582150ba4379122253eeb2a1a7ace968394ee7e566f0d0d794f6ba7d937037d5

Analysis

max time kernel
86s
max time network
34s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30/06/2023, 12:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

data64_6.exe
Size

1.9MB
MD5

182baf929b35d5d63747617d2007c77a
SHA1

0dfe91ab115ed862b48b1e4006a44e86c33eb772
SHA256

582150ba4379122253eeb2a1a7ace968394ee7e566f0d0d794f6ba7d937037d5
SHA512

55bab5bbec04389f94f297843f7fcb4d71173c8f1f6e5007b6a2eaf5d937f50f9b2d9f61f983c86b20d342a4a4cb6691e23c3a0322575c826d23b55ee61a19f7
SSDEEP

49152:084cMQyRcf9HmjMbS4b08WrjXM6pzM6MGaU9PPIbnllyuA:6cMQyW9GX4MXBGyZPynXyB

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2024	rundll32.exe
2024	rundll32.exe
2024	rundll32.exe
2024	rundll32.exe
1432	rundll32.exe
1432	rundll32.exe
1432	rundll32.exe
1432	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 852	1200	data64_6.exe	28
PID 1200 wrote to memory of 852	1200	data64_6.exe	28
PID 1200 wrote to memory of 852	1200	data64_6.exe	28
PID 1200 wrote to memory of 852	1200	data64_6.exe	28
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 852 wrote to memory of 2024	852	control.exe	29
PID 2024 wrote to memory of 668	2024	rundll32.exe	30
PID 2024 wrote to memory of 668	2024	rundll32.exe	30
PID 2024 wrote to memory of 668	2024	rundll32.exe	30
PID 2024 wrote to memory of 668	2024	rundll32.exe	30
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31
PID 668 wrote to memory of 1432	668	RunDll32.exe	31

C:\Users\Admin\AppData\Local\Temp\data64_6.exe
"C:\Users\Admin\AppData\Local\Temp\data64_6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\vNN6.cpl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\vNN6.cpl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\vNN6.cpl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:668
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\vNN6.cpl",
        5⤵
        Loads dropped DLL
        
        PID:1432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\vNN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
\Users\Admin\AppData\Local\Temp\vnN6.cpl

Filesize
2.4MB

MD5
56c188ca285aee639d71fde9fee3a509

SHA1
a40fd871f035e2b635af266b17023d58f3eb803e

SHA256
5d3bb7982d03ebacf05e59667ef41f8453d321be74245730b99d95023e52956f

SHA512
72b05b5af83c5957db2e7dd9a46e65c27eb8c175efcab6ca7675a7f3832bb1e668b689cc9afbd8400b46ab5d5b0804dc2f837ac9c34e732a3b9e7b0947c624ad

Download Submit
memory/1432-83-0x00000000021B0000-0x0000000002412000-memory.dmp

Filesize
2.4MB

Download
memory/1432-90-0x0000000002420000-0x00000000024DD000-memory.dmp

Filesize
756KB

Download
memory/1432-97-0x00000000029C0000-0x0000000002AFC000-memory.dmp

Filesize
1.2MB

Download
memory/1432-95-0x0000000002B00000-0x0000000002BA8000-memory.dmp

Filesize
672KB

Download
memory/1432-94-0x0000000002B00000-0x0000000002BA8000-memory.dmp

Filesize
672KB

Download
memory/1432-92-0x0000000002B00000-0x0000000002BA8000-memory.dmp

Filesize
672KB

Download
memory/1432-91-0x0000000002B00000-0x0000000002BA8000-memory.dmp

Filesize
672KB

Download
memory/1432-81-0x00000000029C0000-0x0000000002AFC000-memory.dmp

Filesize
1.2MB

Download
memory/1432-80-0x00000000026E0000-0x000000000287B000-memory.dmp

Filesize
1.6MB

Download
memory/1432-79-0x00000000021B0000-0x0000000002412000-memory.dmp

Filesize
2.4MB

Download
memory/2024-63-0x00000000026D0000-0x000000000286B000-memory.dmp

Filesize
1.6MB

Download
memory/2024-64-0x00000000029B0000-0x0000000002AEC000-memory.dmp

Filesize
1.2MB

Download
memory/2024-62-0x00000000022C0000-0x0000000002522000-memory.dmp

Filesize
2.4MB

Download
memory/2024-70-0x0000000002BB0000-0x0000000002C58000-memory.dmp

Filesize
672KB

Download
memory/2024-65-0x00000000022C0000-0x0000000002522000-memory.dmp

Filesize
2.4MB

Download
memory/2024-69-0x0000000002AF0000-0x0000000002BAD000-memory.dmp

Filesize
756KB

Download
memory/2024-74-0x0000000002BB0000-0x0000000002C58000-memory.dmp

Filesize
672KB

Download
memory/2024-73-0x0000000002BB0000-0x0000000002C58000-memory.dmp

Filesize
672KB

Download
memory/2024-71-0x0000000002BB0000-0x0000000002C58000-memory.dmp

Filesize
672KB

Download
memory/2024-99-0x00000000029B0000-0x0000000002AEC000-memory.dmp

Filesize
1.2MB

Download