467f66d64ac576529234ed7cc6048515a5c7cfe476537949422141286a47730c

Resubmissions

25/01/2025, 02:46

250125-c9q37atjcn 9

24/01/2025, 23:20

250124-3bhbhavpfp 9

Analysis

max time kernel
285s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2025, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DECRYPT.exe
Size

21.8MB
MD5

841e54e543dfdaba4f4e8b4e38942d1e
SHA1

f87b4f5ce54bf446e3c7e4beb32870641f30cefa
SHA256

17b697a8b157e4c40c5e970cf895528784732c8a2e48dbc71c8fa174b4aacd1c
SHA512

a2d968ec4f33fa4a27984b9c92b9e05b128409ca8d89a75525afc57710534fadb70223d52ef1eeb8dd3e891392c58c385901a5260a5d2baca1413fac291fd0ac
SSDEEP

393216:xFaSF52WFt4BV/TbyG7QZDB9jezK0feetyKyBZcbwEskKNW+GJW2a6C:xFtfF2NPyV17uK0fxtyC3KN+JWrj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2056	DECRYPT.exe

Loads dropped DLL 31 IoCs

pid	Process
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe
2056	DECRYPT.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2056	DECRYPT.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2056	DECRYPT.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2056	DECRYPT.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 2056	3728	DECRYPT.exe	82
PID 3728 wrote to memory of 2056	3728	DECRYPT.exe	82

C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe
"C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\DECRYPT.exe
  C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PyQt5\qt-plugins\platforms\qminimal.dll

Filesize
824KB

MD5
2f6d88f8ec3047deaf174002228219ab

SHA1
eb7242bb0fe74ea78a17d39c76310a7cdd1603a8

SHA256
05d1e7364dd2a672df3ca44dd6fd85bed3d3dc239dcfe29bfb464f10b4daa628

SHA512
0a895ba11c81af14b5bd1a04a450d6dcca531063307c9ef076e9c47bd15f4438837c5d425caee2150f3259691f971d6ee61154748d06d29e4e77da3110053b54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PyQt5\qt-plugins\platforms\qoffscreen.dll

Filesize
736KB

MD5
6407499918557594916c6ab1ffef1e99

SHA1
5a57c6b3ffd51fc5688d5a28436ad2c2e70d3976

SHA256
54097626faae718a4bc8e436c85b4ded8f8fb7051b2b9563a29aee4ed5c32b7b

SHA512
8e8abb563a508e7e75241b9720a0e7ae9c1a59dd23788c74e4ed32a028721f56546792d6cca326f3d6aa0a62fdedc63bf41b8b74187215cd3b26439f40233f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PyQt5\qt-plugins\platforms\qwebgl.dll

Filesize
470KB

MD5
1edcb08c16d30516483a4cbb7d81e062

SHA1
4760915f1b90194760100304b8469a3b2e97e2bc

SHA256
9c3b2fa2383eeed92bb5810bdcf893ae30fa654a30b453ab2e49a95e1ccf1631

SHA512
0a923495210b2dc6eb1acedaf76d57b07d72d56108fd718bd0368d2c2e78ae7ac848b90d90c8393320a3d800a38e87796965afd84da8c1df6c6b244d533f0f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PyQt5\qt-plugins\platforms\qwindows.dll

Filesize
1.4MB

MD5
4931fcd0e86c4d4f83128dc74e01eaad

SHA1
ac1d0242d36896d4dda53b95812f11692e87d8df

SHA256
3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85

SHA512
0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll

Filesize
66KB

MD5
f66f6e9eda956f72e3bb113407035e61

SHA1
97328524da8e82f5f92878f1c0421b38ecec1e6c

SHA256
e23fbc1bec6ceedfa9fd305606a460d9cac5d43a66d19c0de36e27632fddd952

SHA512
7ff76e83c8d82016ab6bd349f10405f30deebe97e8347c6762eb71a40009f9a2978a0d8d0c054cf7a3d2d377563f6a21b97ddefd50a9ac932d43cc124d7c4918

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_asyncio.pyd

Filesize
63KB

MD5
cee78dc603d57cb2117e03b2c0813d84

SHA1
095c98ca409e364b8755dc9cfd12e6791bf6e2b8

SHA256
6306be660d87ffb2271dd5d783ee32e735a792556e0b5bd672dc0b1c206fdadc

SHA512
7258560aa557e3e211bb9580add604b5191c769594e17800b2793239df45225a82ce440a6b9dcf3f2228ed84712912affe9bf0b70b16498489832df2dee33e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\cryptography\hazmat\bindings\_rust.pyd

Filesize
7.9MB

MD5
34293b976da366d83c12d8ee05de7b03

SHA1
82b8eb434c26fcc3a5d9673c9b93663c0ff9bf15

SHA256
a2285c3f2f7e63ba8a17ab5d0a302740e6adf7e608e0707a7737c1ec3bd8cecc

SHA512
0807ec7515186f0a989bb667150a84ff3bebcc248625597ba0be3c6f07ad60d70cf8a3f65191436ec16042f446d4248bf92fcd02212e459405948db10f078b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll

Filesize
771KB

MD5
bfc834bb2310ddf01be9ad9cff7c2a41

SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
29KB

MD5
8472d39b9ee6051c961021d664c7447e

SHA1
b284e3566889359576d43e2e0e99d4acf068e4fb

SHA256
8a9a103bc417dede9f6946d9033487c410937e1761d93c358c1600b82f0a711f

SHA512
309f1ec491d9c39f4b319e7ce1abdedf11924301e4582d122e261e948705fb71a453fec34f63df9f9abe7f8cc2063a56cd2c2935418ab54be5596aadc2e90ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\winsound.pyd

Filesize
30KB

MD5
5622f992826d1fdb419cc8e73cc49dac

SHA1
2dfc6d9d8b0ade095dd32f80b04a5e0308ed28fb

SHA256
76620d886e34d8496a1dd1b3b04f4482825f21708e22b5ab24b8486ac4dc70f6

SHA512
573038a121e7e29964b61c5d32a32ff063bb2e3ac71b5962994d8e162baf4bef0047c9fd7bd9a694ba00f6435040bf68bd5682d28deaf6c38d860d73f1ff69cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\DECRYPT.exe

Filesize
8.2MB

MD5
a12a3a153766830021bc156db0f5036a

SHA1
37ecd5a787df5a99a84451e5b7ca4f18f3a13c5e

SHA256
343b92aeccb61845148bd143d97493f3059f51853716a34b7ebfe862529c5037

SHA512
932166f37dca84cab822373f05384b988c36d78a1b2b66feabdbdebd29b69f60f1fb70950210da81db0bf13e135cf8358834df28a6c648802bec793bfd30e9aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\PyQt5\QtCore.pyd

Filesize
2.4MB

MD5
678fa1496ffdea3a530fa146dedcdbcc

SHA1
c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8

SHA256
d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37

SHA512
8d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\PyQt5\QtGui.pyd

Filesize
2.4MB

MD5
ae182c36f5839baddc9dcb71192cfa7a

SHA1
c9fa448981ba61343c7d7decacae300cad416957

SHA256
a9408e3b15ff3030f0e9acb3429000d253d3bb7206f750091a7130325f6d0d72

SHA512
8950244d828c5ede5c3934cfe2ee229be19cc00fbf0c4a7ccebec19e8641345ef5fd028511c5428e1e21ce5491a3f74fb0175b03da17588daef918e3f66b206a

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\PyQt5\QtWidgets.pyd

Filesize
4.9MB

MD5
e8c3bfbc19378e541f5f569e2023b7aa

SHA1
aca007030c1cee45cbc692adcb8bcb29665792ba

SHA256
a1e97a2ab434c6ae5e56491c60172e59cdcce42960734e8bdf5d851b79361071

SHA512
9134c2ead00c2d19dec499e60f91e978858766744965ead655d2349ff92834ab267ac8026038e576a7e207d3bbd4a87cd5f2e2846a703c7f481a406130530eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
53a85f51054b7d58d8ad7c36975acb96

SHA1
893a757ca01472a96fb913d436aa9f8cfb2a297f

SHA256
d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9

SHA512
35957964213b41f1f21b860b03458404fbf11daf03d102fbea8c2b2f249050cefbb348edc3f22d8ecc3cb8abfdc44215c2dc9da029b4f93a7f40197bd0c16960

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\PyQt5\sip.pyd

Filesize
120KB

MD5
65a5d8a9231e9af4772d0c3a929e775d

SHA1
4c84ea66070b25524c65a5126f7ab87b513bc85f

SHA256
8c0d98d292178edbf39fbcb5793fd7706aa73d1763784923912a0c47d72c6022

SHA512
0607294f041eda912da0d3014351c1d69b5cac9631c2647d5cd6767e5602d511053255530bc83b1616c0bdf94ff5a389a83956bb279057fbe88a6e6da33900b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\Qt5Gui.dll

Filesize
6.7MB

MD5
47307a1e2e9987ab422f09771d590ff1

SHA1
0dfc3a947e56c749a75f921f4a850a3dcbf04248

SHA256
5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e

SHA512
21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_bz2.pyd

Filesize
82KB

MD5
28ede9ce9484f078ac4e52592a8704c7

SHA1
bcf8d6fe9f42a68563b6ce964bdc615c119992d0

SHA256
403e76fe18515a5ea3227cf5f919aa2f32ac3233853c9fb71627f2251c554d09

SHA512
8c372f9f6c4d27f7ca9028c6034c17deb6e98cfef690733465c1b44bd212f363625d9c768f8e0bd4c781ddde34ee4316256203ed18fa709d120f56df3cca108b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_cffi_backend.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_lzma.pyd

Filesize
155KB

MD5
d386b7c4dcf589e026abfc7196cf1c4c

SHA1
c07ce47ce0e69d233c5bdd0bcac507057d04b2d4

SHA256
ad0440ca6998e18f5cc917d088af3fea2c0ff0febce2b5e2b6c0f1370f6e87b1

SHA512
78d79e2379761b054df1f9fd8c5b7de5c16b99af2d2de16a3d0ac5cb3f0bd522257579a49e91218b972a273db4981f046609fdcf2f31cf074724d544dac7d6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_overlapped.pyd

Filesize
49KB

MD5
d3be208dc5388225162b6f88ff1d4386

SHA1
8effdb606b6771d5fdf83145de0f289e8ad83b69

SHA256
ce48969ebebdc620f4313eba2a6b6cda568b663c09d5478fa93826d401abe674

SHA512
9e1c3b37e51616687eecf1f7b945003f6eb4291d8794fea5545b4a84c636007eb781c18f6436039df02a902223ac73efac9b2e44ddc8594db62feb9997475da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_socket.pyd

Filesize
77KB

MD5
2c0ec225e35a0377ac1d0777631bffe4

SHA1
7e5d81a06ff8317af52284aedccac6ebace5c390

SHA256
301c47c4016dac27811f04f4d7232f24852ef7675e9a4500f0601703ed8f06af

SHA512
aea9d34d9e93622b01e702defd437d397f0e7642bc5f9829754d59860b345bbde2dd6d7fe21cc1d0397ff0a9db4ecfe7c38b649d33c5c6f0ead233cb201a73e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\_ssl.pyd

Filesize
172KB

MD5
66e78727c2da15fd2aac56571cd57147

SHA1
e93c9a5e61db000dee0d921f55f8507539d2df3d

SHA256
4727b60962efacfd742dca21341a884160cf9fcf499b9afa3d9fdbcc93fb75d0

SHA512
a6881f9f5827aceb51957aaed4c53b69fcf836f60b9fc66eeb2ed84aed08437a9f0b35ea038d4b1e3c539e350d9d343f8a6782b017b10a2a5157649abbca9f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\msvcp140.dll

Filesize
576KB

MD5
01b946a2edc5cc166de018dbb754b69c

SHA1
dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46

SHA256
88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5

SHA512
65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\msvcp140_1.dll

Filesize
30KB

MD5
0fe6d52eb94c848fe258dc0ec9ff4c11

SHA1
95cc74c64ab80785f3893d61a73b8a958d24da29

SHA256
446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f

SHA512
c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\python3.dll

Filesize
65KB

MD5
d8ba00c1d9fcc7c0abbffb5c214da647

SHA1
5fa9d5700b42a83bfcc125d1c45e0111b9d62035

SHA256
e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d

SHA512
df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\qt5core.dll

Filesize
5.7MB

MD5
817520432a42efa345b2d97f5c24510e

SHA1
fea7b9c61569d7e76af5effd726b7ff6147961e5

SHA256
8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

SHA512
8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\qt5widgets.dll

Filesize
5.2MB

MD5
4cd1f8fdcd617932db131c3688845ea8

SHA1
b090ed884b07d2d98747141aefd25590b8b254f9

SHA256
3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

SHA512
7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3728_133822468658207253\vcruntime140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
memory/2056-126-0x00007FF862E80000-0x00007FF8630E5000-memory.dmp

Filesize
2.4MB

Download
memory/2056-115-0x00007FF864730000-0x00007FF864C1C000-memory.dmp

Filesize
4.9MB

Download
memory/2056-118-0x00007FF8641E0000-0x00007FF864721000-memory.dmp

Filesize
5.3MB

Download
memory/2056-123-0x00007FF8630F0000-0x00007FF863353000-memory.dmp

Filesize
2.4MB

Download