fe5cf61d7cf8d5f5f17037526a40a89431f803cd29e586fabc20e54a6e21bdf6

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8850d6ef5a9386dc56c2fff32f79802.exe
Size

2.5MB
MD5

e8850d6ef5a9386dc56c2fff32f79802
SHA1

266bbc7b6c0143f4618fc26a93570fd7edc45efd
SHA256

fe5cf61d7cf8d5f5f17037526a40a89431f803cd29e586fabc20e54a6e21bdf6
SHA512

dc5fb03a865778ce35945a7689a724a4d81b0fd901847a93e313cd3f1e8fc41f7e3fc9a330b2bbf1223f72b322e6666deb8f7ab3a36b98e3ad3793ae9540df71
SSDEEP

49152:mcBUximJrGfDdvguEu4HvJE61HyZRcm8r4f4gyf1JcmGYDo7OlZQ6z1Tph:mBBGfZhFEzxQam88of3clRq1ph

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5068	rundll32.exe
2920	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4416	4664	e8850d6ef5a9386dc56c2fff32f79802.exe	86
PID 4664 wrote to memory of 4416	4664	e8850d6ef5a9386dc56c2fff32f79802.exe	86
PID 4664 wrote to memory of 4416	4664	e8850d6ef5a9386dc56c2fff32f79802.exe	86
PID 4416 wrote to memory of 4528	4416	cmd.exe	87
PID 4416 wrote to memory of 4528	4416	cmd.exe	87
PID 4416 wrote to memory of 4528	4416	cmd.exe	87
PID 4528 wrote to memory of 5068	4528	control.exe	89
PID 4528 wrote to memory of 5068	4528	control.exe	89
PID 4528 wrote to memory of 5068	4528	control.exe	89
PID 5068 wrote to memory of 3348	5068	rundll32.exe	92
PID 5068 wrote to memory of 3348	5068	rundll32.exe	92
PID 3348 wrote to memory of 2920	3348	RunDll32.exe	93
PID 3348 wrote to memory of 2920	3348	RunDll32.exe	93
PID 3348 wrote to memory of 2920	3348	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\e8850d6ef5a9386dc56c2fff32f79802.exe
"C:\Users\Admin\AppData\Local\Temp\e8850d6ef5a9386dc56c2fff32f79802.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\W6FA7.cmD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4416
- - C:\Windows\SysWOW64\control.exe
    cOntROL "C:\Users\Admin\AppData\Local\Temp\7zS832E0857\G.pK0"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4528
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS832E0857\G.pK0"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:5068
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS832E0857\G.pK0"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3348
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS832E0857\G.pK0"
        6⤵
        Loads dropped DLL
        
        PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS832E0857\G.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS832E0857\W6fa7.cmd

Filesize
25B

MD5
04d200a387ccc2f7bb0ce4a1e22ec076

SHA1
019176d599563b6ff596ade907679c21a97d037a

SHA256
fa1e3eeadcf63e8489a36c2ea897748cf89474fc650250384d330a112159fe00

SHA512
8eb1abc14619ef245883d1f15804811114a5d117f3a1efd62cd2b674bd65c4f0ffe88fe22698bc88abcd793a6528adfe1875e4ef1d6142bcd8db3d0865e7f73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS832E0857\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS832E0857\g.pK0

Filesize
2.5MB

MD5
2a057b399033e10e64f1ed887fb519e1

SHA1
8a42e15d9a7a4138371b1539237942ebdbab72fd

SHA256
2bff43e4ca565d4e469cc6c61fb846d955ac2d8aa6171c1ac3a8aa9cb2bf25f3

SHA512
495e1a58fe1eed7304f60d67008aa4a0476f082481a59328d01fd10f11867f5683ce8e6a369999975b3616e80506b13490e867990cfe4704592c4517c2e731f1

Download Submit
memory/2920-26-0x0000000002D40000-0x0000000002E2A000-memory.dmp

Filesize
936KB

Download
memory/2920-25-0x0000000002D40000-0x0000000002E2A000-memory.dmp

Filesize
936KB

Download
memory/2920-22-0x0000000002D40000-0x0000000002E2A000-memory.dmp

Filesize
936KB

Download
memory/2920-21-0x0000000002C30000-0x0000000002D35000-memory.dmp

Filesize
1.0MB

Download
memory/2920-18-0x0000000000B30000-0x0000000000B36000-memory.dmp

Filesize
24KB

Download
memory/5068-9-0x0000000010000000-0x0000000010274000-memory.dmp

Filesize
2.5MB

Download
memory/5068-16-0x0000000002F00000-0x0000000002FEA000-memory.dmp

Filesize
936KB

Download
memory/5068-15-0x0000000002F00000-0x0000000002FEA000-memory.dmp

Filesize
936KB

Download
memory/5068-12-0x0000000002F00000-0x0000000002FEA000-memory.dmp

Filesize
936KB

Download
memory/5068-11-0x0000000002DF0000-0x0000000002EF5000-memory.dmp

Filesize
1.0MB

Download
memory/5068-8-0x0000000000E30000-0x0000000000E36000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads