d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01

Analysis

max time kernel
91s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe
Size

2.3MB
MD5

11863043d027103e6c94125743a0f8a8
SHA1

6cda403862e1f32141f781089aa25cc737985127
SHA256

d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01
SHA512

298167decda49aa9381d67996236fd673ecf654b8e855c7cded6ec35ecb3205bb8a70335d2ca3a4be232d8591739f05713b336890533ebc77018d1a69d188979
SSDEEP

49152:mcBaDC+vePnvMxlQSGOA7tQ1P68Oppz9e+n09:mdDC+ve/vMxlQSXA7KNOP4+nS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1288	rundll32.exe
708	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 3968	1140	d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe	87
PID 1140 wrote to memory of 3968	1140	d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe	87
PID 1140 wrote to memory of 3968	1140	d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe	87
PID 3968 wrote to memory of 3992	3968	cmd.exe	89
PID 3968 wrote to memory of 3992	3968	cmd.exe	89
PID 3968 wrote to memory of 3992	3968	cmd.exe	89
PID 3992 wrote to memory of 1288	3992	control.exe	90
PID 3992 wrote to memory of 1288	3992	control.exe	90
PID 3992 wrote to memory of 1288	3992	control.exe	90
PID 1288 wrote to memory of 3300	1288	rundll32.exe	92
PID 1288 wrote to memory of 3300	1288	rundll32.exe	92
PID 3300 wrote to memory of 708	3300	RunDll32.exe	93
PID 3300 wrote to memory of 708	3300	RunDll32.exe	93
PID 3300 wrote to memory of 708	3300	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe
"C:\Users\Admin\AppData\Local\Temp\d4aed1808fa1927f0b9640f1d2ecd150e8c8b9416797f2d044dd0a175a439a01.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\PdMVQf.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Windows\SysWOW64\control.exe
    CoNTRol.EXe "C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3992
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1288
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3300
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1"
        6⤵
        Loads dropped DLL
        
        PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1

Filesize
2.2MB

MD5
5203e4a080a8ccd61ee43dda0f5c18a9

SHA1
bd7a939eabf2525b7c0e7ce02f1437f060da3aea

SHA256
3d1fb42799a637ccadd37cfc1664f28f9251997827f9ea4837157354518bc9d2

SHA512
a3ea4c3541093c1cd0f0907507651685c60fed303af115d8508b17d1597facc9a5748be74d54b738a6b322276a9c581df53d786a630786a99fde9cda9693ee6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1

Filesize
2.2MB

MD5
5203e4a080a8ccd61ee43dda0f5c18a9

SHA1
bd7a939eabf2525b7c0e7ce02f1437f060da3aea

SHA256
3d1fb42799a637ccadd37cfc1664f28f9251997827f9ea4837157354518bc9d2

SHA512
a3ea4c3541093c1cd0f0907507651685c60fed303af115d8508b17d1597facc9a5748be74d54b738a6b322276a9c581df53d786a630786a99fde9cda9693ee6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47459E37\0WO.7Y1

Filesize
2.2MB

MD5
5203e4a080a8ccd61ee43dda0f5c18a9

SHA1
bd7a939eabf2525b7c0e7ce02f1437f060da3aea

SHA256
3d1fb42799a637ccadd37cfc1664f28f9251997827f9ea4837157354518bc9d2

SHA512
a3ea4c3541093c1cd0f0907507651685c60fed303af115d8508b17d1597facc9a5748be74d54b738a6b322276a9c581df53d786a630786a99fde9cda9693ee6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS47459E37\pdmvQf.bat

Filesize
29B

MD5
465f18c914a10c8311530c2f479452ce

SHA1
2fea3c89a32249c6de72377641900d54427878a4

SHA256
f9ae226037cb922036a4a2c8a4855525ef138ce18813926a94c9bce8424cc791

SHA512
d0784e237491c5b883f40810c194e2d83ee5b6ca1c009a58e40fc319f50f0d5b76f3f00a980f29d6ac48976f843215a4c407192ab4652aa8150876436fe4c129

Download Submit
memory/708-26-0x00000000034C0000-0x00000000035AB000-memory.dmp

Filesize
940KB

Download
memory/708-25-0x00000000034C0000-0x00000000035AB000-memory.dmp

Filesize
940KB

Download
memory/708-23-0x00000000034C0000-0x00000000035AB000-memory.dmp

Filesize
940KB

Download
memory/708-21-0x00000000033B0000-0x00000000034B6000-memory.dmp

Filesize
1.0MB

Download
memory/708-19-0x00000000012E0000-0x00000000012E6000-memory.dmp

Filesize
24KB

Download
memory/1288-9-0x0000000010000000-0x000000001023D000-memory.dmp

Filesize
2.2MB

Download
memory/1288-16-0x0000000003210000-0x00000000032FB000-memory.dmp

Filesize
940KB

Download
memory/1288-15-0x0000000003210000-0x00000000032FB000-memory.dmp

Filesize
940KB

Download
memory/1288-12-0x0000000003210000-0x00000000032FB000-memory.dmp

Filesize
940KB

Download
memory/1288-13-0x0000000003210000-0x00000000032FB000-memory.dmp

Filesize
940KB

Download
memory/1288-11-0x0000000003100000-0x0000000003206000-memory.dmp

Filesize
1.0MB

Download
memory/1288-8-0x00000000028D0000-0x00000000028D6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads