134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182

Analysis

max time kernel
26s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe
Size

135KB
MD5

0abf3aba951ed0810e5257e3efe252ea
SHA1

042759542e5594e89db267839ad21dd051b2bf5d
SHA256

134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182
SHA512

91f78bec69a6ea5d6b5f45c819f9288db1819ce528bb447025852150bb845247b51135e03eae5ca4e31bc83ae64d658ab5182295b24337c86c247d3bfe469d1b
SSDEEP

3072:/Os0ongAivDMcejP0wGrfYRBXh3TlZTL9Iv5MQtBnout:7nZg1rx4X1TBMMQt9oS

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
652	msprxysvc32.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 652	3544	134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe	54
PID 3544 wrote to memory of 652	3544	134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe	54
PID 3544 wrote to memory of 652	3544	134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe	54
PID 652 wrote to memory of 2752	652	msprxysvc32.exe	83
PID 652 wrote to memory of 2752	652	msprxysvc32.exe	83
PID 652 wrote to memory of 2752	652	msprxysvc32.exe	83

C:\Users\Admin\AppData\Local\Temp\134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe
"C:\Users\Admin\AppData\Local\Temp\134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\msprxysvc32.exe
  C:\Windows\system32\msprxysvc32.exe 1132 "C:\Users\Admin\AppData\Local\Temp\134a4a9ae1e3a84b2af363be19de2878fd45897bb43cddbbc3b1adb98a545182.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:652
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat C:\Windows\SysWOW64\msprxysvc32.exe
    3⤵
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
30KB

MD5
9eb51a9d4c496be94d8348c94b39bc0d

SHA1
32ae1cf55e2e10feb5ad7c3326014e6a1aa014c5

SHA256
40c2f85e614fe678e4e96557e87c9472cf69cfb934e07e0bade4e9439a0bccd1

SHA512
7977225dcde9b3249f215f65cb088148770f4124233eb9e20ec3ee0bde3be9452fd2722a9b4f0e39e1165956e2039656d3a3e10a11466f66b3107706236556b5

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
51KB

MD5
6fca5b008e5bd0c80cd8a254f6058024

SHA1
d60ad50c1024eab869be1d54ec7fda7d54c5ae94

SHA256
3c4faee1094c27517153db8edf95d6704688783ee63430fe75cbf1d8909d5293

SHA512
d924aba6b977da7aa09f86f63b34e429a023d16dc7251518e2ccb9fed3f59efd4c480baf9bf211f1d77cd906ab46d8d4dabea78d9c3a65821760688bb3f538c6

Download Submit
memory/652-133-0x0000000000000000-mapping.dmp

Download
memory/652-136-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/652-139-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2752-138-0x0000000000000000-mapping.dmp

Download
memory/3544-132-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/3544-137-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads