a58baed50fa0f3d2337f8ff61e3493a0523fa2749504c6ae20e3b94f28e28836

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a58baed50fa0f3d2337f8ff61e3493a0523fa2749504c6ae20e3b94f28e28836.dll
Size

1.2MB
MD5

4300f7c96b86957e28f2bfe82107efa0
SHA1

cd47a74f1fa77878fc7abd9cb88cd1a750036d78
SHA256

a58baed50fa0f3d2337f8ff61e3493a0523fa2749504c6ae20e3b94f28e28836
SHA512

5b75048eb05826ada2fcc3a7ef0a2b83af647eb52c7694fe60c0ded3fd1632fb31721e757ec8853f9bcf25bbba1401872669d9b4295f2cfd7512d408a06568a3
SSDEEP

24576:ftRPOCAer4OgctCGBUnUYQSGc15342SxBxeCKtRATNtiQBxg0ITl:ft1Ae0o6b3iEOiQLhITl

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1880	.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1080-65-0x0000000000920000-0x0000000000A9C000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
1080	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1080	rundll32.exe
1080	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 2016 wrote to memory of 1080	2016	rundll32.exe	26
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27
PID 1080 wrote to memory of 1880	1080	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a58baed50fa0f3d2337f8ff61e3493a0523fa2749504c6ae20e3b94f28e28836.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a58baed50fa0f3d2337f8ff61e3493a0523fa2749504c6ae20e3b94f28e28836.dll,#1
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\.exe
    C:\Users\Admin\AppData\Local\Temp\.exe
    3⤵
    - Executes dropped EXE
    PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.exe

Filesize
855KB

MD5
e12a7f4eed02579ee03672d281df57f0

SHA1
2df26de94eae5f49f72e83eeddf9ce20c72e4924

SHA256
e0aa189855154cbc3fb64fcbdf5c4f9fd394bd229da7e63ed25e1aad10da69c5

SHA512
ec41b4268ab919d2fc7274051516d6a4593029cb55d579bdf3a7aa78e4757c7c3dab2fb1ec64e58476afb9b453d9bc90aa5d100d8f9a8d1a79765c5758761f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe

Filesize
855KB

MD5
e12a7f4eed02579ee03672d281df57f0

SHA1
2df26de94eae5f49f72e83eeddf9ce20c72e4924

SHA256
e0aa189855154cbc3fb64fcbdf5c4f9fd394bd229da7e63ed25e1aad10da69c5

SHA512
ec41b4268ab919d2fc7274051516d6a4593029cb55d579bdf3a7aa78e4757c7c3dab2fb1ec64e58476afb9b453d9bc90aa5d100d8f9a8d1a79765c5758761f80

Download Submit
\Users\Admin\AppData\Local\Temp\.exe

Filesize
855KB

MD5
e12a7f4eed02579ee03672d281df57f0

SHA1
2df26de94eae5f49f72e83eeddf9ce20c72e4924

SHA256
e0aa189855154cbc3fb64fcbdf5c4f9fd394bd229da7e63ed25e1aad10da69c5

SHA512
ec41b4268ab919d2fc7274051516d6a4593029cb55d579bdf3a7aa78e4757c7c3dab2fb1ec64e58476afb9b453d9bc90aa5d100d8f9a8d1a79765c5758761f80

Download Submit
memory/1080-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/1080-56-0x0000000000250000-0x000000000027F000-memory.dmp

Filesize
188KB

Download
memory/1080-65-0x0000000000920000-0x0000000000A9C000-memory.dmp

Filesize
1.5MB

Download
memory/1080-66-0x0000000000220000-0x000000000024B000-memory.dmp

Filesize
172KB

Download
memory/1880-68-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1880-71-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download