370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde

Resubmissions

21-03-2022 21:16

220321-z4ejjadgf3 10

21-03-2022 12:22

220321-pj7pgacccj 8

Analysis

max time kernel
115s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
21-03-2022 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe
Size

644KB
MD5

76863eb690c9385a6fb13503a60f0b7f
SHA1

09af8728202201928db0fbe7c0364e6070fa26f3
SHA256

370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512

6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
624	370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

Drops file in Windows directory 62 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT4035.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\FTTOLXxEZk0li+ZNE2Uo=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITBADB.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BIT404.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\6e15245aed25ee83b027521f9cf9ea812c9d016d	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BITA838.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITFB54.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITFBD3.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT34F7.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT9266.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT8DFD.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\F2WKV54ysEMEW9U+EfiUeJcNcgfNL4pMC5NmE0a3mAg=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITFDC8.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\a3f602ea4d534d006919a2613d91f9506b383314	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3F98.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITB7AD.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\5ondRmJ90JlkPETuN535TWk=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT8466.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT98A1.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\daNJ9YVgpN191GzoPynRDpTEDO9uUytOK6Ln7xcN8To=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\fbaaae7103d0f0a1303a40d280aa18bafcd08dcf	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BIT472.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT3062.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT35C3.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITBB88.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITC359.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BITA3B1.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITB8B7.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT2F17.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT2FA5.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\LZOCjtiHKk8=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT4343.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT4596.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT91AA.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITFBB3.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\v9GXr9MSfUt92b0dEpOsHH2H0TwcnvKmtIW8g3ovM=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\f3535a3b47819a04c6d5ee18905493be086e801e	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT835C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BITA267.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BITA314.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BITA7BA.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\2cd32031792245e69c7777193005916861cbbe94	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT991F.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\d9f2a302574bf135efc9dbd1a8083a336f7f52f0	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\c3ca3df6b0660cc02fa0c60992eb1164c186b223	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\9+dL4Puh6FM8puPxsBEX86BMeGqpuC0b7gf2fD9DLLo=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8E5C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITFAA7.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITC415.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\Cmn5TH6S2lFFnfMN8MLr2EoNUIAGzQo2UUjHGMEC99A=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\612ad442b8740f4c57b8c84e6bf465ba4699118c	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT8E7C.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\af66e12c1bb9d8519da21259d0fcd88c247cb4f1	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BITB00A.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\Xbfe7KpvVnvJHxQ2cRDBmUlnoMnpDY=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BITAF5E.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITFE36.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\fDFnweOZvFE=	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3032.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\e1a85885fd4453165061351651289cce8f8590c4	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8D31.tmp	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BITA46E.tmp	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 624	3916	370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe	85
PID 3916 wrote to memory of 624	3916	370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe	85
PID 3916 wrote to memory of 624	3916	370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe	85

C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe
"C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Users\Admin\AppData\Local\Temp\1cd9b53\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe
  -run=1 -shortcut="C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"
  2⤵
  - Executes dropped EXE
  PID:624

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Drops file in Windows directory
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-136-0x0000020BEAF80000-0x0000020BEAF90000-memory.dmp

Filesize
64KB

Download
memory/2292-137-0x0000020BEB860000-0x0000020BEB870000-memory.dmp

Filesize
64KB

Download
memory/2292-138-0x0000020BEDE00000-0x0000020BEDE04000-memory.dmp

Filesize
16KB

Download
memory/2292-139-0x0000020BEE100000-0x0000020BEE104000-memory.dmp

Filesize
16KB

Download
memory/2292-140-0x0000020BEE100000-0x0000020BEE104000-memory.dmp

Filesize
16KB

Download
memory/2292-141-0x0000020BEE180000-0x0000020BEE184000-memory.dmp

Filesize
16KB

Download
memory/2292-142-0x0000020BEE180000-0x0000020BEE184000-memory.dmp

Filesize
16KB

Download
memory/2292-143-0x0000020BEE2C0000-0x0000020BEE2C4000-memory.dmp

Filesize
16KB

Download
memory/2292-144-0x0000020BEE290000-0x0000020BEE294000-memory.dmp

Filesize
16KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads