Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

2a2d6bO44t.exe

PE32+ executable (GUI) x86-64, for MS Windows

initial sample

C:\Users\user\AppData\Local\Temp\_MEI8242\VCRUNTIME140.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\_bz2.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\_hashlib.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\_lzma.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\_socket.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-console-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-datetime-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-debug-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-errorhandling-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-file-l2-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-handle-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-heap-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-interlocked-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-libraryloader-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-localization-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-memory-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-namedpipe-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processenvironment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-processthreads-l1-1-1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-profile-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-string-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-synch-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-sysinfo-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-timezone-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-core-util-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-conio-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-convert-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-environment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-filesystem-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-heap-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-locale-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-math-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-process-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-runtime-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-stdio-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-string-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-time-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\api-ms-win-crt-utility-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip

Zip archive data, at least v2.0 to extract, compression method=store

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\libcrypto-1_1.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\libffi-7.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\python38.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\select.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\ucrtbase.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\_MEI8242\unicodedata.pyd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

There are 42 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\2a2d6bO44t.exe

"C:\Users\user\Desktop\2a2d6bO44t.exe"

Details

Is windows:	false
Is dropped:	false
PID:	824
Target ID:	0
Parent PID:	2580
Name:	2a2d6bO44t.exe
Path:	C:\Users\user\Desktop\2a2d6bO44t.exe
Commandline:	"C:\Users\user\Desktop\2a2d6bO44t.exe"
Size:	5915953
MD5:	F6FB58FFDB5677FAB17B5A8195C8D09B
Time:	23:24:56
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff733f60000
Modulesize:	368640
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\Desktop\2a2d6bO44t.exe

"C:\Users\user\Desktop\2a2d6bO44t.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5772
Target ID:	1
Parent PID:	824
Name:	2a2d6bO44t.exe
Path:	C:\Users\user\Desktop\2a2d6bO44t.exe
Commandline:	"C:\Users\user\Desktop\2a2d6bO44t.exe"
Size:	5915953
MD5:	F6FB58FFDB5677FAB17B5A8195C8D09B
Time:	23:24:57
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff733f60000
Modulesize:	368640
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688

unknown

http://python.org/dev/peps/pep-0263/

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://ocsp.thawte.com0

unknown

https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader

unknown

https://www.openssl.org/H

unknown

http://crl.mic

unknown

http://crl.micG

unknown

http://www.python.org/dev/peps/pep-0205/

unknown

https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#

unknown

https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py

unknown

http://www.python.org/download/releases/2.3/mro/.

unknown

https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy

unknown

There are 3 hidden URLs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

12136402000

heap

page read and write

121363DB000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

24A46850000

heap

page read and write

12136437000

heap

page read and write

12136437000

heap

page read and write

24A46870000

heap

page read and write

12136368000

heap

page read and write

121383BA000

heap

page read and write

121383CA000

heap

page read and write

24A4687D000

heap

page read and write

7FFDFB813000

unkown

page read and write

7FFDFB857000

unkown

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

121363DB000

heap

page read and write

121363F9000

heap

page read and write

24A46870000

heap

page read and write

12137D10000

heap

page read and write

7FFDFB82C000

unkown

page write copy

24A46870000

heap

page read and write

24A46760000

heap

page read and write

24A46870000

heap

page read and write

12136372000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

12136450000

heap

page read and write

1213645D000

heap

page read and write

121363E5000

heap

page read and write

121383B7000

heap

page read and write

24A4687D000

heap

page read and write

1213645E000

heap

page read and write

7FFE1A462000

unkown

page read and write

24A46870000

heap

page read and write

7FF733FA6000

unkown

page readonly

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

12136437000

heap

page read and write

24A46870000

heap

page read and write

121363EF000

heap

page read and write

24A4687D000

heap

page read and write

24A4687D000

heap

page read and write

7FF733F8B000

unkown

page readonly

24A4687D000

heap

page read and write

121363F3000

heap

page read and write

24A46858000

heap

page read and write

7FF733FA6000

unkown

page readonly

7FF733F60000

unkown

page readonly

7FF733F61000

unkown

page execute read

24A4687D000

heap

page read and write

7FF733F60000

unkown

page readonly

24A46870000

heap

page read and write

4001EE000

stack

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

121363F3000

heap

page read and write

12136437000

heap

page read and write

24A46870000

heap

page read and write

121383BA000

heap

page read and write

B3791DE000

stack

page read and write

121363F3000

heap

page read and write

12136403000

heap

page read and write

7FF733F8B000

unkown

page readonly

24A46870000

heap

page read and write

24A46870000

heap

page read and write

12138320000

direct allocation

page read and write

121363B2000

heap

page read and write

121363DB000

heap

page read and write

121362F0000

heap

page read and write

121383D3000

heap

page read and write

24A4687D000

heap

page read and write

1213644B000

heap

page read and write

12137CC0000

direct allocation

page read and write

24A46870000

heap

page read and write

7FF733F9E000

unkown

page read and write

121384A0000

direct allocation

page read and write

24A4687D000

heap

page read and write

7FFDFB853000

unkown

page read and write

24A4687D000

heap

page read and write

7FF733F8B000

unkown

page readonly

121363CA000

heap

page read and write

24A46870000

heap

page read and write

121363F6000

heap

page read and write

24A4687D000

heap

page read and write

7FFE13331000

unkown

page execute read

B3793CE000

stack

page read and write

121363A7000

heap

page read and write

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

12136451000

heap

page read and write

7FF733FA6000

unkown

page readonly

121383AD000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

121383A1000

heap

page read and write

12136437000

heap

page read and write

12136459000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

7FF733F9E000

unkown

page read and write

121383CA000

heap

page read and write

121383CA000

heap

page read and write

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

121383A9000

heap

page read and write

121363CA000

heap

page read and write

7FFE01435000

unkown

page readonly

7FFE0146F000

unkown

page read and write

12137C80000

direct allocation

page read and write

7FF733F9E000

unkown

page write copy

7FFE13348000

unkown

page read and write

7FFE1334C000

unkown

page readonly

24A46870000

heap

page read and write

121363F6000

heap

page read and write

1213645E000

heap

page read and write

7FFE01381000

unkown

page execute read

4005CE000

stack

page read and write

121363CA000

heap

page read and write

12138320000

direct allocation

page read and write

24A4687D000

heap

page read and write

12136459000

heap

page read and write

24A4687F000

heap

page read and write

12136416000

heap

page read and write

24A46870000

heap

page read and write

121384BE000

direct allocation

page read and write

1213643F000

heap

page read and write

7FFDFB83B000

unkown

page write copy

24A46870000

heap

page read and write

24A46870000

heap

page read and write

1213645E000

heap

page read and write

24A4687D000

heap

page read and write

121383C2000

heap

page read and write

24A46870000

heap

page read and write

121382E0000

direct allocation

page read and write

121363CA000

heap

page read and write

121383CC000

heap

page read and write

121383A1000

heap

page read and write

7FF733F60000

unkown

page readonly

7FFE148E0000

unkown

page readonly

7FFDFB481000

unkown

page execute read

121363F3000

heap

page read and write

12136437000

heap

page read and write

24A46870000

heap

page read and write

121383BA000

heap

page read and write

24A46870000

heap

page read and write

47FFE5000

stack

page read and write

12136451000

heap

page read and write

12137C40000

direct allocation

page read and write

121363CA000

heap

page read and write

12136444000

heap

page read and write

121383CB000

heap

page read and write

7FFDFB76D000

unkown

page readonly

24A46870000

heap

page read and write

121363F3000

heap

page read and write

121363AE000

heap

page read and write

1213644A000

heap

page read and write

24A4687D000

heap

page read and write

121363F3000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

7FF733F8B000

unkown

page readonly

121381A0000

direct allocation

page read and write

121383A0000

heap

page read and write

7FFE01472000

unkown

page readonly

121361E0000

heap

page read and write

7FFE01380000

unkown

page readonly

7FF733F9E000

unkown

page write copy

121383AF000

heap

page read and write

7FFDFB87F000

unkown

page readonly

121363A6000

heap

page read and write

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

7FF733F61000

unkown

page execute read

121363C5000

heap

page read and write

12136437000

heap

page read and write

24A46870000

heap

page read and write

7FFE1A450000

unkown

page readonly

12138360000

direct allocation

page read and write

24A46870000

heap

page read and write

12136404000

heap

page read and write

12136407000

heap

page read and write

24A46870000

heap

page read and write

12136416000

heap

page read and write

121383A6000

heap

page read and write

121363F3000

heap

page read and write

121363DB000

heap

page read and write

7FFE13330000

unkown

page readonly

7FFDFB874000

unkown

page read and write

7FFE1A45E000

unkown

page readonly

121383C2000

heap

page read and write

7FF733FA4000

unkown

page read and write

121363AE000

heap

page read and write

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

12136445000

heap

page read and write

7FF733F60000

unkown

page readonly

7FF733FA3000

unkown

page read and write

24A46870000

heap

page read and write

12136437000

heap

page read and write

121363DB000

heap

page read and write

121383C2000

heap

page read and write

24A46870000

heap

page read and write

7FFDFB480000

unkown

page readonly

7FFE148E9000

unkown

page readonly

B378FED000

stack

page read and write

24A4687D000

heap

page read and write

12136410000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

7FF733F61000

unkown

page execute read

121383AF000

heap

page read and write

7FFE148E6000

unkown

page readonly

24A4687D000

heap

page read and write

B378FE7000

stack

page read and write

121383C2000

heap

page read and write

1213643E000

heap

page read and write

7FFE1A463000

unkown

page readonly

121363F6000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

121383CA000

heap

page read and write

7FF733FA6000

unkown

page readonly

24A4687D000

heap

page read and write

121363F9000

heap

page read and write

7FFDFB82D000

unkown

page read and write

121383A2000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

12136403000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

7FF733F61000

unkown

page execute read

24A4687D000

heap

page read and write

7FFDFB67A000

unkown

page readonly

4003DE000

stack

page read and write

24A4687D000

heap

page read and write

121363DB000

heap

page read and write

24A4687A000

heap

page read and write

24A4687D000

heap

page read and write

121363DD000

heap

page read and write

24A46870000

heap

page read and write

12137C00000

direct allocation

page read and write

121363F9000

heap

page read and write

24A46790000

heap

page read and write

24A46680000

heap

page read and write

12136410000

heap

page read and write

24A4687D000

heap

page read and write

7FFE1A451000

unkown

page execute read

24A4687D000

heap

page read and write

24A46870000

heap

page read and write

24A4687D000

heap

page read and write

121362C0000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

24A46870000

heap

page read and write

7FFE148E1000

unkown

page execute read

24A48280000

heap

page read and write

121383BA000

heap

page read and write

7FFE13341000

unkown

page readonly

12136360000

heap

page read and write

121363C6000

heap

page read and write

24A4687D000

heap

page read and write

121363F3000

heap

page read and write

There are 259 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
2a2d6bO44t.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report2a2d6bO44t.exe

Files

Processes

URLs

Memdumps

IOC Report
2a2d6bO44t.exe