4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe
Size

2.3MB
MD5

5c429bdc543866dd0ebc854e19d71f2c
SHA1

56584944a8c21c307330666a29bb5376def25492
SHA256

4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a
SHA512

a21d80ec80f0ac9a81dc9ec878804d409be1a4680fb73981328f15bd3f3b52269cc52638d25c28e55b92353b4acd02900b5dfb102d85f28e46b5cc298b3ab199
SSDEEP

49152:mcBveFyw7g9faINZ2GxKwRpL8YWAuO51GBE6BS7llBM6:mzEf3n2GMWpU85B6Byu6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3800	rundll32.exe
2368	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2224	884	4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe	88
PID 884 wrote to memory of 2224	884	4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe	88
PID 884 wrote to memory of 2224	884	4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe	88
PID 2224 wrote to memory of 1936	2224	cmd.exe	90
PID 2224 wrote to memory of 1936	2224	cmd.exe	90
PID 2224 wrote to memory of 1936	2224	cmd.exe	90
PID 1936 wrote to memory of 3800	1936	control.exe	93
PID 1936 wrote to memory of 3800	1936	control.exe	93
PID 1936 wrote to memory of 3800	1936	control.exe	93
PID 3800 wrote to memory of 716	3800	rundll32.exe	94
PID 3800 wrote to memory of 716	3800	rundll32.exe	94
PID 716 wrote to memory of 2368	716	RunDll32.exe	95
PID 716 wrote to memory of 2368	716	RunDll32.exe	95
PID 716 wrote to memory of 2368	716	RunDll32.exe	95

C:\Users\Admin\AppData\Local\Temp\4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe
"C:\Users\Admin\AppData\Local\Temp\4f9286a863cd5ba1e7249a4a142a60835c6a1d5c60f040fe9557ed0a488f681a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\D.cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Windows\SysWOW64\control.exe
    cONTRoL.eXE "C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbS.OP9"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbS.OP9"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3800
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbS.OP9"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:716
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbS.OP9"
        6⤵
        Loads dropped DLL
        
        PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS473C3828\D.cmd

Filesize
33B

MD5
179ded223c9119eda154d4838d9c4796

SHA1
e063e31300eb328da6552bc1448ea334d98142ec

SHA256
3aba80a25df261cb7204d91fcd3d2d1298a7ba755623cf2e4cfe42cbb927ad3c

SHA512
96757f31e5d831b21e95bc0d0e5889bdc51fda14ca249c94b4578ef6bc1698bc98245d705f51f6ec493d93c4f07302c3fd6cecd0ab4da3c6f5ed8bfd0e21c0b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbS.OP9

Filesize
2.2MB

MD5
743d6225ac1770bf4e0e044e64acc14b

SHA1
7249ff9677abc14be5905622bdb884fa4b4c31dc

SHA256
9f1cc33e124449210f69d6cbb4bc3313e24aa6409cfa8112cb3d73b8bf63b3d4

SHA512
1bddbcdec8a96c8ccc9eaff5ca5c0461473a82ed273af3b0d57701d269eb9cb03504a846d4ffebdf77a71b0695f31f1576dd068b3bf422e5e50851e45b4a23a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbs.oP9

Filesize
2.2MB

MD5
743d6225ac1770bf4e0e044e64acc14b

SHA1
7249ff9677abc14be5905622bdb884fa4b4c31dc

SHA256
9f1cc33e124449210f69d6cbb4bc3313e24aa6409cfa8112cb3d73b8bf63b3d4

SHA512
1bddbcdec8a96c8ccc9eaff5ca5c0461473a82ed273af3b0d57701d269eb9cb03504a846d4ffebdf77a71b0695f31f1576dd068b3bf422e5e50851e45b4a23a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS473C3828\IzEbs.oP9

Filesize
2.2MB

MD5
743d6225ac1770bf4e0e044e64acc14b

SHA1
7249ff9677abc14be5905622bdb884fa4b4c31dc

SHA256
9f1cc33e124449210f69d6cbb4bc3313e24aa6409cfa8112cb3d73b8bf63b3d4

SHA512
1bddbcdec8a96c8ccc9eaff5ca5c0461473a82ed273af3b0d57701d269eb9cb03504a846d4ffebdf77a71b0695f31f1576dd068b3bf422e5e50851e45b4a23a7

Download Submit
memory/2368-26-0x0000000003700000-0x00000000037EA000-memory.dmp

Filesize
936KB

Download
memory/2368-25-0x0000000003700000-0x00000000037EA000-memory.dmp

Filesize
936KB

Download
memory/2368-22-0x0000000003700000-0x00000000037EA000-memory.dmp

Filesize
936KB

Download
memory/2368-21-0x00000000035E0000-0x00000000036E5000-memory.dmp

Filesize
1.0MB

Download
memory/2368-18-0x0000000003490000-0x0000000003496000-memory.dmp

Filesize
24KB

Download
memory/3800-8-0x0000000000DE0000-0x0000000000DE6000-memory.dmp

Filesize
24KB

Download
memory/3800-16-0x0000000003260000-0x000000000334A000-memory.dmp

Filesize
936KB

Download
memory/3800-15-0x0000000003260000-0x000000000334A000-memory.dmp

Filesize
936KB

Download
memory/3800-12-0x0000000003260000-0x000000000334A000-memory.dmp

Filesize
936KB

Download
memory/3800-11-0x0000000003150000-0x0000000003255000-memory.dmp

Filesize
1.0MB

Download
memory/3800-9-0x0000000010000000-0x000000001023B000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads