fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f

Analysis

max time kernel
84s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
06-01-2023 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe
Size

3.7MB
MD5

14787312f0ea4d42b19f81059fae2bac
SHA1

678d81248b3057914df972c47b9dcc77b789c9bc
SHA256

fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f
SHA512

1bf37f81674d8e97d1c7f092572f350a09a9c35dbd49b38ed2abe7fea1edbc4efe75b0e0e1eb6822f7b78d2d71b7bb39bb1cbfccb6b297765b82209d45d3ee84
SSDEEP

98304:7Q6Na8x1h0nAEBq4Ej/L5SViLd6l5KZy4qy9yb:USauhWdq4EP56iR62ZN10

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3796	rundll32.exe
3796	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3796	3668	fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe	66
PID 3668 wrote to memory of 3796	3668	fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe	66
PID 3668 wrote to memory of 3796	3668	fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe	66

C:\Users\Admin\AppData\Local\Temp\fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe
"C:\Users\Admin\AppData\Local\Temp\fa42f6e86a7c3c5cbea6799e374f7eb05c6ebbe618a1499616197da5bc6f437f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll,start
  2⤵
  - Loads dropped DLL
  PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
5c89caae94d426d438854cd101a915a5

SHA1
49f3e393f6c8b78edca1c54fcf6d457e77198f5a

SHA256
6573e399052a9db5580dbebfd53586cd6d1a2910435e1d743e43186e5d2b4ff9

SHA512
630f482df4e19f80d462454196e042e66507a9ebf89ef9ea4e4f43e209d01a7860cd11131b24da08f00a3ef79d3b6ec02a698d738da70925d668a3599b0db06e

Download Submit
\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
5c89caae94d426d438854cd101a915a5

SHA1
49f3e393f6c8b78edca1c54fcf6d457e77198f5a

SHA256
6573e399052a9db5580dbebfd53586cd6d1a2910435e1d743e43186e5d2b4ff9

SHA512
630f482df4e19f80d462454196e042e66507a9ebf89ef9ea4e4f43e209d01a7860cd11131b24da08f00a3ef79d3b6ec02a698d738da70925d668a3599b0db06e

Download Submit
\Users\Admin\AppData\Local\Temp\Rewurtuihyfrtty.dll

Filesize
4.3MB

MD5
5c89caae94d426d438854cd101a915a5

SHA1
49f3e393f6c8b78edca1c54fcf6d457e77198f5a

SHA256
6573e399052a9db5580dbebfd53586cd6d1a2910435e1d743e43186e5d2b4ff9

SHA512
630f482df4e19f80d462454196e042e66507a9ebf89ef9ea4e4f43e209d01a7860cd11131b24da08f00a3ef79d3b6ec02a698d738da70925d668a3599b0db06e

Download Submit
memory/3668-153-0x0000000004FD0000-0x00000000054B0000-memory.dmp

Filesize
4.9MB

Download
memory/3668-175-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-120-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-121-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-122-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-123-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-124-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-125-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-126-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-127-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-128-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-129-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-130-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-131-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-133-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-134-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-135-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-136-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-137-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-138-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-139-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-140-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-141-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-142-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-143-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-144-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-145-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-146-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-147-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-148-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-149-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-150-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-151-0x0000000003630000-0x00000000039C0000-memory.dmp

Filesize
3.6MB

Download
memory/3668-152-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-154-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-118-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-156-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-155-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-119-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-158-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-159-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-160-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-161-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-162-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-163-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-164-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-165-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-166-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-167-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-168-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-169-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download
memory/3668-170-0x0000000003630000-0x00000000039C0000-memory.dmp

Filesize
3.6MB

Download
memory/3668-171-0x0000000004FD0000-0x00000000054B0000-memory.dmp

Filesize
4.9MB

Download
memory/3668-172-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download
memory/3668-157-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3668-181-0x0000000000400000-0x0000000002FAE000-memory.dmp

Filesize
43.7MB

Download
memory/3796-233-0x00000000047E0000-0x0000000004C2F000-memory.dmp

Filesize
4.3MB

Download
memory/3796-176-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-185-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-184-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-177-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-179-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-180-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-174-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-183-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-182-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-178-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-186-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-187-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-188-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-189-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-190-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/3796-227-0x00000000047E0000-0x0000000004C2F000-memory.dmp

Filesize
4.3MB

Download
memory/3796-173-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads