cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe
Size

380KB
MD5

27f07a7aabd30c01e6bbbd05ba53ecd0
SHA1

b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316
SHA256

cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0
SHA512

8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6
SSDEEP

6144:g/h6+WDAzUTck5kEERH5eyUpQWpQ8PaIkvjg1u6dVItjMu8eM:AU+WMzgck5kEERH5eyB8PaIkvjgdN

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
5068	AntiVirus.exe
4816	AntiVirus.exe
1644	AntiVirus.exe
1520	AntiVirus.exe
2716	AntiVirus.exe
1376	AntiVirus.exe
1028	AntiVirus.exe
3232	AntiVirus.exe
1816	AntiVirus.exe
3832	AntiVirus.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File opened for modification	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe
File created	C:\Windows\SysWOW64\AntiVirus.exe	AntiVirus.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 5068	3044	cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe	81
PID 3044 wrote to memory of 5068	3044	cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe	81
PID 3044 wrote to memory of 5068	3044	cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe	81
PID 5068 wrote to memory of 4816	5068	AntiVirus.exe	82
PID 5068 wrote to memory of 4816	5068	AntiVirus.exe	82
PID 5068 wrote to memory of 4816	5068	AntiVirus.exe	82
PID 4816 wrote to memory of 1644	4816	AntiVirus.exe	84
PID 4816 wrote to memory of 1644	4816	AntiVirus.exe	84
PID 4816 wrote to memory of 1644	4816	AntiVirus.exe	84
PID 1644 wrote to memory of 1520	1644	AntiVirus.exe	85
PID 1644 wrote to memory of 1520	1644	AntiVirus.exe	85
PID 1644 wrote to memory of 1520	1644	AntiVirus.exe	85
PID 1520 wrote to memory of 2716	1520	AntiVirus.exe	86
PID 1520 wrote to memory of 2716	1520	AntiVirus.exe	86
PID 1520 wrote to memory of 2716	1520	AntiVirus.exe	86
PID 2716 wrote to memory of 1376	2716	AntiVirus.exe	87
PID 2716 wrote to memory of 1376	2716	AntiVirus.exe	87
PID 2716 wrote to memory of 1376	2716	AntiVirus.exe	87
PID 1376 wrote to memory of 1028	1376	AntiVirus.exe	88
PID 1376 wrote to memory of 1028	1376	AntiVirus.exe	88
PID 1376 wrote to memory of 1028	1376	AntiVirus.exe	88
PID 1028 wrote to memory of 3232	1028	AntiVirus.exe	89
PID 1028 wrote to memory of 3232	1028	AntiVirus.exe	89
PID 1028 wrote to memory of 3232	1028	AntiVirus.exe	89
PID 3232 wrote to memory of 1816	3232	AntiVirus.exe	90
PID 3232 wrote to memory of 1816	3232	AntiVirus.exe	90
PID 3232 wrote to memory of 1816	3232	AntiVirus.exe	90
PID 1816 wrote to memory of 3832	1816	AntiVirus.exe	91
PID 1816 wrote to memory of 3832	1816	AntiVirus.exe	91
PID 1816 wrote to memory of 3832	1816	AntiVirus.exe	91

C:\Users\Admin\AppData\Local\Temp\cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe
"C:\Users\Admin\AppData\Local\Temp\cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\AntiVirus.exe
  C:\Windows\system32\AntiVirus.exe 1148 "C:\Users\Admin\AppData\Local\Temp\cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Windows\SysWOW64\AntiVirus.exe
    C:\Windows\system32\AntiVirus.exe 1156 "C:\Windows\SysWOW64\AntiVirus.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Windows\SysWOW64\AntiVirus.exe
      C:\Windows\system32\AntiVirus.exe 1100 "C:\Windows\SysWOW64\AntiVirus.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1116 "C:\Windows\SysWOW64\AntiVirus.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1520
      - C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1132 "C:\Windows\SysWOW64\AntiVirus.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2716
        
        C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1128 "C:\Windows\SysWOW64\AntiVirus.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1376
        
        C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1140 "C:\Windows\SysWOW64\AntiVirus.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1028
        
        C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1120 "C:\Windows\SysWOW64\AntiVirus.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3232
        
        C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1144 "C:\Windows\SysWOW64\AntiVirus.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1816
        
        C:\Windows\SysWOW64\AntiVirus.exe
        
        C:\Windows\system32\AntiVirus.exe 1152 "C:\Windows\SysWOW64\AntiVirus.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit
C:\Windows\SysWOW64\AntiVirus.exe

Filesize
380KB

MD5
27f07a7aabd30c01e6bbbd05ba53ecd0

SHA1
b4ecfe52c751e77f5fb3097aa03afb5c0b6c4316

SHA256
cd329773639eefd9d467f53a83974e5272b62e9f5ea17673d7684e7ec2c381b0

SHA512
8388babab672ec3b462e9232927f9b2412c7b3716ef10df1ab33ee15fd5e216afb03f04a0ef67f5591bb84cafa9addadc1d00ad0e1451728d97a7ea3a5fbe0b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads