f50137e69eab731be6ac6e16fe5f5ce536d64b8e5d3786f7a68c6b4a7afc3940

Analysis

max time kernel
140s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
Size

11.5MB
MD5

9da08b49cdcc4a84b4a722d1006c2af8
SHA1

7b5af0630b89bd2a19ae32aea30343330ca3a9eb
SHA256

215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd
SHA512

579dcb0c2f0af9a97a9c75caf023f375bd93f1698678393e7315360a33f432f2d727bf14b22c8b1584c628582115462bdd0c3edaacdcaec8fd691595e6b5bfdb
SSDEEP

196608:NRH/Vl0DXI3mvb/c1J26DfXKGvsFhsktW5Ql503UenCYzCIBetGgiPwKOhcb:NN0DXimj/GFktFl50EEza+Pnx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4520	chromium.exe

Loads dropped DLL 47 IoCs

pid	Process
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe
4520	chromium.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4520	chromium.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 4520	1172	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe	90
PID 1172 wrote to memory of 4520	1172	215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe	90

C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
"C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\chromium.exe
  C:\Users\Admin\AppData\Local\Temp\215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
80bb1e0e06acaf03a0b1d4ef30d14be7

SHA1
b20cac0d2f3cd803d98a2e8a25fbf65884b0b619

SHA256
5d1c2c60c4e571b88f27d4ae7d22494bed57d5ec91939e5716afa3ea7f6871f6

SHA512
2a13ab6715b818ad62267ab51e55cd54714aebf21ec9ea61c2aefd56017dc84a6b360d024f8682a2e105582b9c5fe892ecebd2bef8a492279b19ffd84bc83fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Hash\_BLAKE2s.pyd

Filesize
13KB

MD5
d54feb9a270b212b0ccb1937c660678a

SHA1
224259e5b684c7ac8d79464e51503d302390c5c9

SHA256
032b83f1003a796465255d9b246050a196488bac1260f628913e536314afded4

SHA512
29955a6569ca6d039b35bb40c56aeeb75fc765600525d0b469f72c97945970a428951bab4af9cd21b3161d5bba932f853778e2674ca83b14f7aba009fa53566f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\Crypto\Util\_strxor.pyd

Filesize
10KB

MD5
f24f9356a6bdd29b9ef67509a8bc3a96

SHA1
a26946e938304b4e993872c6721eb8cc1dcbe43b

SHA256
034bb8efe3068763d32c404c178bd88099192c707a36f5351f7fdb63249c7f81

SHA512
c4d3f92d7558be1a714388c72f5992165dd7a9e1b4fa83b882536030542d93fdad9148c981f76fff7868192b301ac9256edb8c3d5ce5a1a2acac183f96c1028b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

Filesize
83KB

MD5
30f396f8411274f15ac85b14b7b3cd3d

SHA1
d3921f39e193d89aa93c2677cbfb47bc1ede949c

SHA256
cb15d6cc7268d3a0bd17d9d9cec330a7c1768b1c911553045c73bc6920de987f

SHA512
7d997ef18e2cbc5bca20a4730129f69a6d19abdda0261b06ad28ad8a2bddcdecb12e126df9969539216f4f51467c0fe954e4776d842e7b373fe93a8246a5ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_hashlib.pyd

Filesize
64KB

MD5
a25bc2b21b555293554d7f611eaa75ea

SHA1
a0dfd4fcfae5b94d4471357f60569b0c18b30c17

SHA256
43acecdc00dd5f9a19b48ff251106c63c975c732b9a2a7b91714642f76be074d

SHA512
b39767c2757c65500fc4f4289cb3825333d43cb659e3b95af4347bd2a277a7f25d18359cedbdde9a020c7ab57b736548c739909867ce9de1dbd3f638f4737dc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_lzma.pyd

Filesize
156KB

MD5
9e94fac072a14ca9ed3f20292169e5b2

SHA1
1eeac19715ea32a65641d82a380b9fa624e3cf0d

SHA256
a46189c5bd0302029847fed934f481835cb8d06470ea3d6b97ada7d325218a9f

SHA512
b7b3d0f737dd3b88794f75a8a6614c6fb6b1a64398c6330a52a2680caf7e558038470f6f3fc024ce691f6f51a852c05f7f431ac2687f4525683ff09132a0decb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
292KB

MD5
50ea156b773e8803f6c1fe712f746cba

SHA1
2c68212e96605210eddf740291862bdf59398aef

SHA256
94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47

SHA512
01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd

Filesize
10KB

MD5
71d96f1dbfcd6f767d81f8254e572751

SHA1
e70b74430500ed5117547e0cd339d6e6f4613503

SHA256
611e1b4b9ed6788640f550771744d83e404432830bb8e3063f0b8ec3b98911af

SHA512
7b10e13b3723db0e826b7c7a52090de999626d5fa6c8f9b4630fdeef515a58c40660fa90589532a6d4377f003b3cb5b9851e276a0b3c83b9709e28e6a66a1d32

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd

Filesize
122KB

MD5
d8f690eae02332a6898e9c8b983c56dd

SHA1
112c1fe25e0d948f767e02f291801c0e4ae592f0

SHA256
c6bb8cad80b8d7847c52931f11d73ba64f78615218398b2c058f9b218ff21ca9

SHA512
e732f79f39ba9721cc59dbe8c4785ffd74df84ca00d13d72afa3f96b97b8c7adf4ea9344d79ee2a1c77d58ef28d3ddcc855f3cb13edda928c17b1158abcc5b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd

Filesize
130KB

MD5
e9d8ab0e7867f5e0d40bd474a5ca288c

SHA1
e7bdf1664099c069ceea18c2922a8db049b4399a

SHA256
df724f6abd66a0549415abaa3fdf490680e6e0ce07584e964b8bfd01e187b487

SHA512
49b17e11d02ae99583f835b8ecf526cf1cf9ceab5d8fac0fbfaf45411ac43f0594f93780ae7f6cb3ebbc169a91e81dd57a37c48a8cd5e2653962ffbdcf9879bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
40390f2113dc2a9d6cfae7127f6ba329

SHA1
9c886c33a20b3f76b37aa9b10a6954f3c8981772

SHA256
6ba9c910f755885e4d356c798a4dd32d2803ea4cfabb3d56165b3017d0491ae2

SHA512
617b963816838d649c212c5021d7d0c58839a85d4d33bbaf72c0ec6ecd98b609080e9e57af06fa558ff302660619be57cc974282826ab9f21ae0d80fbaa831a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Cipher\_raw_cfb.pyd

Filesize
12KB

MD5
899895c0ed6830c4c9a3328cc7df95b6

SHA1
c02f14ebda8b631195068266ba20e03210abeabc

SHA256
18d568c7be3e04f4e6026d12b09b1fa3fae50ff29ac3deaf861f3c181653e691

SHA512
0b4c50e40af92bc9589668e13df417244274f46f5a66e1fc7d1d59bc281969ba319305becea119385f01cc4603439e4b37afa2cf90645425210848a02839e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
c4c525b081f8a0927091178f5f2ee103

SHA1
a1f17b5ea430ade174d02ecc0b3cb79dbf619900

SHA256
4d86a90b2e20cde099d6122c49a72bae081f60eb2eea0f76e740be6c41da6749

SHA512
7c06e3e6261427bc6e654b2b53518c7eaa5f860a47ae8e80dc3f8f0fed91e122cb2d4632188dc44123fb759749b5425f426cd1153a8f84485ef0491002b26555

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Cipher\_raw_ofb.pyd

Filesize
11KB

MD5
19e0abf76b274c12ff624a16713f4999

SHA1
a4b370f556b925f7126bf87f70263d1705c3a0db

SHA256
d9fda05ae16c5387ab46dc728c6edce6a3d0a9e1abdd7acb8b32fc2a17be6f13

SHA512
d03033ea5cf37641fbd802ebeb5019caef33c9a78e01519fea88f87e773dca92c80b74ba80429b530694dad0bfa3f043a7104234c7c961e18d48019d90277c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Hash\_SHA1.pyd

Filesize
17KB

MD5
556e6d0e5f8e4da74c2780481105d543

SHA1
7a49cdef738e9fe9cd6cd62b0f74ead1a1774a33

SHA256
247b0885cf83375211861f37b6dd1376aed5131d621ee0137a60fe7910e40f8b

SHA512
28fa0ce6bdbcc5e95b80aadc284c12658ef0c2be63421af5627776a55050ee0ea0345e30a15b744fc2b2f5b1b1bbb61e4881f27f6e3e863ebaaeed1073f4cda1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\Crypto\Hash\_SHA256.pyd

Filesize
21KB

MD5
cde035b8ab3d046b1ce37eee7ee91fa0

SHA1
4298b62ed67c8d4f731d1b33e68d7dc9a58487ff

SHA256
16bea322d994a553b293a724b57293d57da62bc7eaf41f287956b306c13fd972

SHA512
c44fdee5a210459ce4557351e56b2d357fd4937f8ec8eaceab842fee29761f66c2262fcbaac837f39c859c67fa0e23d13e0f60b3ae59be29eb9d8abab0a572bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\_ctypes.pyd

Filesize
122KB

MD5
5377ab365c86bbcdd998580a79be28b4

SHA1
b0a6342df76c4da5b1e28a036025e274be322b35

SHA256
6c5f31bef3fdbff31beac0b1a477be880dda61346d859cf34ca93b9291594d93

SHA512
56f28d431093b9f08606d09b84a392de7ba390e66b7def469b84a21bfc648b2de3839b2eee4fb846bbf8bb6ba505f9d720ccb6bb1a723e78e8e8b59ab940ac26

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\_queue.pyd

Filesize
31KB

MD5
e1c6ff3c48d1ca755fb8a2ba700243b2

SHA1
2f2d4c0f429b8a7144d65b179beab2d760396bfb

SHA256
0a6acfd24dfbaa777460c6d003f71af473d5415607807973a382512f77d075fa

SHA512
55bfd1a848f2a70a7a55626fb84086689f867a79f09726c825522d8530f4e83708eb7caa7f7869155d3ae48f3b6aa583b556f3971a2f3412626ae76680e83ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\_socket.pyd

Filesize
81KB

MD5
69801d1a0809c52db984602ca2653541

SHA1
0f6e77086f049a7c12880829de051dcbe3d66764

SHA256
67aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3

SHA512
5fce77dd567c046feb5a13baf55fdd8112798818d852dfecc752dac87680ce0b89edfbfbdab32404cf471b70453a33f33488d3104cd82f4e0b94290e83eae7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\_ssl.pyd

Filesize
174KB

MD5
90f080c53a2b7e23a5efd5fd3806f352

SHA1
e3b339533bc906688b4d885bdc29626fbb9df2fe

SHA256
fa5e6fe9545f83704f78316e27446a0026fbebb9c0c3c63faed73a12d89784d4

SHA512
4b9b8899052c1e34675985088d39fe7c95bfd1bbce6fd5cbac8b1e61eda2fbb253eef21f8a5362ea624e8b1696f1e46c366835025aabcb7aa66c1e6709aab58a

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\_wmi.pyd

Filesize
36KB

MD5
827615eee937880862e2f26548b91e83

SHA1
186346b816a9de1ba69e51042faf36f47d768b6c

SHA256
73b7ee3156ef63d6eb7df9900ef3d200a276df61a70d08bd96f5906c39a3ac32

SHA512
45114caf2b4a7678e6b1e64d84b118fb3437232b4c0add345ddb6fbda87cebd7b5adad11899bdcd95ddfe83fdc3944a93674ca3d1b5f643a2963fbe709e44fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\chromium.exe

Filesize
22.0MB

MD5
0eb68c59eac29b84f81ad6522d396f59

SHA1
aacfdf3cb1bdd995f63584f31526b11874fc76a5

SHA256
dfa74d5d729e90be6e72b3c811a1299abbc52a1f6d347f011101fb5f719d059f

SHA512
81ee88577d9b665d90bc846aa249c9533aaeed2b7259d15981fcc1686723fe11343b682be25cfa3542117c8a805e40343a7315a69e7204829cbf70f22cca25e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\pywintypes312.dll

Filesize
133KB

MD5
da0e290ba30fe8cc1a44eeefcf090820

SHA1
d38fccd7d6f54aa73bd21f168289d7dce1a9d192

SHA256
2d1d60b996d1d5c56c24313d97e0fcda41a8bd6bf0299f6ea4eb4a1e25d490b7

SHA512
bc031d61e5772c60cbac282d05f76d81af1aa2a29a8602c2efa05fc0ce1079390999336237560b408e6539a77c732f5066c1590b7feaedb24baa9371783f2a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\select.pyd

Filesize
30KB

MD5
7c14c7bc02e47d5c8158383cb7e14124

SHA1
5ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3

SHA256
00bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5

SHA512
af70cbdd882b923013cb47545633b1147ce45c547b8202d7555043cfa77c1deee8a51a2bc5f93db4e3b9cbf7818f625ca8e3b367bffc534e26d35f475351a77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\unicodedata.pyd

Filesize
1.1MB

MD5
a8ed52a66731e78b89d3c6c6889c485d

SHA1
781e5275695ace4a5c3ad4f2874b5e375b521638

SHA256
bf669344d1b1c607d10304be47d2a2fb572e043109181e2c5c1038485af0c3d7

SHA512
1c131911f120a4287ebf596c52de047309e3be6d99bc18555bd309a27e057cc895a018376aa134df1dc13569f47c97c1a6e8872acedfa06930bbf2b175af9017

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\vcruntime140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\vcruntime140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1172_133856959045264095\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
memory/1172-126-0x00007FF765590000-0x00007FF766131000-memory.dmp

Filesize
11.6MB

Download
memory/4520-127-0x00007FF70B580000-0x00007FF70CBCB000-memory.dmp

Filesize
22.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads