4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe
Size

2.2MB
MD5

dc09132e92e6ff6ecffabcdfe62d2f37
SHA1

d0368699c1618f82983e8e09b859004fc1086e0a
SHA256

4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2
SHA512

d4ed38afc4f3ceb34f15d19e0b4af06b7b07c27327af4ec002eb0c52572c04d49611e70c047c0bc74bd3bc80c02dc7da99c1c4626d5d749f7366b5a06cdff306
SSDEEP

49152:mcBhq86TsWtAlHyFuO6Hlxjksg+K9y74z9utZ8ssFMjXxH0:mEr6ht0lah+KkEpu8F9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2796	rundll32.exe
2476	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 4940	4064	4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe	85
PID 4064 wrote to memory of 4940	4064	4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe	85
PID 4064 wrote to memory of 4940	4064	4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe	85
PID 4940 wrote to memory of 3416	4940	cmd.exe	87
PID 4940 wrote to memory of 3416	4940	cmd.exe	87
PID 4940 wrote to memory of 3416	4940	cmd.exe	87
PID 3416 wrote to memory of 2796	3416	control.exe	89
PID 3416 wrote to memory of 2796	3416	control.exe	89
PID 3416 wrote to memory of 2796	3416	control.exe	89
PID 2796 wrote to memory of 5072	2796	rundll32.exe	92
PID 2796 wrote to memory of 5072	2796	rundll32.exe	92
PID 5072 wrote to memory of 2476	5072	RunDll32.exe	93
PID 5072 wrote to memory of 2476	5072	RunDll32.exe	93
PID 5072 wrote to memory of 2476	5072	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe
"C:\Users\Admin\AppData\Local\Temp\4921c154eed227002e5f5e5d1cab8c5e38ce14250f8bf9a0f52d8ed5bcee56a2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\Y34e9H.CMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4940
- - C:\Windows\SysWOW64\control.exe
    coNTROl.EXE "C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3416
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5072
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2"
        6⤵
        Loads dropped DLL
        
        PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\Y34e9H.cmd

Filesize
24B

MD5
0025f9d83116a145f45081915a0fde12

SHA1
8ba746221b66ccbc6d80431d5292b5136dfa7039

SHA256
5b1d30169ebcfe6a126e4f44938a6fe06119a42cd0e2a44ce1c39dd69c130848

SHA512
1eec8c1d06e1cc363d4b6e0a7c4554ab3e3e07e316ed67de724b034b1acab88f967ea9431d060544f8725636ab25dd9eebb8918057b8d13bb2e0ee07433e05ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2

Filesize
2.2MB

MD5
afff34372883940278dc7bf24c181f63

SHA1
2ac30ddff2a007880eeea7b10e24c9ac284c2b6d

SHA256
5380c3f88146f21030c4c1e33fa197dda9ea53442c8f33ce2a73025a95c6b312

SHA512
8153b654a97d6a525f27b48b8c86dae912dfac0f8e1fdf903f34570ae9bf793af099aa54ea4dec4f783d2af3acde6bc06b50ee8d7fa2a3a52348dba015874330

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2

Filesize
2.2MB

MD5
afff34372883940278dc7bf24c181f63

SHA1
2ac30ddff2a007880eeea7b10e24c9ac284c2b6d

SHA256
5380c3f88146f21030c4c1e33fa197dda9ea53442c8f33ce2a73025a95c6b312

SHA512
8153b654a97d6a525f27b48b8c86dae912dfac0f8e1fdf903f34570ae9bf793af099aa54ea4dec4f783d2af3acde6bc06b50ee8d7fa2a3a52348dba015874330

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0EF9E137\rM3.2

Filesize
2.2MB

MD5
afff34372883940278dc7bf24c181f63

SHA1
2ac30ddff2a007880eeea7b10e24c9ac284c2b6d

SHA256
5380c3f88146f21030c4c1e33fa197dda9ea53442c8f33ce2a73025a95c6b312

SHA512
8153b654a97d6a525f27b48b8c86dae912dfac0f8e1fdf903f34570ae9bf793af099aa54ea4dec4f783d2af3acde6bc06b50ee8d7fa2a3a52348dba015874330

Download Submit
memory/2476-26-0x0000000003550000-0x0000000003643000-memory.dmp

Filesize
972KB

Download
memory/2476-25-0x0000000003550000-0x0000000003643000-memory.dmp

Filesize
972KB

Download
memory/2476-22-0x0000000003550000-0x0000000003643000-memory.dmp

Filesize
972KB

Download
memory/2476-21-0x0000000003430000-0x000000000353B000-memory.dmp

Filesize
1.0MB

Download
memory/2476-19-0x00000000032E0000-0x00000000032E6000-memory.dmp

Filesize
24KB

Download
memory/2796-8-0x0000000010000000-0x0000000010234000-memory.dmp

Filesize
2.2MB

Download
memory/2796-16-0x0000000002E30000-0x0000000002F23000-memory.dmp

Filesize
972KB

Download
memory/2796-15-0x0000000002E30000-0x0000000002F23000-memory.dmp

Filesize
972KB

Download
memory/2796-12-0x0000000002E30000-0x0000000002F23000-memory.dmp

Filesize
972KB

Download
memory/2796-11-0x0000000002D20000-0x0000000002E2B000-memory.dmp

Filesize
1.0MB

Download
memory/2796-9-0x0000000000D70000-0x0000000000D76000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads