0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4

Analysis

max time kernel
148s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe
Size

2.3MB
MD5

f7f67ff7f69474748d5c532f12daceb0
SHA1

10cc0ae29b1a08ad2aa71cd80064f7eeea8df129
SHA256

0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4
SHA512

915ed385c2487fce225c7838303ed34eb6c210d942ee53a7e85d453cf4d0587cbcfac13e3b22bfca056f60df4d27cb1e4a8648fffefc782dd6f832d3109db079
SSDEEP

49152:Wff5AoeYmohqk+bRcQvSpxEmbBl52B5BP9Ttl/0vKu8dvF33jDK81pH/DY7yqHWa:WHpm0367vSpxfbfO3PRtl8Cu8L3C81pg

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3616	rundll32.exe
2092	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1772	1936	0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe	87
PID 1936 wrote to memory of 1772	1936	0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe	87
PID 1936 wrote to memory of 1772	1936	0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe	87
PID 1772 wrote to memory of 3604	1772	cmd.exe	90
PID 1772 wrote to memory of 3604	1772	cmd.exe	90
PID 1772 wrote to memory of 3604	1772	cmd.exe	90
PID 3604 wrote to memory of 3616	3604	control.exe	91
PID 3604 wrote to memory of 3616	3604	control.exe	91
PID 3604 wrote to memory of 3616	3604	control.exe	91
PID 3616 wrote to memory of 2716	3616	rundll32.exe	92
PID 3616 wrote to memory of 2716	3616	rundll32.exe	92
PID 2716 wrote to memory of 2092	2716	RunDll32.exe	93
PID 2716 wrote to memory of 2092	2716	RunDll32.exe	93
PID 2716 wrote to memory of 2092	2716	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe
"C:\Users\Admin\AppData\Local\Temp\0e464dc02c26faf2ceda183c9a32c80aa1c1c561df7661a0080149081ef963b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\1nT1X.BaT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\SysWOW64\control.exe
    CoNTRoL "C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvWe8w.nIR"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvWe8w.nIR"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3616
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvWe8w.nIR"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2716
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvWe8w.nIR"
        6⤵
        Loads dropped DLL
        
        PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\1nT1X.bat

Filesize
32B

MD5
be315eeda6a8c6a139b4d67f0c2f9661

SHA1
3a279763fd14abcb75341586bed84bf6702848d5

SHA256
8d799bffc82a536809d9e94b85bee79cbd07328ae40efb2074ffd3b8ccfcd574

SHA512
f05af987d159ca8f6c5d63448f25791fe26996b2e91c9d9118c3588fea321ed9b15e051b01e1e518a68ab9ff9f4946f2f614a2ae942bddd202ea348a72128783

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvWe8w.nIR

Filesize
2.2MB

MD5
c5f4313e6adabe689a936af014f9590e

SHA1
21df24c77becc3ab761875e3bc04e5cda695c257

SHA256
20cb683f3a8de8491c71cb0f91dabf1f8fb8871a668fa572827e2eebf56bef28

SHA512
fa2f8ece4731a3853feab37ef1c311171c3e64ce7ecf173423f57d29cd5343d2aead6069cf296ecb5d67b9e2d2aed287f7513ad5fbb866b23a760788b5576bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvwe8w.nIR

Filesize
2.2MB

MD5
c5f4313e6adabe689a936af014f9590e

SHA1
21df24c77becc3ab761875e3bc04e5cda695c257

SHA256
20cb683f3a8de8491c71cb0f91dabf1f8fb8871a668fa572827e2eebf56bef28

SHA512
fa2f8ece4731a3853feab37ef1c311171c3e64ce7ecf173423f57d29cd5343d2aead6069cf296ecb5d67b9e2d2aed287f7513ad5fbb866b23a760788b5576bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09714DD7\vvwe8w.nIR

Filesize
2.2MB

MD5
c5f4313e6adabe689a936af014f9590e

SHA1
21df24c77becc3ab761875e3bc04e5cda695c257

SHA256
20cb683f3a8de8491c71cb0f91dabf1f8fb8871a668fa572827e2eebf56bef28

SHA512
fa2f8ece4731a3853feab37ef1c311171c3e64ce7ecf173423f57d29cd5343d2aead6069cf296ecb5d67b9e2d2aed287f7513ad5fbb866b23a760788b5576bfd

Download Submit
memory/2092-26-0x0000000002B90000-0x0000000002C7A000-memory.dmp

Filesize
936KB

Download
memory/2092-25-0x0000000002B90000-0x0000000002C7A000-memory.dmp

Filesize
936KB

Download
memory/2092-22-0x0000000002B90000-0x0000000002C7A000-memory.dmp

Filesize
936KB

Download
memory/2092-21-0x0000000002A80000-0x0000000002B85000-memory.dmp

Filesize
1.0MB

Download
memory/2092-18-0x0000000000930000-0x0000000000936000-memory.dmp

Filesize
24KB

Download
memory/3616-8-0x0000000002A90000-0x0000000002A96000-memory.dmp

Filesize
24KB

Download
memory/3616-16-0x00000000033E0000-0x00000000034CA000-memory.dmp

Filesize
936KB

Download
memory/3616-15-0x00000000033E0000-0x00000000034CA000-memory.dmp

Filesize
936KB

Download
memory/3616-12-0x00000000033E0000-0x00000000034CA000-memory.dmp

Filesize
936KB

Download
memory/3616-11-0x00000000032D0000-0x00000000033D5000-memory.dmp

Filesize
1.0MB

Download
memory/3616-9-0x0000000010000000-0x000000001023B000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads