ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d

Analysis

max time kernel
143s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230831-en
resource tags

arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
submitted
01/10/2023, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe
Size

2.2MB
MD5

f6210edac17498983763a08bbc0e72c9
SHA1

7dc479e46b45f23d16b5aa89e95ce5f23cb082ca
SHA256

ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d
SHA512

b57dad35503485ea31627fde241bf848a8da9b6af74c9750fc0e97d0ed1bd90b350220dbfe3ca9fbd22366330a5c53a04634f561369e0aabdd9ba8668224500d
SSDEEP

49152:mcB6t/yezzmwyxEi7UYzj5qaS7SiBCC4rZaGpEgjWH+CMYVe0Ytm5z:mtzG+icXWrlE4WH+AVhYtmZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4236	rundll32.exe
2252	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 4688	3684	ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe	70
PID 3684 wrote to memory of 4688	3684	ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe	70
PID 3684 wrote to memory of 4688	3684	ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe	70
PID 4688 wrote to memory of 4940	4688	cmd.exe	72
PID 4688 wrote to memory of 4940	4688	cmd.exe	72
PID 4688 wrote to memory of 4940	4688	cmd.exe	72
PID 4940 wrote to memory of 4236	4940	control.exe	73
PID 4940 wrote to memory of 4236	4940	control.exe	73
PID 4940 wrote to memory of 4236	4940	control.exe	73
PID 4236 wrote to memory of 2992	4236	rundll32.exe	74
PID 4236 wrote to memory of 2992	4236	rundll32.exe	74
PID 2992 wrote to memory of 2252	2992	RunDll32.exe	75
PID 2992 wrote to memory of 2252	2992	RunDll32.exe	75
PID 2992 wrote to memory of 2252	2992	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe
"C:\Users\Admin\AppData\Local\Temp\ad79f5f9b16c7a559ec1b0e569d4acc4a8b68e4854c7f3108da011ecfc799b0d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\AG.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4688
- - C:\Windows\SysWOW64\control.exe
    cOnTROL "C:\Users\Admin\AppData\Local\Temp\7zS46E37587\JeQItD1.DCC"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4940
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS46E37587\JeQItD1.DCC"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4236
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS46E37587\JeQItD1.DCC"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2992
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS46E37587\JeQItD1.DCC"
        6⤵
        Loads dropped DLL
        
        PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS46E37587\JeQItD1.DCC

Filesize
2.2MB

MD5
5e564af5707a2274bee50caab507952d

SHA1
0cdbd1aae87676bbfefbe11f388431416eb7150e

SHA256
b788f0ab770f5bf11f9f12cd7c9bb9e9e2344e727161c09caecf1c4e454e17e3

SHA512
e533578e72e99d8968720cb8f8a5bd6033a47483e98c758e965b687017cc7fd3e7ace47b4e832979ae70fcbaed5fd8b545a3590a730446b78f83e340acea93bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS46E37587\aG.cmd

Filesize
28B

MD5
eb0b4555b9c46837545500f0485f3157

SHA1
88985ee66798515388fe30168d4d67e44e1f9eb7

SHA256
7f06f4554121b089cbb80341d9e9a67c85346abb467843b6def8906de44b4916

SHA512
f3d51ca8bf907a0d8b2c74c21138fc03c0a3c1221d762801260a99a41cb75cf3a88c41e09fc86168a70a4b14eee22fb163a61bc7ec87fa6d08da68e25a6fdbd7

Download Submit
\Users\Admin\AppData\Local\Temp\7zS46E37587\Jeqitd1.dCc

Filesize
2.2MB

MD5
5e564af5707a2274bee50caab507952d

SHA1
0cdbd1aae87676bbfefbe11f388431416eb7150e

SHA256
b788f0ab770f5bf11f9f12cd7c9bb9e9e2344e727161c09caecf1c4e454e17e3

SHA512
e533578e72e99d8968720cb8f8a5bd6033a47483e98c758e965b687017cc7fd3e7ace47b4e832979ae70fcbaed5fd8b545a3590a730446b78f83e340acea93bc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS46E37587\Jeqitd1.dCc

Filesize
2.2MB

MD5
5e564af5707a2274bee50caab507952d

SHA1
0cdbd1aae87676bbfefbe11f388431416eb7150e

SHA256
b788f0ab770f5bf11f9f12cd7c9bb9e9e2344e727161c09caecf1c4e454e17e3

SHA512
e533578e72e99d8968720cb8f8a5bd6033a47483e98c758e965b687017cc7fd3e7ace47b4e832979ae70fcbaed5fd8b545a3590a730446b78f83e340acea93bc

Download Submit
memory/2252-28-0x00000000056F0000-0x00000000057E3000-memory.dmp

Filesize
972KB

Download
memory/2252-27-0x00000000056F0000-0x00000000057E3000-memory.dmp

Filesize
972KB

Download
memory/2252-24-0x00000000056F0000-0x00000000057E3000-memory.dmp

Filesize
972KB

Download
memory/2252-23-0x00000000055E0000-0x00000000056EB000-memory.dmp

Filesize
1.0MB

Download
memory/2252-20-0x00000000031D0000-0x00000000031D6000-memory.dmp

Filesize
24KB

Download
memory/4236-9-0x0000000010000000-0x0000000010234000-memory.dmp

Filesize
2.2MB

Download
memory/4236-17-0x0000000005660000-0x0000000005753000-memory.dmp

Filesize
972KB

Download
memory/4236-16-0x0000000005660000-0x0000000005753000-memory.dmp

Filesize
972KB

Download
memory/4236-13-0x0000000005660000-0x0000000005753000-memory.dmp

Filesize
972KB

Download
memory/4236-12-0x0000000005550000-0x000000000565B000-memory.dmp

Filesize
1.0MB

Download
memory/4236-8-0x0000000001160000-0x0000000001166000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads