fa3bfb6af65d6b2b89064b1a1f2684afdb9f7f12e6b34356da962d21cf95e98b

Resubmissions

21-12-2024 15:01

241221-seb9js1pgv 7

06-11-2024 17:06

241106-vmqs1svcnl 7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

token_generator.exe
Size

8.9MB
MD5

8b78a7c8f03a550b0e359f38ee93b837
SHA1

a9dccd428f58639676615c35bf73c7138d3c656f
SHA256

fa3bfb6af65d6b2b89064b1a1f2684afdb9f7f12e6b34356da962d21cf95e98b
SHA512

a6ed37ba4df0830950e9e8ad5ecc2f9bf7a89861b2bf9b74bdb12222ff324423bf2aa7043f938f577f4dd1983a1f9105d97630048e3e971f6906e6f7b35e4a0e
SSDEEP

196608:HdKd4+o2HDfyGgMwBdnpkYRMHqRdqNm8lFt:9P72HDfDgMc6HqWVFt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2992	token_generator.exe
2992	token_generator.exe
2992	token_generator.exe
2992	token_generator.exe
2992	token_generator.exe
2992	token_generator.exe
2992	token_generator.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2992	540	token_generator.exe	32
PID 540 wrote to memory of 2992	540	token_generator.exe	32
PID 540 wrote to memory of 2992	540	token_generator.exe	32

C:\Users\Admin\AppData\Local\Temp\token_generator.exe
"C:\Users\Admin\AppData\Local\Temp\token_generator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\token_generator.exe
  "C:\Users\Admin\AppData\Local\Temp\token_generator.exe"
  2⤵
  - Loads dropped DLL
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI5402\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
b5233e03bde877536db16308f3664cda

SHA1
15ff9d07de90f4a13943b36c30ce2cfaccc67451

SHA256
fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed

SHA512
ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
da0e628d704f10be357148f2131108b1

SHA1
a9a8c5e002a65d1b43fb990a86c59d290d480464

SHA256
5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6

SHA512
30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
e142049a08327db53b0289cd25bbb70f

SHA1
3289a7c010a613b07b235d13ec96af31b683834a

SHA256
dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87

SHA512
f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
8ce9f911908bc20529ce03b7836397f5

SHA1
b8554a420c1372474e15d931f2f50e433d3b634e

SHA256
257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b

SHA512
980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
8a7fbe2425592dd419f6cf665613b967

SHA1
af2170a7e5f27111e32fa27ecfdddaa41edc8156

SHA256
a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc

SHA512
57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5402\ucrtbase.dll

Filesize
987KB

MD5
6b9880ec69f2988d1035fa11969fa894

SHA1
add955b1826c79aa43afb268682aad5614d5f1e6

SHA256
c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

SHA512
747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads