be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe
Size

2.2MB
MD5

9cec338a66ec869714104f703a4feeb8
SHA1

98a9ee189816b95c63d5748d427ec9fc9caa3731
SHA256

be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f
SHA512

561019a3242d0cfa28a50259d70324cf7e44c48962e979ffa1f39463c2a0e3a8e234d39e12b0a5b4d8f67b4890f91f3520e0cb20a62dc46ae2e83b6844d21583
SSDEEP

49152:WfkF6N+25wmWWJTIyvmrE79tIZj+JDk5dbKHjINNwJL9lcBeh:W8gh5WWNIc37TIZjgoV2ywJpl3h

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2648	rundll32.exe
2648	rundll32.exe
2648	rundll32.exe
2648	rundll32.exe
1772	rundll32.exe
1772	rundll32.exe
1772	rundll32.exe
1772	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2380	2100	be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe	28
PID 2100 wrote to memory of 2380	2100	be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe	28
PID 2100 wrote to memory of 2380	2100	be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe	28
PID 2100 wrote to memory of 2380	2100	be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe	28
PID 2380 wrote to memory of 2612	2380	cmd.exe	30
PID 2380 wrote to memory of 2612	2380	cmd.exe	30
PID 2380 wrote to memory of 2612	2380	cmd.exe	30
PID 2380 wrote to memory of 2612	2380	cmd.exe	30
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2612 wrote to memory of 2648	2612	control.exe	31
PID 2648 wrote to memory of 2552	2648	rundll32.exe	34
PID 2648 wrote to memory of 2552	2648	rundll32.exe	34
PID 2648 wrote to memory of 2552	2648	rundll32.exe	34
PID 2648 wrote to memory of 2552	2648	rundll32.exe	34
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35
PID 2552 wrote to memory of 1772	2552	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe
"C:\Users\Admin\AppData\Local\Temp\be021e088ea292b1ce720b6bdc06dfe7fa33dd4bd670a6c404dd5b0146a7c36f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\Y7TO04.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Windows\SysWOW64\control.exe
    coNTRoL.Exe "C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\H6GD.A3"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\H6GD.A3"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\H6GD.A3"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\H6GD.A3"
        6⤵
        Loads dropped DLL
        
        PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\H6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\Y7To04.bat

Filesize
30B

MD5
1190c9d9d74d2f3e5ff58b7c498a123c

SHA1
19e1952c1e8d6839d9d4a8d10ea62c09dfda2a41

SHA256
72aaf2510a52b8d38e2632b24c37ce0f3db0fbd5ed619bb514221669e0ca2339

SHA512
eb78a24f80083f05ce74faf40587e9e2e753ef145dc0f86a656b5244bcb29d46e6cd2f9777528c3d32f4ccf5f3242fd09ebf9d4e6589ff8f3b560be63717f1c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS438FAC16\Y7To04.bat

Filesize
30B

MD5
1190c9d9d74d2f3e5ff58b7c498a123c

SHA1
19e1952c1e8d6839d9d4a8d10ea62c09dfda2a41

SHA256
72aaf2510a52b8d38e2632b24c37ce0f3db0fbd5ed619bb514221669e0ca2339

SHA512
eb78a24f80083f05ce74faf40587e9e2e753ef145dc0f86a656b5244bcb29d46e6cd2f9777528c3d32f4ccf5f3242fd09ebf9d4e6589ff8f3b560be63717f1c5

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
\Users\Admin\AppData\Local\Temp\7zS438FAC16\h6GD.A3

Filesize
2.3MB

MD5
be497c014fa4902db2363e3a181c3132

SHA1
64498d966d0f624526f50afee22839738224c1fb

SHA256
4550dbbc6ed9a08b882033ef6a7a2c11c0d638b77bfa8de841d2081099fb9ef3

SHA512
43102efdc5f6836c58bb743ccf49105d8851b94dc9a98992ba774318617793733d004b881363c76a897a9e4f4c8dc435ab0affb37c2f860bfcf359d45996c879

Download Submit
memory/1772-33-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/1772-38-0x0000000001E40000-0x0000000001F59000-memory.dmp

Filesize
1.1MB

Download
memory/1772-39-0x0000000002310000-0x000000000240C000-memory.dmp

Filesize
1008KB

Download
memory/1772-42-0x0000000002310000-0x000000000240C000-memory.dmp

Filesize
1008KB

Download
memory/1772-43-0x0000000002310000-0x000000000240C000-memory.dmp

Filesize
1008KB

Download
memory/2648-23-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2648-26-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2648-27-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2648-22-0x00000000026D0000-0x00000000027E9000-memory.dmp

Filesize
1.1MB

Download
memory/2648-18-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/2648-16-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads