b3965f9c52f577c729450631b121f1dc46e769c62f7128ce4f02e5300ca97302

Analysis

max time kernel
207s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2023 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe
Size

24.5MB
MD5

9b126668d3c443dbfc589ec422d0f4e8
SHA1

619beab9224f99d4ebf1d8a74f8595de7ec439c0
SHA256

b3965f9c52f577c729450631b121f1dc46e769c62f7128ce4f02e5300ca97302
SHA512

94b7d0874b69e68b6ff108df497385ec9892689dfab5dcb3a441857f33d9ed181d9b73f983eb1755755d2195e57a49053a58219dfe2f5fc1237a81acfddc3c2e
SSDEEP

393216:DkmiCKFdu9ORaVNQncGiOTxowhmVytML5kGufmgoe7lHkWdyn:9yKjkTOq+3n

Score

10^/10

upx

Malware Config

Signatures

Detects any file with a triage score of 10 11 IoCs

This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.

Processes:

resource	yara_rule
behavioral2/memory/2276-134-0x0000000000400000-0x0000000001C90000-memory.dmp	triage_score_10
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtCore4.dll	triage_score_10
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtCore4.dll	triage_score_10
behavioral2/memory/3268-192-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/3268-196-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/3268-200-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/2276-210-0x0000000000400000-0x0000000001C90000-memory.dmp	triage_score_10
behavioral2/memory/3268-217-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/3268-221-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/3268-225-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10
behavioral2/memory/3268-229-0x000000006A1C0000-0x000000006A336000-memory.dmp	triage_score_10

Executes dropped EXE 2 IoCs

Processes:

202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exeUpdateWizard.exe

pid process

4464 202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
3268 UpdateWizard.exe
Loads dropped DLL 3 IoCs

Processes:

UpdateWizard.exe

pid process

3268 UpdateWizard.exe
3268 UpdateWizard.exe
3268 UpdateWizard.exe

pid	process
4464	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
3268	UpdateWizard.exe

pid	process
3268	UpdateWizard.exe
3268	UpdateWizard.exe
3268	UpdateWizard.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe	upx
C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe	upx
behavioral2/memory/4464-138-0x0000000000400000-0x0000000000465000-memory.dmp	upx
behavioral2/memory/4464-139-0x0000000000400000-0x0000000000465000-memory.dmp	upx

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
4048	4464	WerFault.exe	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
220	4464	WerFault.exe	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe

pid process

2276 202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe

pid	process
2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe

description	pid	process	target process
PID 2276 wrote to memory of 4464	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
PID 2276 wrote to memory of 4464	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
PID 2276 wrote to memory of 4464	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
PID 4464 wrote to memory of 4048	4464	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe	WerFault.exe
PID 4464 wrote to memory of 4048	4464	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe	WerFault.exe
PID 4464 wrote to memory of 4048	4464	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe	WerFault.exe
PID 2276 wrote to memory of 3268	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	UpdateWizard.exe
PID 2276 wrote to memory of 3268	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	UpdateWizard.exe
PID 2276 wrote to memory of 3268	2276	202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe	UpdateWizard.exe

C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe
"C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 272
3⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 272
3⤵
- Program crash
PID:220

C:\Users\Admin\AppData\Local\Temp\C498.tmp\UpdateWizard.exe
"C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnit.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4464 -ip 4464
1⤵
PID:376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
Filesize
136KB

MD5
4645cb9a7fc2388c4d28e8b2db21d343

SHA1
964518b803a9f92266c011e8a730c09523b811ba

SHA256
3270363a660e42e608df2cfffb69f9129f2738f82e72a17ba0907be7e409cf8c

SHA512
f86ccae6c2db335633bf4023ae9533b8a6bfcfe3788f9ccfca2645df4f830e3a1957dfb759266db007dc8382b76011331dd75169db274bb93159aae03c699bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\202304299b126668d3c443dbfc589ec422d0f4e8icedidmirairamnitmgr.exe
Filesize
136KB

MD5
4645cb9a7fc2388c4d28e8b2db21d343

SHA1
964518b803a9f92266c011e8a730c09523b811ba

SHA256
3270363a660e42e608df2cfffb69f9129f2738f82e72a17ba0907be7e409cf8c

SHA512
f86ccae6c2db335633bf4023ae9533b8a6bfcfe3788f9ccfca2645df4f830e3a1957dfb759266db007dc8382b76011331dd75169db274bb93159aae03c699bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtCore4.dll
Filesize
1.4MB

MD5
8326988db23abf07186e538f16376ae9

SHA1
72c6d89921a9c4ae5054e78147928e6c58294bf6

SHA256
9ec0090edd157562c1478f9ade93bb4c03bb3beb2c8a3c84a981ebcb80b5e451

SHA512
a083d90b40360f9118f45736855a7c0b6586242857c2f1eafc54627edec0bbdb8142493bff9bf74f27dbd361b6656f155b6d145fa7cd88a2aec111387e79be29

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtCore4.dll
Filesize
1.4MB

MD5
8326988db23abf07186e538f16376ae9

SHA1
72c6d89921a9c4ae5054e78147928e6c58294bf6

SHA256
9ec0090edd157562c1478f9ade93bb4c03bb3beb2c8a3c84a981ebcb80b5e451

SHA512
a083d90b40360f9118f45736855a7c0b6586242857c2f1eafc54627edec0bbdb8142493bff9bf74f27dbd361b6656f155b6d145fa7cd88a2aec111387e79be29

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtGui4.dll
Filesize
5.2MB

MD5
29be5d4eb2da45c049eb42d7d6da9236

SHA1
3fe635bb4d125b722eac276b78e804b238d29ca3

SHA256
1581ac53aaca8ffd5b3c748dcb5d1ee0d1020ba41196bc3cb371f29b370a9662

SHA512
6da64b8ca3f209a5cf5ef39c35149415ca838bd74092fd4b44c351c309399e62567794d3f8b93775c86759454fa7c85729bb1ef2cc2ed58645e980dc8dc4bc01

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\QtGui4.dll
Filesize
5.2MB

MD5
29be5d4eb2da45c049eb42d7d6da9236

SHA1
3fe635bb4d125b722eac276b78e804b238d29ca3

SHA256
1581ac53aaca8ffd5b3c748dcb5d1ee0d1020ba41196bc3cb371f29b370a9662

SHA512
6da64b8ca3f209a5cf5ef39c35149415ca838bd74092fd4b44c351c309399e62567794d3f8b93775c86759454fa7c85729bb1ef2cc2ed58645e980dc8dc4bc01

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\UpdateWizard.exe
Filesize
17.4MB

MD5
19b2bb7cefd1460224f5ca14f6d910d6

SHA1
8aa8e2ff17d36fd4d903caf939a38bdd034237e1

SHA256
86ce1b2b0c1e53631cd2206678a6fcf8ebb2996f02cc7d4bc4ea74b4a3a145eb

SHA512
714d2542db5a45588768ebbb5ed41b0a8f045551ec9eb1fd92cb81386e02b77197bc677620b364f6864bc38ff4811420632e607bd6ae95767ee6f96b87c278e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\UpdateWizard.exe
Filesize
17.4MB

MD5
19b2bb7cefd1460224f5ca14f6d910d6

SHA1
8aa8e2ff17d36fd4d903caf939a38bdd034237e1

SHA256
86ce1b2b0c1e53631cd2206678a6fcf8ebb2996f02cc7d4bc4ea74b4a3a145eb

SHA512
714d2542db5a45588768ebbb5ed41b0a8f045551ec9eb1fd92cb81386e02b77197bc677620b364f6864bc38ff4811420632e607bd6ae95767ee6f96b87c278e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\mingwm10.dll
Filesize
15KB

MD5
04d9ee3ee2ab1a2a5ae9bf91b595a80d

SHA1
55eaa1118d15831b868372c1ae15327dc0773208

SHA256
0acf47d1b635c13308ffecca1c39acd2a3c0338a575e3dab97e97ee1f17df277

SHA512
d41ae647e6ba28d0b9334fc27729a12cce76be5190344f070a16a4194e074cd14902037dd84f4dd2df65e7900373b458ff9f4f2a4a38b6c4a9fc154dc93c96e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\C498.tmp\mingwm10.dll
Filesize
15KB

MD5
04d9ee3ee2ab1a2a5ae9bf91b595a80d

SHA1
55eaa1118d15831b868372c1ae15327dc0773208

SHA256
0acf47d1b635c13308ffecca1c39acd2a3c0338a575e3dab97e97ee1f17df277

SHA512
d41ae647e6ba28d0b9334fc27729a12cce76be5190344f070a16a4194e074cd14902037dd84f4dd2df65e7900373b458ff9f4f2a4a38b6c4a9fc154dc93c96e5

Download Submit
memory/2276-210-0x0000000000400000-0x0000000001C90000-memory.dmp

Filesize
24.6MB

Download
memory/2276-134-0x0000000000400000-0x0000000001C90000-memory.dmp

Filesize
24.6MB

Download
memory/3268-192-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-222-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-190-0x0000000000400000-0x0000000001561000-memory.dmp

Filesize
17.4MB

Download
memory/3268-191-0x000000006FBC0000-0x000000006FBC8000-memory.dmp

Filesize
32KB

Download
memory/3268-230-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-193-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-196-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-197-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-200-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-201-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-205-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-229-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-214-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-217-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-218-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-221-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/3268-226-0x0000000067700000-0x0000000067C33000-memory.dmp

Filesize
5.2MB

Download
memory/3268-225-0x000000006A1C0000-0x000000006A336000-memory.dmp

Filesize
1.5MB

Download
memory/4464-140-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/4464-138-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4464-139-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download