b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb

Analysis

max time kernel
175s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe
Size

2.0MB
MD5

db61081d5c500dca4db7b750793e8980
SHA1

e5cab7b925ecb4347b2cc43df7ec0ecdeca3acc8
SHA256

b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb
SHA512

d9b6090a0a29ea8f82884645f7cb12c7e188be1070e7e0aacea69c4252649a11b2d6c70e823d71301058462ecf91d934ac802af81ef5f0fc675ad8eee2743fe4
SSDEEP

24576:Xkp1B2qNE2cervjJEMZ1dH2AdbRVZhjNwrrYp55FtgxStUuIxsfLL/LhyJpAw:XkpL2uCGbRVZhjNwSHoTxsfH/Lhu

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
832	_run.exe
1484	_run.tmp
792	spaiivsbv.exe

Loads dropped DLL 7 IoCs

pid	Process
1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe
832	_run.exe
1484	_run.tmp
1484	_run.tmp
1484	_run.tmp
1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe
1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 1664 wrote to memory of 832	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	28
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 832 wrote to memory of 1484	832	_run.exe	29
PID 1664 wrote to memory of 792	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	31
PID 1664 wrote to memory of 792	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	31
PID 1664 wrote to memory of 792	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	31
PID 1664 wrote to memory of 792	1664	b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe	31

C:\Users\Admin\AppData\Local\Temp\b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe
"C:\Users\Admin\AppData\Local\Temp\b55942c651d013c4163dceee488bcf9d0eb55db949bae2e9acdf1b717b2a36bb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\_run.exe
  "_run.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\is-AE8J4.tmp\_run.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-AE8J4.tmp\_run.tmp" /SL5="$70124,516308,140288,C:\Users\Admin\AppData\Local\Temp\_run.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
- C:\Users\Admin\AppData\Roaming\spaiivsbv.exe
  "C:\Users\Admin\AppData\Roaming\spaiivsbv.exe"
  2⤵
  - Executes dropped EXE
  PID:792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_run.exe

Filesize
936KB

MD5
af6f124dd9294006a7dcb87781690ba6

SHA1
a2d6f79be9a46af76cd197437552552af12bafad

SHA256
0de61792bbf1ac39c26087c8f8190b6b95eee2359b64a94b284dbca022c5496b

SHA512
4e835161336d1aece34ace44dbb2b8c65dd5b669f81f6f1f8dee969f08ea38c0a4f50e9d410e69a18314d0ea205c6ea5fe89d70061560daf3738be9abaf05848

Download Submit
C:\Users\Admin\AppData\Local\Temp\_run.exe

Filesize
936KB

MD5
af6f124dd9294006a7dcb87781690ba6

SHA1
a2d6f79be9a46af76cd197437552552af12bafad

SHA256
0de61792bbf1ac39c26087c8f8190b6b95eee2359b64a94b284dbca022c5496b

SHA512
4e835161336d1aece34ace44dbb2b8c65dd5b669f81f6f1f8dee969f08ea38c0a4f50e9d410e69a18314d0ea205c6ea5fe89d70061560daf3738be9abaf05848

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AE8J4.tmp\_run.tmp

Filesize
978KB

MD5
8275aedbc6c673776e3e6f5fe6d3db5a

SHA1
9c7abce3f9fd7c58fa3f73178829c29d2e9903ea

SHA256
e8ff630fec025d77b26f3bc4289c14832afb9d1b81e8745f16bf257d34aab2a3

SHA512
ae30ebb9a01835f96b184fc7e6f8d46b1fe399dcb26db89d5d81be2edcbe793b8cb8e763dcffa56fc20d1d933bcbea5ae15088a20923fd8e2ad6ba3bb73eade4

Download Submit
C:\Users\Admin\AppData\Roaming\spaiivsbv.exe

Filesize
561KB

MD5
32e8fc07631018cba76bcd331ccca990

SHA1
4c58dc1758edcbb7c74e2ec927ab712e300c837a

SHA256
fddf9c90bffdafee550c35bb3c4459f81ea51f1e5ac943d3b0a62db70273e5ce

SHA512
fb26b0a47b869f76eb50a65f759c4c19a5fbae2a9c62e814e7d3fafb5b365c70ce228934ed29d350c291cd8069a57c4b575efc88aabdfe5d6e8666592b7d8ef4

Download Submit
\Users\Admin\AppData\Local\Temp\_run.exe

Filesize
936KB

MD5
af6f124dd9294006a7dcb87781690ba6

SHA1
a2d6f79be9a46af76cd197437552552af12bafad

SHA256
0de61792bbf1ac39c26087c8f8190b6b95eee2359b64a94b284dbca022c5496b

SHA512
4e835161336d1aece34ace44dbb2b8c65dd5b669f81f6f1f8dee969f08ea38c0a4f50e9d410e69a18314d0ea205c6ea5fe89d70061560daf3738be9abaf05848

Download Submit
\Users\Admin\AppData\Local\Temp\is-852QK.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-852QK.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-852QK.tmp\pokergraphics.dll

Filesize
111KB

MD5
b99c95444de7fb1c5516d0929f4fb08d

SHA1
6b08bd74ed8dbabe4a4b35c0a0bf26a89689e096

SHA256
8e40d40fd2e08609e428ebd154b8dab81c46a9bfc7a39cd1f6a96270a4372af7

SHA512
6e494f7871c583975787a0e6946d94dbe12c5fed01d1f7e0f582bb56cbf8704f63652571904fcf75ed53c2426f9597e4db14930e092fdaef7ae092e569a3b364

Download Submit
\Users\Admin\AppData\Local\Temp\is-AE8J4.tmp\_run.tmp

Filesize
978KB

MD5
8275aedbc6c673776e3e6f5fe6d3db5a

SHA1
9c7abce3f9fd7c58fa3f73178829c29d2e9903ea

SHA256
e8ff630fec025d77b26f3bc4289c14832afb9d1b81e8745f16bf257d34aab2a3

SHA512
ae30ebb9a01835f96b184fc7e6f8d46b1fe399dcb26db89d5d81be2edcbe793b8cb8e763dcffa56fc20d1d933bcbea5ae15088a20923fd8e2ad6ba3bb73eade4

Download Submit
\Users\Admin\AppData\Roaming\spaiivsbv.exe

Filesize
561KB

MD5
32e8fc07631018cba76bcd331ccca990

SHA1
4c58dc1758edcbb7c74e2ec927ab712e300c837a

SHA256
fddf9c90bffdafee550c35bb3c4459f81ea51f1e5ac943d3b0a62db70273e5ce

SHA512
fb26b0a47b869f76eb50a65f759c4c19a5fbae2a9c62e814e7d3fafb5b365c70ce228934ed29d350c291cd8069a57c4b575efc88aabdfe5d6e8666592b7d8ef4

Download Submit
\Users\Admin\AppData\Roaming\spaiivsbv.exe

Filesize
561KB

MD5
32e8fc07631018cba76bcd331ccca990

SHA1
4c58dc1758edcbb7c74e2ec927ab712e300c837a

SHA256
fddf9c90bffdafee550c35bb3c4459f81ea51f1e5ac943d3b0a62db70273e5ce

SHA512
fb26b0a47b869f76eb50a65f759c4c19a5fbae2a9c62e814e7d3fafb5b365c70ce228934ed29d350c291cd8069a57c4b575efc88aabdfe5d6e8666592b7d8ef4

Download Submit
memory/792-73-0x0000000000000000-mapping.dmp

Download
memory/832-68-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/832-56-0x0000000000000000-mapping.dmp

Download
memory/832-59-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1484-63-0x0000000000000000-mapping.dmp

Download
memory/1664-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads