e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe
Size

135KB
MD5

0e318134ff3233d410bc7cbcec9db5e3
SHA1

0a754f65a8a5e7e1396795fa8dd7b500fbae79d1
SHA256

e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22
SHA512

5cce9e06aadd8da8bb812643fce18d5b80b879448db2883d27b173826f06508ca89aa0941c3512f1f54856b173e3751f9e0b575374a83d06777aca4b72ffbc2f
SSDEEP

3072:8yMLeX9g2osEfcVR8RePAs8hSRIJSHG04XQc6cv+eNec93wYout:WeiTvUMePoSRGSm04B6QleSoS

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1860	msprxysvc32.exe

Deletes itself 1 IoCs

pid	Process
1860	msprxysvc32.exe

Loads dropped DLL 2 IoCs

pid	Process
364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe
364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msprxysvc32.exe	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1860	364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe	26
PID 364 wrote to memory of 1860	364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe	26
PID 364 wrote to memory of 1860	364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe	26
PID 364 wrote to memory of 1860	364	e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe	26
PID 1860 wrote to memory of 1256	1860	msprxysvc32.exe	27
PID 1860 wrote to memory of 1256	1860	msprxysvc32.exe	27
PID 1860 wrote to memory of 1256	1860	msprxysvc32.exe	27
PID 1860 wrote to memory of 1256	1860	msprxysvc32.exe	27

C:\Users\Admin\AppData\Local\Temp\e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe
"C:\Users\Admin\AppData\Local\Temp\e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:364
- C:\Windows\SysWOW64\msprxysvc32.exe
  C:\Windows\system32\msprxysvc32.exe 548 "C:\Users\Admin\AppData\Local\Temp\e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22.exe"
  2⤵
  - Executes dropped EXE
  - Deletes itself
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat C:\Windows\SysWOW64\msprxysvc32.exe
    3⤵
    PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
0e318134ff3233d410bc7cbcec9db5e3

SHA1
0a754f65a8a5e7e1396795fa8dd7b500fbae79d1

SHA256
e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22

SHA512
5cce9e06aadd8da8bb812643fce18d5b80b879448db2883d27b173826f06508ca89aa0941c3512f1f54856b173e3751f9e0b575374a83d06777aca4b72ffbc2f

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
0e318134ff3233d410bc7cbcec9db5e3

SHA1
0a754f65a8a5e7e1396795fa8dd7b500fbae79d1

SHA256
e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22

SHA512
5cce9e06aadd8da8bb812643fce18d5b80b879448db2883d27b173826f06508ca89aa0941c3512f1f54856b173e3751f9e0b575374a83d06777aca4b72ffbc2f

Download Submit
\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
0e318134ff3233d410bc7cbcec9db5e3

SHA1
0a754f65a8a5e7e1396795fa8dd7b500fbae79d1

SHA256
e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22

SHA512
5cce9e06aadd8da8bb812643fce18d5b80b879448db2883d27b173826f06508ca89aa0941c3512f1f54856b173e3751f9e0b575374a83d06777aca4b72ffbc2f

Download Submit
\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
0e318134ff3233d410bc7cbcec9db5e3

SHA1
0a754f65a8a5e7e1396795fa8dd7b500fbae79d1

SHA256
e79089f7b2243dd6058537b27be20f3cc74b7474b230306b05b8a8f3443dcd22

SHA512
5cce9e06aadd8da8bb812643fce18d5b80b879448db2883d27b173826f06508ca89aa0941c3512f1f54856b173e3751f9e0b575374a83d06777aca4b72ffbc2f

Download Submit
memory/364-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/364-55-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/364-61-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/1860-62-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/1860-65-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads