8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 13:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe
Size

3.4MB
MD5

6631e82f6138d05acb103a5ede11fdbf
SHA1

70b2dd8542bf2ac6c6bc72316519a3394ae0d971
SHA256

8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143
SHA512

470e9c59bb2fe1122139eb5b4d65c687d26fd5285b9cdf9a5ed27bebed94ec8649fb1abd81e2d953981a1140a445c6f370589bc104394f8ef166f2b7a0d40d04
SSDEEP

98304:VLSNJcnt96agkKcR0t6mxv2MTn5lS6FT8RRfqjHte3:VWcqUR46mxeMTnS2Qfn

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
11	428	rundll32.exe
19	428	rundll32.exe

Loads dropped DLL 2 IoCs

pid	Process
428	rundll32.exe
428	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2308	4612	WerFault.exe	16

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 428	4612	8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe	83
PID 4612 wrote to memory of 428	4612	8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe	83
PID 4612 wrote to memory of 428	4612	8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe	83

C:\Users\Admin\AppData\Local\Temp\8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe
"C:\Users\Admin\AppData\Local\Temp\8223f2b8eb6a25685eab5c00c72e2578999cdc6eef046e87206781db23853143.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll,start
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 460
  2⤵
  - Program crash
  PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4612 -ip 4612
1⤵
PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
2.4MB

MD5
7582efafdb882c1d22925b4bc345b744

SHA1
ad81e55ef8efc5d3128887c6e4af95de05b05ec3

SHA256
b3f80582e657cd84615083c52b2becd2bc0df7f3289c025926656ae8913ff580

SHA512
875ccd35a02225a966af4dd38bf894570f1c518396816e7acba37745e209301576de7110d6a8656063bd3f59dd0c55f40de4a61ad3af89d9b7a82e7372708708

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
2.9MB

MD5
142db07efa9a5eaefae44048381e1681

SHA1
670f477ae0e613855c0feb65e94997d8b2e18c70

SHA256
5a71d4d27fd49af10c3f820a83cd537591a6cde7262672881da4839c6ff4afca

SHA512
45dc1e908787b66ed4784b1383ca0f94e602dc0c70b5c0b3198965df17c84628fcfc12c89d78e2df3bf0b515d3e642b4cba420ee8193ae7c574b0c0c14897e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
2.2MB

MD5
cf0dc25223349f4917acd895d4b5f049

SHA1
35a8f840ea4ee09d55a82720b4891624dd6bad46

SHA256
e6ea8629d2d4f19655c075701a39a3a8b59865b36a7844d0af1874fec9c49a5c

SHA512
2da1efe3338668e2756aa246e5ef1a99b8cb4bf1cf6d0de585baeb156cd8aab8d780cf7ce89c8090b8a5f6eb59d335f86b2ba0c94b88e5117e1d51ca271b5d99

Download Submit
memory/428-143-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-145-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-140-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/428-154-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-142-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-153-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-144-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-139-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-146-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-147-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-148-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-150-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/428-151-0x0000000002000000-0x000000000235B000-memory.dmp

Filesize
3.4MB

Download
memory/4612-134-0x0000000002D70000-0x000000000328B000-memory.dmp

Filesize
5.1MB

Download
memory/4612-141-0x0000000000400000-0x0000000000C35000-memory.dmp

Filesize
8.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads