f70302e7e3744a9983ddab40d6b3ed4af212dedc5029ae1bce53cb8aed81afa1

Resubmissions

28/03/2025, 15:24

250328-ss2flazlw3 7

Analysis

max time kernel
10s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AddonsynthesisGtTS.exe
Size

8.3MB
MD5

a621d63c8f10501e7629dd69e07d3cb8
SHA1

871cf1ebe98187aa5d899a3c875ab39ea40a48c9
SHA256

f70302e7e3744a9983ddab40d6b3ed4af212dedc5029ae1bce53cb8aed81afa1
SHA512

c71d0dc2288225cbc2c629d4e0b0e6716b86008f458ec2881450b6fdca5eebb46e4c234f27f1b641bda53887c6baadb56749ec3127dd5e9c9b9e2a00e31b9c4d
SSDEEP

196608:yVVa65nRX4FMIZETKwjPePdrQJ/BNOqK9AX5+YPL:Y1QETKwvJHOq1p+K

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1904	AddonsynthesisGtTS.exe
1904	AddonsynthesisGtTS.exe
1904	AddonsynthesisGtTS.exe
1904	AddonsynthesisGtTS.exe
1904	AddonsynthesisGtTS.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 1904	4996	AddonsynthesisGtTS.exe	87
PID 4996 wrote to memory of 1904	4996	AddonsynthesisGtTS.exe	87

C:\Users\Admin\AppData\Local\Temp\AddonsynthesisGtTS.exe
"C:\Users\Admin\AppData\Local\Temp\AddonsynthesisGtTS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Users\Admin\AppData\Local\Temp\AddonsynthesisGtTS.exe
  "C:\Users\Admin\AppData\Local\Temp\AddonsynthesisGtTS.exe"
  2⤵
  - Loads dropped DLL
  PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI49962\PIL\_imaging.cp311-win_amd64.pyd

Filesize
2.3MB

MD5
dc83cb57b9cabcb1e19650e7a82697de

SHA1
f62d681c02c48453ae03733b830c05020f6ba971

SHA256
f82bd3cf95e02749ff1adff76725e3645e17c2780954bd724ed63ef6827633f5

SHA512
54ab930f2309a87e956a7a59a14fb50e16f8d341809e368c0817b9ea54f81b12d96e6975df81b54dfc0ae1372dd7798a1150cf8a62980168727f04d844a50d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49962\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49962\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49962\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49962\base_library.zip

Filesize
1.8MB

MD5
e17ce7183e682de459eec1a5ac9cbbff

SHA1
722968ca6eb123730ebc30ff2d498f9a5dad4cc1

SHA256
ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d

SHA512
fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49962\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads