a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

Analysis

max time kernel
153s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
Size

980KB
MD5

3956b4edbe6a6ff807f12ae5cbe5c189
SHA1

95717b32165cb18b5da2e5586efdd9ca3f75917f
SHA256

a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452
SHA512

ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c
SSDEEP

12288:uEzxgIsBVdzn7UX6JP4y99/FMHL0vHIxQuivPcwgMw:uEzxgIsBPIXJy90HYAxQbv

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
900	smsc.exe
2040	smsc.exe
1824	smsc.exe
524	smsc.exe
1120	smsc.exe

Loads dropped DLL 10 IoCs

pid	Process
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
900	smsc.exe
900	smsc.exe
2040	smsc.exe
2040	smsc.exe
1824	smsc.exe
1824	smsc.exe
524	smsc.exe
524	smsc.exe

Drops file in System32 directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\smsc.exe	smsc.exe
File created	C:\Windows\SysWOW64\smsc.exe	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
File opened for modification	C:\Windows\SysWOW64\smsc.exe	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
File created	C:\Windows\SysWOW64\smsc.exe	smsc.exe
File created	C:\Windows\SysWOW64\smsc.exe	smsc.exe
File created	C:\Windows\SysWOW64\smsc.exe	smsc.exe
File created	C:\Windows\SysWOW64\smsc.exe	smsc.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
900	smsc.exe
900	smsc.exe
900	smsc.exe
900	smsc.exe
900	smsc.exe
900	smsc.exe
2040	smsc.exe
2040	smsc.exe
2040	smsc.exe
2040	smsc.exe
2040	smsc.exe
2040	smsc.exe
1824	smsc.exe
1824	smsc.exe
1824	smsc.exe
1824	smsc.exe
1824	smsc.exe
1824	smsc.exe
524	smsc.exe
524	smsc.exe
524	smsc.exe
524	smsc.exe
524	smsc.exe
524	smsc.exe
1120	smsc.exe
1120	smsc.exe
1120	smsc.exe
1120	smsc.exe
1120	smsc.exe
1120	smsc.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 900	1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe	28
PID 1552 wrote to memory of 900	1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe	28
PID 1552 wrote to memory of 900	1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe	28
PID 1552 wrote to memory of 900	1552	a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe	28
PID 900 wrote to memory of 2040	900	smsc.exe	29
PID 900 wrote to memory of 2040	900	smsc.exe	29
PID 900 wrote to memory of 2040	900	smsc.exe	29
PID 900 wrote to memory of 2040	900	smsc.exe	29
PID 2040 wrote to memory of 1824	2040	smsc.exe	30
PID 2040 wrote to memory of 1824	2040	smsc.exe	30
PID 2040 wrote to memory of 1824	2040	smsc.exe	30
PID 2040 wrote to memory of 1824	2040	smsc.exe	30
PID 1824 wrote to memory of 524	1824	smsc.exe	31
PID 1824 wrote to memory of 524	1824	smsc.exe	31
PID 1824 wrote to memory of 524	1824	smsc.exe	31
PID 1824 wrote to memory of 524	1824	smsc.exe	31
PID 524 wrote to memory of 1120	524	smsc.exe	32
PID 524 wrote to memory of 1120	524	smsc.exe	32
PID 524 wrote to memory of 1120	524	smsc.exe	32
PID 524 wrote to memory of 1120	524	smsc.exe	32

C:\Users\Admin\AppData\Local\Temp\a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
"C:\Users\Admin\AppData\Local\Temp\a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\smsc.exe
  C:\Windows\system32\smsc.exe -bai C:\Users\Admin\AppData\Local\Temp\a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:900
- - C:\Windows\SysWOW64\smsc.exe
    C:\Windows\system32\smsc.exe -bai C:\Windows\SysWOW64\smsc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Windows\SysWOW64\smsc.exe
      C:\Windows\system32\smsc.exe -bai C:\Windows\SysWOW64\smsc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1824
    - - C:\Windows\SysWOW64\smsc.exe
        
        C:\Windows\system32\smsc.exe -bai C:\Windows\SysWOW64\smsc.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:524
      - C:\Windows\SysWOW64\smsc.exe
        
        C:\Windows\system32\smsc.exe -bai C:\Windows\SysWOW64\smsc.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
C:\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
\Windows\SysWOW64\smsc.exe

Filesize
980KB

MD5
3956b4edbe6a6ff807f12ae5cbe5c189

SHA1
95717b32165cb18b5da2e5586efdd9ca3f75917f

SHA256
a8928e01f20fe5af454b228e7564af7fe4425adc19f2cb6e934faddf77f9a452

SHA512
ec689ae082ef64e3586fa29b08d32270bf61d7fc772c8ce40681f2384ef32ae001e0e7f23d36e996ecf8dc863df1e087bade3aa04017724117945ecd222a485c

Download Submit
memory/524-94-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/524-89-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/524-88-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/900-70-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/900-64-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/900-71-0x0000000002250000-0x0000000002345000-memory.dmp

Filesize
980KB

Download
memory/900-62-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1120-96-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1552-54-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1552-60-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1552-55-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1824-87-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1824-81-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/1824-80-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/2040-73-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/2040-72-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/2040-77-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download