877bbfa93204729a4a260fede9c76318d4f7e58a38f6ba5073424f94829ed536

Resubmissions

13-01-2025 01:19

250113-bpjmya1nbj 3

12-01-2025 11:10

250112-m91bzasmbp 10

Analysis

max time kernel
93s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maple.exe
Size

40.8MB
MD5

db7b4b030f0a44a2f51c957d949f8e1e
SHA1

7814eaffb9c68fb78f3f69380439aaf94d556828
SHA256

8f5f582788ce95ba51ca37dac8e45fff1674e0d36e4129731edded7e71a94c30
SHA512

be6f371423a0bee1b3d3f61640e1b6ca64290a4a864d4a1b3ad8ca6250650ca01d42b635f650138733b3817c491f64a8bc82622e7f1b565dc4cc8da37e43a63c
SSDEEP

786432:GmtGTz74LgKKoB7fgM3QZ2ciA4DS+mC8yZ9BSmPpnbP3EwlIFFnHpu1Ckf9+uKcY:GmKoLW233u2cipDM+Z9LFPI/nkUg9M6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3772	main.exe

Loads dropped DLL 64 IoCs

pid	Process
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe
3772	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 3772	2464	maple.exe	84
PID 2464 wrote to memory of 3772	2464	maple.exe	84
PID 3772 wrote to memory of 3304	3772	main.exe	86
PID 3772 wrote to memory of 3304	3772	main.exe	86
PID 3772 wrote to memory of 1048	3772	main.exe	87
PID 3772 wrote to memory of 1048	3772	main.exe	87
PID 3772 wrote to memory of 4844	3772	main.exe	88
PID 3772 wrote to memory of 4844	3772	main.exe	88
PID 4844 wrote to memory of 3728	4844	cmd.exe	89
PID 4844 wrote to memory of 3728	4844	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\maple.exe
"C:\Users\Admin\AppData\Local\Temp\maple.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\main.exe
  "C:\Users\Admin\AppData\Local\Temp\maple.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:3304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c mode 100, 20
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4844
  - - C:\Windows\system32\mode.com
      mode 100, 20
      4⤵
      PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

Filesize
156KB

MD5
7910fb2af40e81bee211182cffec0a06

SHA1
251482ed44840b3c75426dd8e3280059d2ca06c6

SHA256
d2a7999e234e33828888ad455baa6ab101d90323579abc1095b8c42f0f723b6f

SHA512
bfe6506feb27a592fe9cf1db7d567d0d07f148ef1a2c969f1e4f7f29740c6bb8ccf946131e65fe5aa8ede371686c272b0860bd4c0c223195aaa1a44f59301b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_uuid.pyd

Filesize
24KB

MD5
b68c98113c8e7e83af56ba98ff3ac84a

SHA1
448938564559570b269e05e745d9c52ecda37154

SHA256
990586f2a2ba00d48b59bdd03d3c223b8e9fb7d7fab6d414bac2833eb1241ca2

SHA512
33c69199cba8e58e235b96684346e748a17cc7f03fc068cfa8a7ec7b5f9f6fa90d90b5cdb43285abf8b4108e71098d4e87fb0d06b28e2132357964b3eea3a4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
36.4MB

MD5
5e46c3d334c90c3029eb6ae2a3fe58f2

SHA1
ad3d806f720289ccb90ce8bfd0da49fa99e7777b

SHA256
57b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5

SHA512
4bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\linalg\_umath_linalg.pyd

Filesize
104KB

MD5
e9910fa0e40764e8889c3cd0ac57822d

SHA1
466b13f1fc59f6c45650d7cad8ecdd14bf25ba03

SHA256
7699acfd30754298e74b4c5fa4a0b3eb273259620adfe79697c267479c7064b9

SHA512
7a050e74376affcd09f807f7f23ccd54f03e6c85c90c2dc0553ca9f1c7c3d2a594599d9a868e5e7059211c3bfe47834a83c477e206bb07c1dfb52628f1a01764

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll

Filesize
1.5MB

MD5
4b6270a72579b38c1cc83f240fb08360

SHA1
1a161a014f57fe8aa2fadaab7bc4f9faaac368de

SHA256
cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

SHA512
0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
512KB

MD5
4652c4087b148d08adefedf55719308b

SHA1
30e06026fea94e5777c529b479470809025ffbe2

SHA256
003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795

SHA512
d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\PIL\_imaging.pyd

Filesize
2.3MB

MD5
66dfb3fc790a5c300bbff1ba50b664f0

SHA1
b4c1fd1459e2b58a2eb04ae78d3cf17d1291ec60

SHA256
a25e90a4ea75a77a21f1c25d456b20c1220ec453894a0fde427afd351f093696

SHA512
d6181ab99036c9bba57ed6ec666dab89c184077740186ec0b0f02c0ea1210d0911eb7c10dd7c4ab8d128b49606311858db871794ba0926a3030e527e977c0f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_brotli.pyd

Filesize
801KB

MD5
ee3d454883556a68920caaedefbc1f83

SHA1
45b4d62a6e7db022e52c6159eef17e9d58bec858

SHA256
791e7195d7df47a21466868f3d7386cff13f16c51fcd0350bf4028e96278dff1

SHA512
e404adf831076d27680cc38d3879af660a96afc8b8e22ffd01647248c601f3c6c4585d7d7dc6bbd187660595f6a48f504792106869d329aa1a0f3707d7f777c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_bz2.pyd

Filesize
81KB

MD5
86d1b2a9070cd7d52124126a357ff067

SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503

SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_ctypes.pyd

Filesize
120KB

MD5
1635a0c5a72df5ae64072cbb0065aebe

SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f

SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_hashlib.pyd

Filesize
63KB

MD5
d4674750c732f0db4c4dd6a83a9124fe

SHA1
fd8d76817abc847bb8359a7c268acada9d26bfd5

SHA256
caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9

SHA512
97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_lzma.pyd

Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_queue.pyd

Filesize
30KB

MD5
d8c1b81bbc125b6ad1f48a172181336e

SHA1
3ff1d8dcec04ce16e97e12263b9233fbf982340c

SHA256
925f05255f4aae0997dc4ec94d900fd15950fd840685d5b8aa755427c7422b14

SHA512
ccc9f0d3aca66729832f26be12f8e7021834bbee1f4a45da9451b1aa5c2e63126c0031d223af57cf71fad2c85860782a56d78d8339b35720194df139076e0772

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_socket.pyd

Filesize
77KB

MD5
819166054fec07efcd1062f13c2147ee

SHA1
93868ebcd6e013fda9cd96d8065a1d70a66a2a26

SHA256
e6deb751039cd5424a139708475ce83f9c042d43e650765a716cb4a924b07e4f

SHA512
da3a440c94cb99b8af7d2bc8f8f0631ae9c112bd04badf200edbf7ea0c48d012843b4a9fb9f1e6d3a9674fd3d4eb6f0fa78fd1121fad1f01f3b981028538b666

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\_tkinter.pyd

Filesize
64KB

MD5
8da8e5348d9f9572ce9216ac8a628c2b

SHA1
35a23ea241d004a45399d69ca038042936d8288d

SHA256
06b96357f5dd83d0d8105127e7aaeacb834ddf1ae03fa46aaffdc1e5fd0a7621

SHA512
ca7a05cb49c8af6ebfa3cd5d415352bfd0c2abdbbf05d539e296042bbde075d29ddc8c2a2e5d46c9e736dcc848bc633686029784883f855167875972fb607f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\charset_normalizer\md.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\charset_normalizer\md__mypyc.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\numpy\core\_multiarray_tests.pyd

Filesize
63KB

MD5
9d30dfac3c3155022022635acfc36ca8

SHA1
259ee4dae88278daff28c6fe03b310cd267d0940

SHA256
03ad7f7642ff3e63686c64f4e82bfb20459feda8f0f8a209bbb443567edd0a18

SHA512
71856e3b3d6b917108046036dd51a57356552863171fe5e5e1c57d939c491058ade69affa830f36ebb6bebe426fe53d1921791397ddbbfeba2db257fe6c5a190

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\numpy\core\_multiarray_umath.pyd

Filesize
2.7MB

MD5
a5cac70c51ec912d2f9536f23003d72a

SHA1
a0c0f3a4a21615889210ec560ca963af7cc9b98c

SHA256
18cfaaff3a73ae7972b8a3707cf20fa58c36641bad0ad3406195c091d54b80fe

SHA512
b4e59b0b80a896c2d35f3f4d1caaebdb1f764e4d8df815edb87eb1c2e21b92a93bacec217c4feb3202bf2fe01604da66081b0cf52e16ec40c239c77bd80bbb16

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\numpy\fft\_pocketfft_internal.pyd

Filesize
107KB

MD5
01c5e6e689de8213c842574ac5475075

SHA1
df0103638bf041fbff2aefa525cba8b0d40db71a

SHA256
f427bda65498f685dbc073af03900c35231c5b9f472f310eb03e7f156ffbb9e9

SHA512
145d9bbbfc4fbfd5f246b0ce45fc4757c2e88732e68dc9a985bf6a936420e9800448ae27c0aa2c338ded72fd017e88634f41eee9e73bdbf6ab97ac8169ecf247

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\numpy\random\mtrand.pyd

Filesize
582KB

MD5
ba611c99ceb9aafada901695f7ee530d

SHA1
921488bb7c787287014bf693ba37976adbcb33ab

SHA256
d7599d4b503aa549e21594ff26537981daba7fab3f3a24e2b73dc87abdb22f39

SHA512
89ae0851625781f7b7d8abfd9dcbb9248a05b35370bf6edbaf2467f5f1e32e51827595cd8e45f3ab1bc6e0a005d57ac640f63323c52cb1ad844a4c76a11e316c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\select.pyd

Filesize
29KB

MD5
a653f35d05d2f6debc5d34daddd3dfa1

SHA1
1a2ceec28ea44388f412420425665c3781af2435

SHA256
db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9

SHA512
5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\tcl86t.dll

Filesize
1.8MB

MD5
75909678c6a79ca2ca780a1ceb00232e

SHA1
39ddbeb1c288335abe910a5011d7034345425f7d

SHA256
fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

SHA512
91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\tls_client\dependencies\tls-client-64.dll

Filesize
17.8MB

MD5
181458ffd109573a1cde903e187b0b46

SHA1
6822c8b9cad8f13f3c0921205ada08efd693d93e

SHA256
b177778656455f6b8482154238d323a3de4d74f2a8b7a62bd973251a259edb87

SHA512
0f771e01e5f89dd83a8e46d129a7975b6ca395369d82411c9864805f1efa9ab7051e6caa24a5fad121391a25cb84dc991845da976265f3d67f8528aa01a280a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2464_133811538648063852\unicodedata.pyd

Filesize
1.1MB

MD5
81d62ad36cbddb4e57a91018f3c0816e

SHA1
fe4a4fc35df240b50db22b35824e4826059a807b

SHA256
1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e

SHA512
7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d

Download Submit
memory/3772-1073-0x00007FFFAC6A0000-0x00007FFFAD82F000-memory.dmp

Filesize
17.6MB

Download
memory/3772-1074-0x00007FFFAA0B0000-0x00007FFFAC166000-memory.dmp

Filesize
32.7MB

Download