809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557

Analysis

max time kernel
113s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe
Size

135KB
MD5

53b6784cd45c691c95a4efd14bbd2aa0
SHA1

269fa7a0ac0afa7b7f542279f88cf34ee71db81b
SHA256

809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557
SHA512

d32cd215dd44a7e78e538c206bdb54f41288fa4d1948fdc62cb4aa1b613bb2ce9adf882d6c382dcd3a7f1e01b1f305af808a6220b1968d84ff6b3ebb684f4940
SSDEEP

3072:CbJDKUQEkb7yOJysiQg17BjkrN/4KDPKDVf7dnAiMX/Rout:CbJDKrEkbEsiHdBiNgCyDt7NwZoS

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

msprxysvc32.exe

pid process

3936 msprxysvc32.exe

pid	process
3936	msprxysvc32.exe

Drops file in System32 directory 4 IoCs

Processes:

809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exemsprxysvc32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\msprxysvc32.exe	809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exemsprxysvc32.exe

description	pid	process	target process
PID 3016 wrote to memory of 3936	3016	809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe	msprxysvc32.exe
PID 3016 wrote to memory of 3936	3016	809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe	msprxysvc32.exe
PID 3016 wrote to memory of 3936	3016	809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe	msprxysvc32.exe
PID 3936 wrote to memory of 4376	3936	msprxysvc32.exe	cmd.exe
PID 3936 wrote to memory of 4376	3936	msprxysvc32.exe	cmd.exe
PID 3936 wrote to memory of 4376	3936	msprxysvc32.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe
"C:\Users\Admin\AppData\Local\Temp\809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3016

C:\Windows\SysWOW64\msprxysvc32.exe
C:\Windows\system32\msprxysvc32.exe 1144 "C:\Users\Admin\AppData\Local\Temp\809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557.exe"
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3936

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat C:\Windows\SysWOW64\msprxysvc32.exe
3⤵
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
53b6784cd45c691c95a4efd14bbd2aa0

SHA1
269fa7a0ac0afa7b7f542279f88cf34ee71db81b

SHA256
809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557

SHA512
d32cd215dd44a7e78e538c206bdb54f41288fa4d1948fdc62cb4aa1b613bb2ce9adf882d6c382dcd3a7f1e01b1f305af808a6220b1968d84ff6b3ebb684f4940

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
53b6784cd45c691c95a4efd14bbd2aa0

SHA1
269fa7a0ac0afa7b7f542279f88cf34ee71db81b

SHA256
809d74a80451e14bbcbefed70d53a8d165c6d954d77784a11485ef2684941557

SHA512
d32cd215dd44a7e78e538c206bdb54f41288fa4d1948fdc62cb4aa1b613bb2ce9adf882d6c382dcd3a7f1e01b1f305af808a6220b1968d84ff6b3ebb684f4940

Download Submit
memory/3016-132-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/3016-136-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/3936-133-0x0000000000000000-mapping.dmp

Download
memory/3936-137-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/3936-139-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4376-138-0x0000000000000000-mapping.dmp

Download