fe5cf61d7cf8d5f5f17037526a40a89431f803cd29e586fabc20e54a6e21bdf6

Analysis

max time kernel
123s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 10:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e8850d6ef5a9386dc56c2fff32f79802.exe
Size

2.5MB
MD5

e8850d6ef5a9386dc56c2fff32f79802
SHA1

266bbc7b6c0143f4618fc26a93570fd7edc45efd
SHA256

fe5cf61d7cf8d5f5f17037526a40a89431f803cd29e586fabc20e54a6e21bdf6
SHA512

dc5fb03a865778ce35945a7689a724a4d81b0fd901847a93e313cd3f1e8fc41f7e3fc9a330b2bbf1223f72b322e6666deb8f7ab3a36b98e3ad3793ae9540df71
SSDEEP

49152:mcBUximJrGfDdvguEu4HvJE61HyZRcm8r4f4gyf1JcmGYDo7OlZQ6z1Tph:mBBGfZhFEzxQam88of3clRq1ph

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2968	rundll32.exe
2968	rundll32.exe
2968	rundll32.exe
2968	rundll32.exe
1996	rundll32.exe
1996	rundll32.exe
1996	rundll32.exe
1996	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2372	2980	e8850d6ef5a9386dc56c2fff32f79802.exe	28
PID 2980 wrote to memory of 2372	2980	e8850d6ef5a9386dc56c2fff32f79802.exe	28
PID 2980 wrote to memory of 2372	2980	e8850d6ef5a9386dc56c2fff32f79802.exe	28
PID 2980 wrote to memory of 2372	2980	e8850d6ef5a9386dc56c2fff32f79802.exe	28
PID 2372 wrote to memory of 2056	2372	cmd.exe	30
PID 2372 wrote to memory of 2056	2372	cmd.exe	30
PID 2372 wrote to memory of 2056	2372	cmd.exe	30
PID 2372 wrote to memory of 2056	2372	cmd.exe	30
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2056 wrote to memory of 2968	2056	control.exe	31
PID 2968 wrote to memory of 2576	2968	rundll32.exe	32
PID 2968 wrote to memory of 2576	2968	rundll32.exe	32
PID 2968 wrote to memory of 2576	2968	rundll32.exe	32
PID 2968 wrote to memory of 2576	2968	rundll32.exe	32
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33
PID 2576 wrote to memory of 1996	2576	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\e8850d6ef5a9386dc56c2fff32f79802.exe
"C:\Users\Admin\AppData\Local\Temp\e8850d6ef5a9386dc56c2fff32f79802.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\W6FA7.cmD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Windows\SysWOW64\control.exe
    cOntROL "C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\G.pK0"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\G.pK0"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\G.pK0"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2576
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\G.pK0"
        6⤵
        Loads dropped DLL
        
        PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\G.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\W6fa7.cmd

Filesize
25B

MD5
04d200a387ccc2f7bb0ce4a1e22ec076

SHA1
019176d599563b6ff596ade907679c21a97d037a

SHA256
fa1e3eeadcf63e8489a36c2ea897748cf89474fc650250384d330a112159fe00

SHA512
8eb1abc14619ef245883d1f15804811114a5d117f3a1efd62cd2b674bd65c4f0ffe88fe22698bc88abcd793a6528adfe1875e4ef1d6142bcd8db3d0865e7f73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AB69F66\W6fa7.cmd

Filesize
25B

MD5
04d200a387ccc2f7bb0ce4a1e22ec076

SHA1
019176d599563b6ff596ade907679c21a97d037a

SHA256
fa1e3eeadcf63e8489a36c2ea897748cf89474fc650250384d330a112159fe00

SHA512
8eb1abc14619ef245883d1f15804811114a5d117f3a1efd62cd2b674bd65c4f0ffe88fe22698bc88abcd793a6528adfe1875e4ef1d6142bcd8db3d0865e7f73f

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4AB69F66\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
memory/1996-29-0x00000000001F0000-0x00000000001F6000-memory.dmp

Filesize
24KB

Download
memory/1996-32-0x00000000026E0000-0x00000000027E5000-memory.dmp

Filesize
1.0MB

Download
memory/1996-33-0x00000000027F0000-0x00000000028DA000-memory.dmp

Filesize
936KB

Download
memory/1996-36-0x00000000027F0000-0x00000000028DA000-memory.dmp

Filesize
936KB

Download
memory/1996-37-0x00000000027F0000-0x00000000028DA000-memory.dmp

Filesize
936KB

Download
memory/2968-20-0x00000000025A0000-0x000000000268A000-memory.dmp

Filesize
936KB

Download
memory/2968-23-0x00000000025A0000-0x000000000268A000-memory.dmp

Filesize
936KB

Download
memory/2968-24-0x00000000025A0000-0x000000000268A000-memory.dmp

Filesize
936KB

Download
memory/2968-19-0x0000000002490000-0x0000000002595000-memory.dmp

Filesize
1.0MB

Download
memory/2968-16-0x0000000000140000-0x0000000000146000-memory.dmp

Filesize
24KB

Download
memory/2968-17-0x0000000010000000-0x0000000010274000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads