a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74

Analysis

max time kernel
179s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll
Size

1.2MB
MD5

bf52463eb2b43eef8412bda49f2602b9
SHA1

8eeedc0baba079bc5811027f043ff034c1173c5e
SHA256

a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74
SHA512

bab6a03bad5003b043e851c2ed5108137acc9be584b8024075e6db1f74aea7823ea25a3cf094f7d2aa98e059b310fba51476e27f414b340f3207ad32a78c9377
SSDEEP

24576:VJPVpkCOvt+H5ZRwLZSblLAxRfbJT6+uEkMIAsTWRsrUVQBB:jIvoRwlSlURfbJrbGAe7LB

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

dwm.exe

pid process

4444 dwm.exe
Loads dropped DLL 6 IoCs

Processes:

dwm.exe

pid process

4444 dwm.exe
4444 dwm.exe
4444 dwm.exe
4444 dwm.exe
4444 dwm.exe
4444 dwm.exe

pid	process
4444	dwm.exe

pid	process
4444	dwm.exe
4444	dwm.exe
4444	dwm.exe
4444	dwm.exe
4444	dwm.exe
4444	dwm.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2828 wrote to memory of 4908	2828	rundll32.exe	rundll32.exe
PID 2828 wrote to memory of 4908	2828	rundll32.exe	rundll32.exe
PID 2828 wrote to memory of 4908	2828	rundll32.exe	rundll32.exe
PID 4908 wrote to memory of 4444	4908	rundll32.exe	dwm.exe
PID 4908 wrote to memory of 4444	4908	rundll32.exe	dwm.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5960caee08c88b409e86ec0fcac60cfd2fff0e899ec17154ae8e462fa3b4f74.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:4908

C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe
C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe -a cryptonight -o stratum+tcp://xmr-usa.dwarfpool.com:8080 -p x -u 42ychz53apvgs3EHMoeAyGQM3pq7EikTLTBu1RaBj8njgVfykF4v8HdPNyzAfDTDUGZfoLjMdh9Wa4u1Bm2t3f7aSFSwS4U.03 -t 16
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe
Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\dwm.exe
Filesize
892KB

MD5
a76fd14d26b739aa7fe4358c30c1d30e

SHA1
0b8f2ec4de56088700409483a5793bd35c85cd9e

SHA256
cf2bff3b2cbe17ff387c69f3715e346b8f2e122aafec16b292dff34101bf44b4

SHA512
3b01fab0eae273cde92af6b72587dbbe0c1834c82512d54a175168071295ec8af99260aaf78638eadb70496382d4c6eefcda3b8083a230b3cb910152499e6e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libcurl-4.dll
Filesize
511KB

MD5
882a19580596d8e90e1f95ea3320347e

SHA1
cef622275d69a206d84363ea07b243ab9804d2f5

SHA256
7719ddd67ff07beb26bc31d1cf925f278e302e6163e02169ff7dcefcb651e007

SHA512
ea138d1d53ee183caf4fec9bead1f71517de13fb34be826ab87941830199e2d6b925146fa9461537e86fe2b4ab24556ebc5ca5cee71e25146c02beae26a3a5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libcurl-4.dll
Filesize
511KB

MD5
882a19580596d8e90e1f95ea3320347e

SHA1
cef622275d69a206d84363ea07b243ab9804d2f5

SHA256
7719ddd67ff07beb26bc31d1cf925f278e302e6163e02169ff7dcefcb651e007

SHA512
ea138d1d53ee183caf4fec9bead1f71517de13fb34be826ab87941830199e2d6b925146fa9461537e86fe2b4ab24556ebc5ca5cee71e25146c02beae26a3a5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libiconv-2.dll
Filesize
128KB

MD5
f4ba452fce20265a52cf629e52764813

SHA1
4a1ab11777b65ca77f27a2bce7f3ea1d3d4fdda6

SHA256
06ccf8536e89ee05801827b56d27724ad4cea84b093165e7153cbbd466e6063c

SHA512
8924e5a5ae143ea3a1bf6dadbad0802dfdc86a70edf7cd6d0df4e433d9071a4eaea45a06c5950ecfa9aa5d3df97a113f31aa80c74729f2753e5c38c5c65c24ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libiconv-2.dll
Filesize
396KB

MD5
609151585ff8eb8274165f0b03b99076

SHA1
81902816d351a7845a28059baf342b7576c296cc

SHA256
a61cfb59fbc0f1038f95492a1d0f3560a3e2eec50e6a6ff0f66cedf9cbbd65f2

SHA512
d5a7d83140638bf447d14cd29197c6bcd71d2dd6b1f6aa9d85388a53ca26f3c4b77bcc57a0f43df7dacca15e2185ee829956429d19a5e649b4242b72961b8318

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libidn-11.dll
Filesize
206KB

MD5
f8a0d5fe3fd8569ed3cac7318cdc493a

SHA1
27a82c19abbadff848f86ee9b9ed579c8b1f7b7b

SHA256
6e4d69c688b9f318bb497cd7a322df2e5470529880420b783061fa87aa916570

SHA512
f0328b52a14e9f3d3f72b8f77431bd757ccd5b10d65b5e8d7d67f733e09b23aa6113147cf53a9a0518cb6a4810027e5985ac109b604396cc75abfb35752cf9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libidn-11.dll
Filesize
206KB

MD5
f8a0d5fe3fd8569ed3cac7318cdc493a

SHA1
27a82c19abbadff848f86ee9b9ed579c8b1f7b7b

SHA256
6e4d69c688b9f318bb497cd7a322df2e5470529880420b783061fa87aa916570

SHA512
f0328b52a14e9f3d3f72b8f77431bd757ccd5b10d65b5e8d7d67f733e09b23aa6113147cf53a9a0518cb6a4810027e5985ac109b604396cc75abfb35752cf9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libintl-8.dll
Filesize
112KB

MD5
9650b3149085e7df43acad2703b81fd8

SHA1
38d25e33825a67943fb8081a651d854fcdbfdc15

SHA256
34618f63fd89c387019f7c061846d318fa98b52c7d9025de093d442f29d4e87b

SHA512
4f8eff628f279d9d042801837518d501420a9b8d85771cbe26bc40ded2e5a701d665838e0c672fef8e0e694b4cc853e07364915ae39cc68f6bd96ff3dae5e9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libintl-8.dll
Filesize
112KB

MD5
9650b3149085e7df43acad2703b81fd8

SHA1
38d25e33825a67943fb8081a651d854fcdbfdc15

SHA256
34618f63fd89c387019f7c061846d318fa98b52c7d9025de093d442f29d4e87b

SHA512
4f8eff628f279d9d042801837518d501420a9b8d85771cbe26bc40ded2e5a701d665838e0c672fef8e0e694b4cc853e07364915ae39cc68f6bd96ff3dae5e9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libwinpthread-1.dll
Filesize
298KB

MD5
bb0019619d0e3b013018ba6cbfb6185f

SHA1
c23b023ac220283b81d98bbdf5ada3e40ab20e60

SHA256
4dd3c7262580fb8a03813c249b643d81dd0e5b90e883102a33a5a1d62500132e

SHA512
9b2731e63d50b78bf27b680f3ef33b85e68659dadaf9734ccbeb9297370c323e39d13a5b794b705a892203064dad156f6471612cb40415d6d7701347641db0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\libwinpthread-1.dll
Filesize
298KB

MD5
bb0019619d0e3b013018ba6cbfb6185f

SHA1
c23b023ac220283b81d98bbdf5ada3e40ab20e60

SHA256
4dd3c7262580fb8a03813c249b643d81dd0e5b90e883102a33a5a1d62500132e

SHA512
9b2731e63d50b78bf27b680f3ef33b85e68659dadaf9734ccbeb9297370c323e39d13a5b794b705a892203064dad156f6471612cb40415d6d7701347641db0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\zlib1.dll
Filesize
113KB

MD5
cb0577e362e193cad14c3d23c40c30d4

SHA1
65db52c270bc8f1e9435d95456da9f1e45e74fd9

SHA256
9e93a45fb249f32d1aac4e69ce84ceae783782e75148e572fdde3bfe2579121c

SHA512
4c1cc231599e0928ae67d1e3493417b35c6185739795b00da8cad6580a44f56df3769d652f8dd1798e762c11e87904bf0624fe6c2392b2e35fba15160959b32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\msupdate71\zlib1.dll
Filesize
113KB

MD5
cb0577e362e193cad14c3d23c40c30d4

SHA1
65db52c270bc8f1e9435d95456da9f1e45e74fd9

SHA256
9e93a45fb249f32d1aac4e69ce84ceae783782e75148e572fdde3bfe2579121c

SHA512
4c1cc231599e0928ae67d1e3493417b35c6185739795b00da8cad6580a44f56df3769d652f8dd1798e762c11e87904bf0624fe6c2392b2e35fba15160959b32b

Download Submit
memory/4444-133-0x0000000000000000-mapping.dmp

Download
memory/4908-132-0x0000000000000000-mapping.dmp

Download