5b94656d770bfe78bb31e165e9a72f9cc3ec28c547973bb84d0d6b799f3bfa5a

General

Target

LabPicV3.exe
Size

609KB
MD5

71e31fe2bc2f0638e1c054a85d0ac8fd
SHA1

6537ec2c48de3444269e6de66936e6ec16d64aba
SHA256

5b94656d770bfe78bb31e165e9a72f9cc3ec28c547973bb84d0d6b799f3bfa5a
SHA512

8131e1e2f350c030c036c67cdd480cba24aed47ef9274f7300f493aeaeb7b6b89929ad5ff53888ec27d94c85fab3d5276d2228d61879f716fabce69db3bab88c

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

LabPicV3.tmpdef.exe

pid process

1840 LabPicV3.tmp
2368 def.exe
Loads dropped DLL 1 IoCs

Processes:

LabPicV3.tmp

pid process

1840 LabPicV3.tmp
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

dw20.exe

pid process

576 dw20.exe
576 dw20.exe

pid	process
1840	LabPicV3.tmp
2368	def.exe

pid	process
1840	LabPicV3.tmp

pid	process
576	dw20.exe
576	dw20.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

LabPicV3.exeLabPicV3.tmpdef.exe

description	pid	process	target process
PID 1032 wrote to memory of 1840	1032	LabPicV3.exe	LabPicV3.tmp
PID 1032 wrote to memory of 1840	1032	LabPicV3.exe	LabPicV3.tmp
PID 1032 wrote to memory of 1840	1032	LabPicV3.exe	LabPicV3.tmp
PID 1840 wrote to memory of 2368	1840	LabPicV3.tmp	def.exe
PID 1840 wrote to memory of 2368	1840	LabPicV3.tmp	def.exe
PID 2368 wrote to memory of 576	2368	def.exe	dw20.exe
PID 2368 wrote to memory of 576	2368	def.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\LabPicV3.exe
"C:\Users\Admin\AppData\Local\Temp\LabPicV3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\is-69UU1.tmp\LabPicV3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-69UU1.tmp\LabPicV3.tmp" /SL5="$2014C,298255,214528,C:\Users\Admin\AppData\Local\Temp\LabPicV3.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1840

C:\Users\Admin\AppData\Local\Temp\is-D1VFQ.tmp\def.exe
"C:\Users\Admin\AppData\Local\Temp\is-D1VFQ.tmp\def.exe" /S /UID=lab214
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
dw20.exe -x -s 1096
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-69UU1.tmp\LabPicV3.tmp
MD5
00743db57d25bfffb54369b2ccaee44e

SHA1
388cb06d0a69b28a2d722b24f9c4f32ce13a02af

SHA256
818ea3e28f6a2b046a2086b7ba9f2c939e60a98e0489ce7338c5379616345f54

SHA512
36163668a99501856c012f97d445775dc38f429c398b28d0dd1c072c0e0ead17854ab26fd24666727b55f420b9b8b7db7b1091f874c5722a88d1588e8bab5875

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D1VFQ.tmp\def.exe
MD5
8f4c8711382f5ac72b44a3517bb1eaf5

SHA1
613b19c39cbaa018e6b187ec2d5ba46e87388175

SHA256
5225d4196bbc43dd100ca5c045994ac591092aa3a92b66bd17f8ffbcc4ead262

SHA512
8cd64ab48ee93599cd8db5a9f1bb0f08c1b18faee4aae0e59dd4f6417c3cb213576318059076b21f469a480ff2bde332f05cb07e7780fcb272529ccee7ef41f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D1VFQ.tmp\def.exe
MD5
8f4c8711382f5ac72b44a3517bb1eaf5

SHA1
613b19c39cbaa018e6b187ec2d5ba46e87388175

SHA256
5225d4196bbc43dd100ca5c045994ac591092aa3a92b66bd17f8ffbcc4ead262

SHA512
8cd64ab48ee93599cd8db5a9f1bb0f08c1b18faee4aae0e59dd4f6417c3cb213576318059076b21f469a480ff2bde332f05cb07e7780fcb272529ccee7ef41f2

Download Submit
\Users\Admin\AppData\Local\Temp\is-D1VFQ.tmp\idp.dll
MD5
8f995688085bced38ba7795f60a5e1d3

SHA1
5b1ad67a149c05c50d6e388527af5c8a0af4343a

SHA256
203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006

SHA512
043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

Download Submit
memory/576-37-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-20-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-71-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-70-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-69-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-66-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-13-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/576-14-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-15-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-16-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-17-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-18-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-19-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-40-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-21-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-22-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-23-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-24-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-25-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-26-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-27-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-28-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-29-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-30-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-31-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-32-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-33-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-34-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-35-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-36-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-41-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-38-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-44-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-68-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-12-0x0000000000000000-mapping.dmp

Download
memory/576-42-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-43-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-39-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-45-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-46-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-47-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-48-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-49-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-50-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-51-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-52-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-53-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-54-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-55-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-56-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-57-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-58-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-59-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-60-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-61-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-63-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-62-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-64-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-65-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/576-67-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1032-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/1840-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1840-3-0x0000000000000000-mapping.dmp

Download
memory/2368-10-0x00007FFC34FE0000-0x00007FFC35980000-memory.dmp

Filesize
9.6MB

Download
memory/2368-7-0x0000000000000000-mapping.dmp

Download
memory/2368-11-0x00000000021F0000-0x00000000021F2000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads