a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74

Analysis

max time kernel
147s
max time network
131s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll
Size

1.2MB
MD5

bf52463eb2b43eef8412bda49f2602b9
SHA1

8eeedc0baba079bc5811027f043ff034c1173c5e
SHA256

a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74
SHA512

bab6a03bad5003b043e851c2ed5108137acc9be584b8024075e6db1f74aea7823ea25a3cf094f7d2aa98e059b310fba51476e27f414b340f3207ad32a78c9377
SSDEEP

24576:VJPVpkCOvt+H5ZRwLZSblLAxRfbJT6+uEkMIAsTWRsrUVQBB:jIvoRwlSlURfbJrbGAe7LB

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

dwm.exe

pid process

940 dwm.exe
Loads dropped DLL 9 IoCs

Processes:

rundll32.exedwm.exe

pid process

1852 rundll32.exe
1852 rundll32.exe
1312
940 dwm.exe
940 dwm.exe
940 dwm.exe
940 dwm.exe
940 dwm.exe
940 dwm.exe

pid	process
940	dwm.exe

pid	process
1852	rundll32.exe
1852	rundll32.exe
1312
940	dwm.exe
940	dwm.exe
940	dwm.exe
940	dwm.exe
940	dwm.exe
940	dwm.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1852	2036	rundll32.exe	rundll32.exe
PID 1852 wrote to memory of 940	1852	rundll32.exe	dwm.exe
PID 1852 wrote to memory of 940	1852	rundll32.exe	dwm.exe
PID 1852 wrote to memory of 940	1852	rundll32.exe	dwm.exe
PID 1852 wrote to memory of 940	1852	rundll32.exe	dwm.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll,#1
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1852

C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe
C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe -a cryptonight -o stratum+tcp://xmr-usa.dwarfpool.com:8080 -p x -u 42ychz53apvgs3EHMoeAyGQM3pq7EikTLTBu1RaBj8njgVfykF4v8HdPNyzAfDTDUGZfoLjMdh9Wa4u1Bm2t3f7aSFSwS4U.02 -t 16
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe

Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libcurl-4.dll

Filesize
511KB

MD5
882a19580596d8e90e1f95ea3320347e

SHA1
cef622275d69a206d84363ea07b243ab9804d2f5

SHA256
7719ddd67ff07beb26bc31d1cf925f278e302e6163e02169ff7dcefcb651e007

SHA512
ea138d1d53ee183caf4fec9bead1f71517de13fb34be826ab87941830199e2d6b925146fa9461537e86fe2b4ab24556ebc5ca5cee71e25146c02beae26a3a5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libiconv-2.dll

Filesize
927KB

MD5
416476b79ba6b39199c9ed98f8d63867

SHA1
260096676ead5f1fb5db021c57fb4700995e590b

SHA256
cf33fc7fdf9de404736a23b6821fd596aa53492a51dd4d83958c0de477947708

SHA512
d12fc098ebcac2f93952d1d00a69934614443ea6d07ebd758cd3e89ecf5df36c9c28f142cb1d526cc8dff07718b17693799d131d4d5f1de839a4ef9ea0b2df97

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libidn-11.dll

Filesize
206KB

MD5
f8a0d5fe3fd8569ed3cac7318cdc493a

SHA1
27a82c19abbadff848f86ee9b9ed579c8b1f7b7b

SHA256
6e4d69c688b9f318bb497cd7a322df2e5470529880420b783061fa87aa916570

SHA512
f0328b52a14e9f3d3f72b8f77431bd757ccd5b10d65b5e8d7d67f733e09b23aa6113147cf53a9a0518cb6a4810027e5985ac109b604396cc75abfb35752cf9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libintl-8.dll

Filesize
112KB

MD5
9650b3149085e7df43acad2703b81fd8

SHA1
38d25e33825a67943fb8081a651d854fcdbfdc15

SHA256
34618f63fd89c387019f7c061846d318fa98b52c7d9025de093d442f29d4e87b

SHA512
4f8eff628f279d9d042801837518d501420a9b8d85771cbe26bc40ded2e5a701d665838e0c672fef8e0e694b4cc853e07364915ae39cc68f6bd96ff3dae5e9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libwinpthread-1.dll

Filesize
298KB

MD5
bb0019619d0e3b013018ba6cbfb6185f

SHA1
c23b023ac220283b81d98bbdf5ada3e40ab20e60

SHA256
4dd3c7262580fb8a03813c249b643d81dd0e5b90e883102a33a5a1d62500132e

SHA512
9b2731e63d50b78bf27b680f3ef33b85e68659dadaf9734ccbeb9297370c323e39d13a5b794b705a892203064dad156f6471612cb40415d6d7701347641db0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\zlib1.dll

Filesize
113KB

MD5
cb0577e362e193cad14c3d23c40c30d4

SHA1
65db52c270bc8f1e9435d95456da9f1e45e74fd9

SHA256
9e93a45fb249f32d1aac4e69ce84ceae783782e75148e572fdde3bfe2579121c

SHA512
4c1cc231599e0928ae67d1e3493417b35c6185739795b00da8cad6580a44f56df3769d652f8dd1798e762c11e87904bf0624fe6c2392b2e35fba15160959b32b

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe

Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe

Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe

Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\libcurl-4.dll

Filesize
511KB

MD5
882a19580596d8e90e1f95ea3320347e

SHA1
cef622275d69a206d84363ea07b243ab9804d2f5

SHA256
7719ddd67ff07beb26bc31d1cf925f278e302e6163e02169ff7dcefcb651e007

SHA512
ea138d1d53ee183caf4fec9bead1f71517de13fb34be826ab87941830199e2d6b925146fa9461537e86fe2b4ab24556ebc5ca5cee71e25146c02beae26a3a5f9

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\libiconv-2.dll

Filesize
927KB

MD5
416476b79ba6b39199c9ed98f8d63867

SHA1
260096676ead5f1fb5db021c57fb4700995e590b

SHA256
cf33fc7fdf9de404736a23b6821fd596aa53492a51dd4d83958c0de477947708

SHA512
d12fc098ebcac2f93952d1d00a69934614443ea6d07ebd758cd3e89ecf5df36c9c28f142cb1d526cc8dff07718b17693799d131d4d5f1de839a4ef9ea0b2df97

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\libidn-11.dll

Filesize
206KB

MD5
f8a0d5fe3fd8569ed3cac7318cdc493a

SHA1
27a82c19abbadff848f86ee9b9ed579c8b1f7b7b

SHA256
6e4d69c688b9f318bb497cd7a322df2e5470529880420b783061fa87aa916570

SHA512
f0328b52a14e9f3d3f72b8f77431bd757ccd5b10d65b5e8d7d67f733e09b23aa6113147cf53a9a0518cb6a4810027e5985ac109b604396cc75abfb35752cf9e0

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\libintl-8.dll

Filesize
112KB

MD5
9650b3149085e7df43acad2703b81fd8

SHA1
38d25e33825a67943fb8081a651d854fcdbfdc15

SHA256
34618f63fd89c387019f7c061846d318fa98b52c7d9025de093d442f29d4e87b

SHA512
4f8eff628f279d9d042801837518d501420a9b8d85771cbe26bc40ded2e5a701d665838e0c672fef8e0e694b4cc853e07364915ae39cc68f6bd96ff3dae5e9e7

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\libwinpthread-1.dll

Filesize
298KB

MD5
bb0019619d0e3b013018ba6cbfb6185f

SHA1
c23b023ac220283b81d98bbdf5ada3e40ab20e60

SHA256
4dd3c7262580fb8a03813c249b643d81dd0e5b90e883102a33a5a1d62500132e

SHA512
9b2731e63d50b78bf27b680f3ef33b85e68659dadaf9734ccbeb9297370c323e39d13a5b794b705a892203064dad156f6471612cb40415d6d7701347641db0a8

Download Submit
\Users\Admin\AppData\Local\Temp\msupdate71\zlib1.dll

Filesize
113KB

MD5
cb0577e362e193cad14c3d23c40c30d4

SHA1
65db52c270bc8f1e9435d95456da9f1e45e74fd9

SHA256
9e93a45fb249f32d1aac4e69ce84ceae783782e75148e572fdde3bfe2579121c

SHA512
4c1cc231599e0928ae67d1e3493417b35c6185739795b00da8cad6580a44f56df3769d652f8dd1798e762c11e87904bf0624fe6c2392b2e35fba15160959b32b

Download Submit
memory/940-58-0x0000000000000000-mapping.dmp

Download
memory/940-73-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/940-74-0x0000000000400000-0x00000000004EA000-memory.dmp

Filesize
936KB

Download
memory/1852-54-0x0000000000000000-mapping.dmp

Download
memory/1852-55-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download