eb1774b

Resubmissions

27-11-2024 18:29

241127-w49g5avlhy 10

27-11-2024 17:30

241127-v3dhmasrcz 10

Analysis

max time kernel
0s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MidnightLauncher.exe
Size

17.9MB
MD5

99e7fb22d61afd0d3eae3fd0de136a19
SHA1

a613a69be5eb2444838aee2affbca5c3dc378a4d
SHA256

7d212f9db88825f5c5adebafe15eb8b4c10332dba4739e352dd4bea31eb1774b
SHA512

12cd68fff8c8040ae3d8e165d0b686d8f46861dbd1274471dd93421ccd6404acfb730b4542e02dc2c4d4360c8f06b99341c84995ca6e68504cc7edf87ed4d904
SSDEEP

393216:BqPnLFXlrRQMDOETgsvfGyg1wJ6ZjYUGppL++Lle:oPLFXNRQRENkNNYbpLJe

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

MidnightLauncher.exe

pid	Process
2260	MidnightLauncher.exe
2260	MidnightLauncher.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x0007000000023c9f-112.dat	upx
behavioral1/files/0x0007000000023c9f-113.dat	upx
behavioral1/memory/2260-116-0x00007FFCE7FF0000-0x00007FFCE845E000-memory.dmp	upx
behavioral1/files/0x0007000000023c7c-118.dat	upx
behavioral1/files/0x0007000000023c94-125.dat	upx
behavioral1/memory/2260-126-0x00007FFCF17A0000-0x00007FFCF17AF000-memory.dmp	upx
behavioral1/memory/2260-124-0x00007FFCEC1D0000-0x00007FFCEC1F4000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

MidnightLauncher.exe

description	pid	Process	procid_target
PID 2368 wrote to memory of 2260	2368	MidnightLauncher.exe	83
PID 2368 wrote to memory of 2260	2368	MidnightLauncher.exe	83

C:\Users\Admin\AppData\Local\Temp\MidnightLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\MidnightLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\MidnightLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\MidnightLauncher.exe"
  2⤵
  - Loads dropped DLL
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23682\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\_ctypes.pyd

Filesize
56KB

MD5
6ca9a99c75a0b7b6a22681aa8e5ad77b

SHA1
dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8

SHA256
d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8

SHA512
b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\base_library.zip

Filesize
704KB

MD5
71c843e237fc87bee6f4da5fb6ce95f0

SHA1
64227feda69e3dd3769b3a5c5306cf6e67f490f9

SHA256
1e2994cab9ee755233f0025d2dee9d8c4d2bafdcb080390d88b1342e45984052

SHA512
f5381381e24eeb9f81c67c50e25486d6c22cd031e9f34fb1e9bf0ebd86582ff0b965ba80be23ddb71b7d635c1a7785d6d2e1b789afbfb247b8c7e37c99ac543e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\python310.dll

Filesize
1.4MB

MD5
1c67ac832cb37691e5b28932d6911e67

SHA1
668a364703371692539527795f6e738fb4351dd5

SHA256
10af5b89ec95456555375795bede7cb425a6626d865d92e54fa4d419c1a64f6f

SHA512
0445b5ab0e7ffef7d7b0f2b5952922b834bcfb924e74b2689ba3b043d39ea503f78e8901d84c0fbb6e2f5152a543d3ae6c99027fb8b8b87233f3b502d0bf8dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23682\python310.dll

Filesize
1.4MB

MD5
9cb0fa97fe60e2fe03978fbc18921e72

SHA1
a3f8a6094b288e836727c51028376260446eeba8

SHA256
87cbc3e9822c80c27c213c75db1fbdc5f48e1024a806d20ab0764a70085fc23f

SHA512
395d802a8e6665ccd614a042f37a6f916023627e527a6da442a365e578af77d83b4fd699640394d4fc82606d42f919f3170e15eb7d924a883001bdb5265d24db

Download Submit
memory/2260-116-0x00007FFCE7FF0000-0x00007FFCE845E000-memory.dmp

Filesize
4.4MB

Download
memory/2260-126-0x00007FFCF17A0000-0x00007FFCF17AF000-memory.dmp

Filesize
60KB

Download
memory/2260-124-0x00007FFCEC1D0000-0x00007FFCEC1F4000-memory.dmp

Filesize
144KB

Download