Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-01-2023 04:00

General

  • Target

    74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe

  • Size

    1.1MB

  • MD5

    bffe012c1c5bc14382b3e77f8b1a7b6f

  • SHA1

    136ccb8b56320b739e35ce0da7635f88024d1547

  • SHA256

    74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47

  • SHA512

    76c4c5cb02c4e9d1a87a7791656e540490b27eb5fe9596782c4583aa656e85f99cf5305275432b9c802720501f3529d73f9d1f66957c16a5f7ed0deae6b11015

  • SSDEEP

    24576:Vy8zWKlZWVh/ajb+X/PT7oN9zreGT6d8x36u4m0ms4plRwrGyEJMjxveld:Vy4WEQWjiHXorzreGTg8xumHs4V3sxWz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe
    "C:\Users\Admin\AppData\Local\Temp\74cf397c401b07c80420ecc11b3f6b99fa710a3c530272e5815368bb0f623b47.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Qytyaworpiotpd.tmp",Edoqqdswdffqipe
      2⤵
      • Loads dropped DLL
      PID:2392
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 724
        3⤵
        • Program crash
        PID:4228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Qytyaworpiotpd.tmp

    Filesize

    752KB

    MD5

    710af73b2d7e92d33fac751318c08101

    SHA1

    2208c96a528b1d96e18ae47ab274f303e4099fff

    SHA256

    72021339c18f79141f9867c30616cbbdc517471e44d16bfe81063e5c7dba56c3

    SHA512

    1f19138b8412b871ccf33ec351d28157b6571bc02cb1d338fc4c06bd77e9518bbdb3392d63b9bcdde2bd94746c232f90b4796363f83cecfd49e0470b6495ac1a

  • \Users\Admin\AppData\Local\Temp\Qytyaworpiotpd.tmp

    Filesize

    752KB

    MD5

    710af73b2d7e92d33fac751318c08101

    SHA1

    2208c96a528b1d96e18ae47ab274f303e4099fff

    SHA256

    72021339c18f79141f9867c30616cbbdc517471e44d16bfe81063e5c7dba56c3

    SHA512

    1f19138b8412b871ccf33ec351d28157b6571bc02cb1d338fc4c06bd77e9518bbdb3392d63b9bcdde2bd94746c232f90b4796363f83cecfd49e0470b6495ac1a

  • memory/2392-179-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-167-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-166-0x0000000000000000-mapping.dmp

  • memory/2392-187-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-186-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-185-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-184-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-183-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-182-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-177-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-188-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-189-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-181-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-176-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-175-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-174-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-173-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-172-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-171-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-170-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-169-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-168-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/2392-178-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-137-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-143-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-148-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-149-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-150-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-151-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-152-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-153-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-154-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-155-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-156-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-157-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-158-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-159-0x0000000000400000-0x0000000002C7C000-memory.dmp

    Filesize

    40.5MB

  • memory/4876-160-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-161-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-162-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-163-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-164-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-165-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-147-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-144-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-145-0x0000000004860000-0x000000000494C000-memory.dmp

    Filesize

    944KB

  • memory/4876-146-0x0000000004980000-0x0000000004AA0000-memory.dmp

    Filesize

    1.1MB

  • memory/4876-142-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-140-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-139-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-138-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-120-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-136-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-135-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-134-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-133-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-132-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-180-0x0000000000400000-0x0000000002C7C000-memory.dmp

    Filesize

    40.5MB

  • memory/4876-131-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-130-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-129-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-128-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-127-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-126-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-125-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-124-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-123-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-122-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

  • memory/4876-121-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB