dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
25/08/2023, 08:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
Size

2.6MB
MD5

298133d0c7993930c9b1e182710d65b4
SHA1

0e9d9df83bd9ff1c5077392ec2939e28fae80152
SHA256

dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6
SHA512

b11af10280928eb33544fce1f6a3edb4b3114225bb20d0a8f4d6a83a9d5ca5d7457509637cf31817608319a778a7221f921185eca6683ba4eaa0a4220d341679
SSDEEP

49152:dlpWTUNJsERkalo0uLTgwEH4s8bZdTW2kcq6Mtqs64YPftmwq:vpWYaERkaLwYVidPOZgdmF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
2868	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2868	2512	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe	28
PID 2512 wrote to memory of 2868	2512	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe	28
PID 2512 wrote to memory of 2868	2512	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe	28
PID 2512 wrote to memory of 2868	2512	dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe	28

C:\Users\Admin\AppData\Local\Temp\dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
"C:\Users\Admin\AppData\Local\Temp\dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- F:\dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe
  "F:\dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

F:\dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6.exe

Filesize
2.6MB

MD5
298133d0c7993930c9b1e182710d65b4

SHA1
0e9d9df83bd9ff1c5077392ec2939e28fae80152

SHA256
dcab1a2e05fabbb38ebbce704e302bfe120c1a3fe7416c617b381e41f0f5cae6

SHA512
b11af10280928eb33544fce1f6a3edb4b3114225bb20d0a8f4d6a83a9d5ca5d7457509637cf31817608319a778a7221f921185eca6683ba4eaa0a4220d341679

Download Submit
memory/2512-0-0x0000000000400000-0x0000000000DC0000-memory.dmp

Filesize
9.8MB

Download
memory/2512-1-0x0000000000DC0000-0x0000000000E1F000-memory.dmp

Filesize
380KB

Download
memory/2512-2-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2512-3-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/2512-4-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2512-5-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/2512-6-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/2512-8-0x0000000003A60000-0x0000000003A61000-memory.dmp

Filesize
4KB

Download
memory/2512-7-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2512-9-0x0000000003A50000-0x0000000003A52000-memory.dmp

Filesize
8KB

Download
memory/2512-10-0x0000000003B10000-0x0000000003C50000-memory.dmp

Filesize
1.2MB

Download
memory/2512-12-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

Filesize
4KB

Download
memory/2512-13-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2512-14-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2512-16-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2512-15-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2512-17-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/2512-19-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2512-18-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/2512-21-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

Filesize
4KB

Download
memory/2512-20-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/2512-23-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

Filesize
4KB

Download
memory/2512-22-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

Filesize
4KB

Download
memory/2512-24-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

Filesize
4KB

Download
memory/2512-26-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

Filesize
4KB

Download
memory/2512-25-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2512-27-0x0000000003C60000-0x0000000003C61000-memory.dmp

Filesize
4KB

Download
memory/2512-28-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/2512-29-0x0000000003C80000-0x0000000003C81000-memory.dmp

Filesize
4KB

Download
memory/2512-30-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/2512-31-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

Filesize
4KB

Download
memory/2512-33-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/2512-32-0x0000000003C90000-0x0000000003C91000-memory.dmp

Filesize
4KB

Download
memory/2512-35-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/2512-34-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

Filesize
4KB

Download
memory/2512-36-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

Filesize
4KB

Download
memory/2512-37-0x0000000003D00000-0x0000000003D01000-memory.dmp

Filesize
4KB

Download
memory/2512-38-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

Filesize
4KB

Download
memory/2512-39-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/2512-41-0x0000000003D70000-0x0000000003D71000-memory.dmp

Filesize
4KB

Download
memory/2512-40-0x0000000003D40000-0x0000000003D41000-memory.dmp

Filesize
4KB

Download
memory/2512-42-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/2512-44-0x0000000003D80000-0x0000000003D81000-memory.dmp

Filesize
4KB

Download
memory/2512-43-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/2512-46-0x0000000004750000-0x0000000004751000-memory.dmp

Filesize
4KB

Download
memory/2512-45-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

Filesize
4KB

Download
memory/2512-48-0x0000000004780000-0x0000000004781000-memory.dmp

Filesize
4KB

Download
memory/2512-47-0x0000000004790000-0x0000000004791000-memory.dmp

Filesize
4KB

Download
memory/2512-50-0x0000000003D50000-0x0000000003D51000-memory.dmp

Filesize
4KB

Download
memory/2512-49-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/2512-51-0x0000000004770000-0x0000000004771000-memory.dmp

Filesize
4KB

Download
memory/2512-52-0x00000000047B0000-0x00000000047B1000-memory.dmp

Filesize
4KB

Download
memory/2512-53-0x00000000047A0000-0x00000000047A1000-memory.dmp

Filesize
4KB

Download
memory/2512-57-0x0000000003B10000-0x0000000003C50000-memory.dmp

Filesize
1.2MB

Download
memory/2512-60-0x0000000004890000-0x0000000004891000-memory.dmp

Filesize
4KB

Download
memory/2512-61-0x0000000000400000-0x0000000000DC0000-memory.dmp

Filesize
9.8MB

Download
memory/2512-59-0x0000000000DC0000-0x0000000000E1F000-memory.dmp

Filesize
380KB

Download
memory/2868-62-0x0000000000400000-0x0000000000DC0000-memory.dmp

Filesize
9.8MB

Download
memory/2868-63-0x00000000025B0000-0x000000000260F000-memory.dmp

Filesize
380KB

Download
memory/2868-64-0x0000000003A60000-0x0000000003A61000-memory.dmp

Filesize
4KB

Download
memory/2868-65-0x0000000003B10000-0x0000000003C50000-memory.dmp

Filesize
1.2MB

Download
memory/2868-66-0x0000000003B10000-0x0000000003C50000-memory.dmp

Filesize
1.2MB

Download
memory/2868-67-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

Filesize
4KB

Download
memory/2868-68-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download