Analysis Overview
SHA256
451a9144749655514c6cb9b2a5f798228e43ba7be372cbefd1bc6d00d0cb206c
Threat Level: Shows suspicious behavior
The file Driver3.0.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Detects Pyinstaller
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-19 12:11
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-19 12:11
Reported
2025-01-19 12:14
Platform
win10ltsc2021-20250113-en
Max time kernel
101s
Max time network
113s
Command Line
Signatures
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4668 wrote to memory of 3796 | N/A | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe |
| PID 4668 wrote to memory of 3796 | N/A | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe |
| PID 4668 wrote to memory of 3796 | N/A | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe | C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"
C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.98.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI46682\python38.dll
| MD5 | 2b5f50cc676c7fe476062064155da697 |
| SHA1 | d04fe5c342549e83bceb15294f029382946ba3c8 |
| SHA256 | 59db58d5a51d258ee980298fd429f40bf373a0ba81c5e0625925fc7a46c809a7 |
| SHA512 | 1d98e097cb054fd9428b4ffa6241eeed87bc160b0968c5eecffc5288ec88df8d3632d77c759a0919bfddf50ca989d4c542361dcccfa669b6ea30f2211707947d |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\VCRUNTIME140.dll
| MD5 | e4ca3dce43b1184bb18ff01f3a0f1a40 |
| SHA1 | 604611d559ca41e73b12c362de6acf84db9aee43 |
| SHA256 | 0778c7e17016895bb6962a9774acc5568afa1a50ba309b7d9726c89dad70bdbf |
| SHA512 | 137c884afa1b0b731bbd523abb47b83f31487a6ca051487292bc2a9eb7f103a0d3974fa743014018bd564be957210bdcd62c822f4ffb6441aee23b444c23e812 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\base_library.zip
| MD5 | 563ca59463328fd39b4e8cc1553652e2 |
| SHA1 | 083bd40ea0bbb1b47a8f929723fd69fe54848acf |
| SHA256 | 785a948e8d6071e04745cbb8bc0e85a52633a3a6593f2ee2179e2166b8383dde |
| SHA512 | b2cabb7bbaa5752366981938239c508f535fee2b796fec4a46b0dc1cab9017712d00c1795b336ee82c08e6e71fd62bd2778448fa6a74e1ce3a287764a522684e |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\python3.DLL
| MD5 | b9d69e6cc10b50367db83dab09bb33ce |
| SHA1 | ce69f30320216ffe1a5da59d2f3e320486141fcb |
| SHA256 | dffc357e3fdc3277b4337f27f75248a19f6628c7d2b855e4ca8fffddeac716e3 |
| SHA512 | 7b09e7d5a424aa56e10a71d2bc87345e97b8156d03012de84397992477860ae14320f59551835ff3722cff0fdfa2f881a526098ab33d019b0c677a89e24241d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_ctypes.pyd
| MD5 | 9920db5cdbcd1e69591ec24566a6eda1 |
| SHA1 | 0a0ddbdd707a99df9db5374303d77e601496aed4 |
| SHA256 | d17a08eb7744162192eec8c99fbc2a6781bc9fba915d3751e6cd1d25b81d4dd1 |
| SHA512 | de95fdf48e3c95c9a714bff4e27db29733fc128a1211ada013f8e3e4cb9e50eb134aeaacb0f6e01afc09418591da19de1f6a5152f6256064af9d61a89c10ace6 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libffi-7.dll
| MD5 | bc20614744ebf4c2b8acd28d1fe54174 |
| SHA1 | 665c0acc404e13a69800fae94efd69a41bdda901 |
| SHA256 | 0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57 |
| SHA512 | 0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_socket.pyd
| MD5 | c60d80f1f1f35f1e923c452b3c67f326 |
| SHA1 | 156d792b770aa6eaee002099f13a129d424ac8f9 |
| SHA256 | 568971a512409e205b9242171bb55daa120b8d6b6faec2f7a30415ec13ab83e7 |
| SHA512 | 9f499cb40a31dbc62af3ac36c5eae961a392654147ba2ea01f647decddf2712e4ecddd2accf9e313c855d381ecf61930c61ded0c77bfae52c5d570a977aa1c71 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\select.pyd
| MD5 | 18fb38786f8b0d9054a5f81e41fa4293 |
| SHA1 | f0c93d17012dca9b89039667d2d9367b40f991c1 |
| SHA256 | fced60bdf3e79c48407e4f903469ab7a36ecf304cbf03e65eb712da6529aae98 |
| SHA512 | 4aaf6276665dca76696b5801f7a82900dcec3e7eeb56787678d65551dd26ab6b9aabac0dc218b6306ad39408044498fb98a95e7bd4cb70662f68c68c55caf602 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_ssl.pyd
| MD5 | 0de0a1a820602c7014009c03d8a34690 |
| SHA1 | 6ee30a699b00360bfecde274cf5393e0b33f694c |
| SHA256 | da498586b6b7831bec4fecdb2f0420b88d5ae64293c88c4c4fb3fa3715ed71fa |
| SHA512 | 47f77bb81f7f90fbccf3ffd41b3fb55d8422319d4a5eb93a13b54fa7f0288db4f798ae6ce4bc3d3c2b9d6d4ff75c9fc2729e90ff3a7aa3cfcf20732fac8a37ed |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libcrypto-1_1.dll
| MD5 | c7298cd5232cf8f6e34b3404fc276266 |
| SHA1 | a043e0ff71244a65a9c2c27c95622e6cc127b932 |
| SHA256 | 1e95a63b165672accde92a9c9f8b9052c8f6357344f1376af9f916aeeb306da3 |
| SHA512 | 212b0c5d27615e8375d32d1952beee6b8292f38aae9c9612633839c4b102fcdb2555c3ee206f0df942df49cddb1d833e2773d7dc95a367a0c6628b871d6c6892 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_hashlib.pyd
| MD5 | 330910a91b474545512d5b1b1576b8dc |
| SHA1 | db4bdf2869ad1ea2109d43704ad104562c069b55 |
| SHA256 | 15a177ffaceeda7d420a0046f04618499ae6b5ef6b02bfb1a0d682ef9d464eb9 |
| SHA512 | 9e3786af1121a4a27b4e0bf71058ea60c559401015402d5c8d0b4ac3b8b948b3d410852adf04ed840db4a92cabb8a632a643b7ca8a2af92f751139ad46fe3fef |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_bz2.pyd
| MD5 | b85b771a656911b152925434e948e5b6 |
| SHA1 | 38549c9a3c19f7672ced7739b6ef39e59e6f15e7 |
| SHA256 | c0a8cbcb8dd86d43b179698cc94ef3664ec1f69868f1249088376928477c6c24 |
| SHA512 | e425a239e4b6ecdb0a6762576816dea3c4f608a0df94b804c6f58db2d42db3690928da63f53e7d83d8745b2e8188b35aed25249fa13455eeceb001eaf51d6080 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_lzma.pyd
| MD5 | 78457883e270ba94f462ee6fd9991bfb |
| SHA1 | c425f8d1592c002cdbfec1659f052e5d70b60a20 |
| SHA256 | b1c72ea095304b09439499454ba2738b2332664859b25e3b590102ac38a64562 |
| SHA512 | 2695da6045d3c9cbd846582f05ec547c29dc2e5c27796cf765f8c4e2587537285e9c9aeed86451d55689d75803ed2e72b7ead36c3b236201a6b7715938c3e0f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\cryptography\hazmat\bindings\_rust.pyd
| MD5 | 37c5ac5332d0dee2784ef2fc1da72c98 |
| SHA1 | d9e65ebeb10ddaff996b38cad1c109c6671cbb3a |
| SHA256 | c5fbbd2e7daaa8aa3a5e3937621b191b7eda09a3ab686f347b100dc18d32fc96 |
| SHA512 | 4cf6a01a0730cba2b60609d9f3cb0ec3cd4ec35b7e16345da91febb59395a477af1e264463e0eb30e9f76a8be71dbbcab7d4b708bb517fd7444a88e8b6fe1d4e |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_cffi_backend.cp38-win32.pyd
| MD5 | 0902dd1a037f758905320782eb5b5789 |
| SHA1 | 60f7a41259a3e4427967a17e764f177e1782301c |
| SHA256 | c93ecec95e754ef9604af91cac523d2bdbe86ae803a37d1cfeefb00da977fb95 |
| SHA512 | 4283447337fabc6d8375055072c2d926a72e2767077d86b789158a41664b8fc426a3258c2676a12ba97e955c77254c5ad8f700148a691527dc623052327bbe29 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\unicodedata.pyd
| MD5 | e1f715fcd3c852a016084d4d78fbeaae |
| SHA1 | 30c45e9a42a52047c091cef0060e0d1daea20a32 |
| SHA256 | f11480cb47ee949bcda4fb9e0d345dd4f0c23bfce691df90cf352ab9503b934e |
| SHA512 | b925054397a151e8cee195dc17afb79fa260288fd6e5dee59a5d99c5c5cf300d718b52051bba67503e09085bd277710bab9109940d52a74f080315be45bebf21 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\cryptography\hazmat\bindings\_openssl.pyd
| MD5 | 30e87036433cb25bf2ece650e90aec3f |
| SHA1 | 23d509e09be0af5a3c4d486dedec14e9143be4d8 |
| SHA256 | dc6a770ab8f499f66b9ea96fbefd05cb17aaa1dd9cf0ba24234c5836befe6443 |
| SHA512 | 8bed1f6908cc91c2a4adf7e1f835ed4b92a1217d77c548be1acf1f59e919077ee2a4969a928ce4867974627cdc624510152aa4838db4930a920d9127693dc7c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libssl-1_1.dll
| MD5 | 9c266951ad1d135f50884069b4f096b7 |
| SHA1 | 8d228026bf26ee1c83521afd84def1383028de52 |
| SHA256 | 06958c63049e2d7fe1f56df3767e884023a76bba1f41319f7fab3439b28174c5 |
| SHA512 | df7fcc98246cd5cd37bd5b8bb3eb5e4849c0f7c1098108b8a591611a2185999d353e42d150edf68c0b02ac3bec704f407eb35ebd7c540f6a8224a4ab498bc19f |