b782c99dfe982a9a67a7f4c3f153e44407d57a07d2269e67e2586d4b4c50bf22

Analysis

max time kernel
150s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/05/2023, 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe
Size

3.4MB
MD5

b8178eaf82d4fbfc50b2e160ec5e81b4
SHA1

cc0551d6ff5eb66cff37825895976c8f979425aa
SHA256

ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4
SHA512

577695ac51066cb989c54b798d6718611916211d053cd0b03e926ea399440cc85fa0b75f16df4f506a7564fd86c34b304d21bc17ade93013c0ed6532faee104f
SSDEEP

98304:WRjHbDm4S/2hRd8GS4YmiBnzXREDVoAQK++o7:WR/DmRYkGZKgo37+

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1152	rundll32.exe
1152	rundll32.exe
1152	rundll32.exe
1152	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27
PID 972 wrote to memory of 1152	972	ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe	27

C:\Users\Admin\AppData\Local\Temp\ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe
"C:\Users\Admin\AppData\Local\Temp\ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll,start
  2⤵
  - Loads dropped DLL
  PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
3.3MB

MD5
efd54e7840e6cbb66ff8e43538e3c16d

SHA1
c06a36b1a6e1e83dd845831bfbb8d02b68d78fea

SHA256
c9d1fc88d3f125a1d3ea225bb5231ac9ebaaa81df792d94cd5574bdba8699703

SHA512
da27676045bfe1ca42cae01b560a9e43455f1c423f28f72c10060c4f130515402f2e40b1d7d0eaee2c34496165a7890d2d6bef29b9dd2e7dce460e023be17069

Download Submit
\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
3.3MB

MD5
efd54e7840e6cbb66ff8e43538e3c16d

SHA1
c06a36b1a6e1e83dd845831bfbb8d02b68d78fea

SHA256
c9d1fc88d3f125a1d3ea225bb5231ac9ebaaa81df792d94cd5574bdba8699703

SHA512
da27676045bfe1ca42cae01b560a9e43455f1c423f28f72c10060c4f130515402f2e40b1d7d0eaee2c34496165a7890d2d6bef29b9dd2e7dce460e023be17069

Download Submit
\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
3.3MB

MD5
efd54e7840e6cbb66ff8e43538e3c16d

SHA1
c06a36b1a6e1e83dd845831bfbb8d02b68d78fea

SHA256
c9d1fc88d3f125a1d3ea225bb5231ac9ebaaa81df792d94cd5574bdba8699703

SHA512
da27676045bfe1ca42cae01b560a9e43455f1c423f28f72c10060c4f130515402f2e40b1d7d0eaee2c34496165a7890d2d6bef29b9dd2e7dce460e023be17069

Download Submit
\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
3.3MB

MD5
efd54e7840e6cbb66ff8e43538e3c16d

SHA1
c06a36b1a6e1e83dd845831bfbb8d02b68d78fea

SHA256
c9d1fc88d3f125a1d3ea225bb5231ac9ebaaa81df792d94cd5574bdba8699703

SHA512
da27676045bfe1ca42cae01b560a9e43455f1c423f28f72c10060c4f130515402f2e40b1d7d0eaee2c34496165a7890d2d6bef29b9dd2e7dce460e023be17069

Download Submit
\Users\Admin\AppData\Local\Temp\Eptryroq.dll

Filesize
3.3MB

MD5
efd54e7840e6cbb66ff8e43538e3c16d

SHA1
c06a36b1a6e1e83dd845831bfbb8d02b68d78fea

SHA256
c9d1fc88d3f125a1d3ea225bb5231ac9ebaaa81df792d94cd5574bdba8699703

SHA512
da27676045bfe1ca42cae01b560a9e43455f1c423f28f72c10060c4f130515402f2e40b1d7d0eaee2c34496165a7890d2d6bef29b9dd2e7dce460e023be17069

Download Submit
memory/972-54-0x00000000026A0000-0x00000000029D4000-memory.dmp

Filesize
3.2MB

Download
memory/972-55-0x00000000029E0000-0x0000000002EFB000-memory.dmp

Filesize
5.1MB

Download
memory/972-57-0x0000000000400000-0x0000000000C31000-memory.dmp

Filesize
8.2MB

Download
memory/1152-65-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-64-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/1152-63-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-66-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-67-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-68-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-69-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-71-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-72-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-74-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-76-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download
memory/1152-77-0x0000000001F10000-0x000000000226B000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads