3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d

Analysis

max time kernel
129s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
02/10/2023, 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe
Size

2.3MB
MD5

3fc592ec91200c7a8015376e483611e9
SHA1

2e1554d364bd23d75d7dbae5b0aa91e0ccc747f2
SHA256

3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d
SHA512

f83d57453f7a632cc4f063160462ba5c3b36806e1c431541d69d552e722f3650ff51ec1838d759acd471f687745b897e8e2508a858f6a7e43fa254baba255ba0
SSDEEP

49152:ufpqiq3bA2IzpP2VY6cpTxau2IYL8CQfQ6dQsm46VyVRr1bCewAxMEo/:ECtId6cBxaFX8CQYeDmHVyRJzwJj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2432	rundll32.exe
2700	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 1556	4076	3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe	69
PID 4076 wrote to memory of 1556	4076	3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe	69
PID 4076 wrote to memory of 1556	4076	3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe	69
PID 1556 wrote to memory of 1772	1556	cmd.exe	71
PID 1556 wrote to memory of 1772	1556	cmd.exe	71
PID 1556 wrote to memory of 1772	1556	cmd.exe	71
PID 1772 wrote to memory of 2432	1772	control.exe	72
PID 1772 wrote to memory of 2432	1772	control.exe	72
PID 1772 wrote to memory of 2432	1772	control.exe	72
PID 2432 wrote to memory of 1108	2432	rundll32.exe	73
PID 2432 wrote to memory of 1108	2432	rundll32.exe	73
PID 1108 wrote to memory of 2700	1108	RunDll32.exe	74
PID 1108 wrote to memory of 2700	1108	RunDll32.exe	74
PID 1108 wrote to memory of 2700	1108	RunDll32.exe	74

C:\Users\Admin\AppData\Local\Temp\3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe
"C:\Users\Admin\AppData\Local\Temp\3e9754997e02af7cce1d0ae32745cdaed2abefaaaf78b1e4e6d3e740dc7a459d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\N1IN.Bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Windows\SysWOW64\control.exe
    COnTrol "C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0N5_.4S"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0N5_.4S"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2432
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0N5_.4S"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1108
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0N5_.4S"
        6⤵
        Loads dropped DLL
        
        PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\N1IN.bat

Filesize
29B

MD5
1a1e63ec4b388f9083e06ffa352dedc8

SHA1
6e3c230303f6575de2df1a94cb9720b9cd441f1a

SHA256
8606c88549459875735b9b96f1352f100531a772d647219f23274e070144a199

SHA512
38875a327a84f7c5dfc65f7c332b66cdebbba82a56f7386138242cc56ca6ed1c4ca0111e2a55971d682f65e6a4cd01d3858ceb64343d1d1092f899d94b181f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0N5_.4S

Filesize
2.2MB

MD5
c14ebfc4fd2307995fc70a4a1726eab9

SHA1
e2cf45a6b3243ed72212ee610db5ff6eebd6c04c

SHA256
579f9539725e5482b161b5c4ff395d5a8b9c20063fec8b7857542a0f30edf870

SHA512
f4ff6c440380ad3643c8a7a1d01174331e9a944b643cf56436580499dd988d0027406f1d53ec9c73debd37954812d465d23f142e4aa85ab842cd41a1c0a1b7fb

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0n5_.4s

Filesize
2.2MB

MD5
c14ebfc4fd2307995fc70a4a1726eab9

SHA1
e2cf45a6b3243ed72212ee610db5ff6eebd6c04c

SHA256
579f9539725e5482b161b5c4ff395d5a8b9c20063fec8b7857542a0f30edf870

SHA512
f4ff6c440380ad3643c8a7a1d01174331e9a944b643cf56436580499dd988d0027406f1d53ec9c73debd37954812d465d23f142e4aa85ab842cd41a1c0a1b7fb

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCEF815B7\TJM0n5_.4s

Filesize
2.2MB

MD5
c14ebfc4fd2307995fc70a4a1726eab9

SHA1
e2cf45a6b3243ed72212ee610db5ff6eebd6c04c

SHA256
579f9539725e5482b161b5c4ff395d5a8b9c20063fec8b7857542a0f30edf870

SHA512
f4ff6c440380ad3643c8a7a1d01174331e9a944b643cf56436580499dd988d0027406f1d53ec9c73debd37954812d465d23f142e4aa85ab842cd41a1c0a1b7fb

Download Submit
memory/2432-9-0x0000000010000000-0x0000000010238000-memory.dmp

Filesize
2.2MB

Download
memory/2432-13-0x00000000049F0000-0x0000000004AEE000-memory.dmp

Filesize
1016KB

Download
memory/2432-14-0x0000000004AF0000-0x0000000004BD5000-memory.dmp

Filesize
916KB

Download
memory/2432-17-0x0000000004AF0000-0x0000000004BD5000-memory.dmp

Filesize
916KB

Download
memory/2432-18-0x0000000004AF0000-0x0000000004BD5000-memory.dmp

Filesize
916KB

Download
memory/2432-8-0x00000000008A0000-0x00000000008A6000-memory.dmp

Filesize
24KB

Download
memory/2700-20-0x0000000004A30000-0x0000000004A36000-memory.dmp

Filesize
24KB

Download
memory/2700-26-0x0000000004B50000-0x0000000004C4E000-memory.dmp

Filesize
1016KB

Download
memory/2700-27-0x0000000004C60000-0x0000000004D45000-memory.dmp

Filesize
916KB

Download
memory/2700-30-0x0000000004C60000-0x0000000004D45000-memory.dmp

Filesize
916KB

Download
memory/2700-31-0x0000000004C60000-0x0000000004D45000-memory.dmp

Filesize
916KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads