f18f14ec50247a31a03a220e132f9317e2ac12e3905e500ba046d394575b66ee

Analysis

max time kernel
146s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-11-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sym.exe
Size

7.3MB
MD5

31e6cde417b805fefaa58afd59715161
SHA1

0d6202b37f0cb0534876099a5ed1426e4c0f1a0d
SHA256

a3d83b63326cfcdc66a9e7078e8515732f198673652063a22498e96efbb597ef
SHA512

7fddc59eae04f0b211ce42e17261ef09301e697e005914ba86b5bc178ae2dae1218f17a4501144202feffcf74c80e34c0909cf5459a11422370d4c2e958f0df0
SSDEEP

98304:iOMfowCazA1h9eT393YigJhH0yc+bTu/NWPdHdda9D4oR6KU73TEOuce90w3:iOIA1HeT39IigQWc0/aFFNoS//

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe
1452	sym.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1452	1976	sym.exe	78
PID 1976 wrote to memory of 1452	1976	sym.exe	78

C:\Users\Admin\AppData\Local\Temp\sym.exe
"C:\Users\Admin\AppData\Local\Temp\sym.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\sym.exe
  "C:\Users\Admin\AppData\Local\Temp\sym.exe"
  2⤵
  - Loads dropped DLL
  PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19762\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_bz2.pyd

Filesize
82KB

MD5
37eace4b806b32f829de08db3803b707

SHA1
8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9

SHA256
1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b

SHA512
1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_decimal.pyd

Filesize
247KB

MD5
e4e032221aca4033f9d730f19dc3b21a

SHA1
584a3b4bc26a323ce268a64aad90c746731f9a48

SHA256
23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c

SHA512
4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_hashlib.pyd

Filesize
63KB

MD5
ba682dfcdd600a4bb43a51a0d696a64c

SHA1
df85ad909e9641f8fcaa0f8f5622c88d904e9e20

SHA256
2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

SHA512
79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_lzma.pyd

Filesize
155KB

MD5
3273720ddf2c5b75b072a1fb13476751

SHA1
5fe0a4f98e471eb801a57b8c987f0feb1781ca8b

SHA256
663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948

SHA512
919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_socket.pyd

Filesize
77KB

MD5
485d998a2de412206f04fa028fe6ba90

SHA1
286e29d4f91a46171ba1e3c8229e6de94b499f1d

SHA256
8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

SHA512
68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_ssl.pyd

Filesize
172KB

MD5
e5b1a076e9828985ea8ea07d22c6abd0

SHA1
2a2827938a490cd847ea4e67e945deb4eef8cbb1

SHA256
591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b

SHA512
0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\_uuid.pyd

Filesize
24KB

MD5
b21b864e357ccd72f35f2814bd1e6012

SHA1
2ff0740c26137c6a81b96099c1f5209db33ac56a

SHA256
ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53

SHA512
29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\base_library.zip

Filesize
1.4MB

MD5
6e706e4fa21d90109df6fce1b2595155

SHA1
5328dd26b361d36239facff79baca1bab426de68

SHA256
ce9b9f16ce0d9abdbac3307115d91eaf279c5152336ccbe8830151b41c802998

SHA512
c7e377e2854ad5b5c3fb23593817ad6345bf8a78d842ff2a45c3be135fad6bb27b67c5b6c01b26e7c1b1b12ea0814f4f6b6a522bbfa689b89fa50d3652799b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\select.pyd

Filesize
29KB

MD5
e07ae2f7f28305b81adfd256716ae8c6

SHA1
9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

SHA256
fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

SHA512
acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19762\unicodedata.pyd

Filesize
1.1MB

MD5
5cc36a5de45a2c16035ade016b4348eb

SHA1
35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

SHA256
f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

SHA512
9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads