8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140

Analysis

max time kernel
147s
max time network
58s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20/03/2023, 20:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe
Size

2.5MB
MD5

1b3cf10bc708e142ca79d1a3dba5796a
SHA1

b34d5fa06148fb07a236f6ba313c40822fee3f4d
SHA256

8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140
SHA512

ab7872311ff647c57bd9829f3963c42806fec6ac8578595c308c9db11a8f1956f8356d5388ac6b468b079ba5b8f1431a9ea8aaa60bf387a50228276407427b8c
SSDEEP

49152:7NS7P4FpGyIBlz8BkBXFoeK6t5jf8E48T5b/7qXhGrMdM+9wwatv:7N44fBkBVo76t5Drt5qXA8ML

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2980	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2980	2476	8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe	66
PID 2476 wrote to memory of 2980	2476	8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe	66
PID 2476 wrote to memory of 2980	2476	8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe	66

C:\Users\Admin\AppData\Local\Temp\8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe
"C:\Users\Admin\AppData\Local\Temp\8056a2d17b2f97c3a5f8c4ffa1e67fbf9e320500c51b68cede3f6db6d6326140.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Defftihu.dll,start
  2⤵
  - Loads dropped DLL
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Defftihu.dll

Filesize
3.1MB

MD5
e31a2fadf39304554a7c52c204aa2a7a

SHA1
014cab3a62fe1e7fd92a56c61369e7a6f39624c7

SHA256
cb5fc3f2c06211f7120cacdac0e6a0a26e7e141f9673291b074681891bda6217

SHA512
67d01a332eba6620eb272ff46ed3c6a211d618126ac43037d96b7cc06fcb5fdbc860336f5ae0a07ac9d0c5ca1ad06d3558eba5a5b1ae0be98143606093a2b335

Download Submit
\Users\Admin\AppData\Local\Temp\Defftihu.dll

Filesize
3.1MB

MD5
e31a2fadf39304554a7c52c204aa2a7a

SHA1
014cab3a62fe1e7fd92a56c61369e7a6f39624c7

SHA256
cb5fc3f2c06211f7120cacdac0e6a0a26e7e141f9673291b074681891bda6217

SHA512
67d01a332eba6620eb272ff46ed3c6a211d618126ac43037d96b7cc06fcb5fdbc860336f5ae0a07ac9d0c5ca1ad06d3558eba5a5b1ae0be98143606093a2b335

Download Submit
memory/2476-119-0x0000000002840000-0x0000000002B70000-memory.dmp

Filesize
3.2MB

Download
memory/2476-121-0x0000000000400000-0x000000000073C000-memory.dmp

Filesize
3.2MB

Download
memory/2980-126-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-125-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-124-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/2980-128-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-129-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-131-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-132-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-133-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-134-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-135-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download
memory/2980-137-0x0000000000400000-0x0000000000732000-memory.dmp

Filesize
3.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads