31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe
Size

2.2MB
MD5

befdb5589755f172a0c43ebd949f661c
SHA1

2e99014eb8910440cbb3f4332f1d7dc8e143d6bf
SHA256

31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf
SHA512

cf3628c864602664f0934cd26d3806cbcd5fa9075fa8bd020d164c0c16685a11e02101c2535a3c209eef787e45c22c731c5e67b7facb7eed1e1c2e6cd19686c9
SSDEEP

49152:B8sV48UN2ZzNLaeIuy2ZPZ2T6yraENw2wWplvm8f2X5vWraLaMA:B8C4HNQLnIuy2WXt2QlvZ8L5A

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3176	rundll32.exe
5076	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 876	4992	31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe	89
PID 4992 wrote to memory of 876	4992	31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe	89
PID 4992 wrote to memory of 876	4992	31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe	89
PID 876 wrote to memory of 2280	876	cmd.exe	91
PID 876 wrote to memory of 2280	876	cmd.exe	91
PID 876 wrote to memory of 2280	876	cmd.exe	91
PID 2280 wrote to memory of 3176	2280	control.exe	93
PID 2280 wrote to memory of 3176	2280	control.exe	93
PID 2280 wrote to memory of 3176	2280	control.exe	93
PID 3176 wrote to memory of 4132	3176	rundll32.exe	98
PID 3176 wrote to memory of 4132	3176	rundll32.exe	98
PID 4132 wrote to memory of 5076	4132	RunDll32.exe	99
PID 4132 wrote to memory of 5076	4132	RunDll32.exe	99
PID 4132 wrote to memory of 5076	4132	RunDll32.exe	99

C:\Users\Admin\AppData\Local\Temp\31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe
"C:\Users\Admin\AppData\Local\Temp\31a74460f83676d1f8449f856e3bc31646c7c669c9fc2ecd2aa323e1158a31cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\PJR.CMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Windows\SysWOW64\control.exe
    ConTrOL.Exe "C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.V"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.V"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3176
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.V"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4132
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.V"
        6⤵
        Loads dropped DLL
        
        PID:5076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS08335187\PJR.cmd

Filesize
23B

MD5
1ccdd411bd9105033753d7a935359ced

SHA1
5614d14a3985744b7748b28612bbd1db6c502609

SHA256
637c63b38894760e4df1ea0fc85326d7438676e2b34b4eb23db437c5e7bc8ae4

SHA512
c129ba767c16b6c7aa0a8ca51ccfcb654067eab050369527754183dc2a4e78f1e0d6c8b7eceee5a79a97f692b088cdc0331588c914d876a1ef52c365f2a3066c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.V

Filesize
2.2MB

MD5
43e0b233d749107ae1d6d21cbd1e5cd8

SHA1
a2253e74a983ff1deca77566ae971417f0595947

SHA256
17a6bd66a6ed2600d270468ec500cc54236b813eefe691acd63e09f8e91418ad

SHA512
eb8514d1ce3c32f66e9d75be54b1cb753bce684a42cebac0ac8667aa8a0f0d18c75774e6b4ea7a6cc2aa2e5e8ef482547e2d4f9fd07854f737e632bc82872279

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.v

Filesize
2.2MB

MD5
43e0b233d749107ae1d6d21cbd1e5cd8

SHA1
a2253e74a983ff1deca77566ae971417f0595947

SHA256
17a6bd66a6ed2600d270468ec500cc54236b813eefe691acd63e09f8e91418ad

SHA512
eb8514d1ce3c32f66e9d75be54b1cb753bce684a42cebac0ac8667aa8a0f0d18c75774e6b4ea7a6cc2aa2e5e8ef482547e2d4f9fd07854f737e632bc82872279

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS08335187\dE.v

Filesize
2.2MB

MD5
43e0b233d749107ae1d6d21cbd1e5cd8

SHA1
a2253e74a983ff1deca77566ae971417f0595947

SHA256
17a6bd66a6ed2600d270468ec500cc54236b813eefe691acd63e09f8e91418ad

SHA512
eb8514d1ce3c32f66e9d75be54b1cb753bce684a42cebac0ac8667aa8a0f0d18c75774e6b4ea7a6cc2aa2e5e8ef482547e2d4f9fd07854f737e632bc82872279

Download Submit
memory/3176-15-0x0000000002880000-0x0000000002986000-memory.dmp

Filesize
1.0MB

Download
memory/3176-11-0x0000000002750000-0x0000000002871000-memory.dmp

Filesize
1.1MB

Download
memory/3176-12-0x0000000002880000-0x0000000002986000-memory.dmp

Filesize
1.0MB

Download
memory/3176-13-0x0000000002880000-0x0000000002986000-memory.dmp

Filesize
1.0MB

Download
memory/3176-9-0x0000000010000000-0x0000000010240000-memory.dmp

Filesize
2.2MB

Download
memory/3176-16-0x0000000002880000-0x0000000002986000-memory.dmp

Filesize
1.0MB

Download
memory/3176-8-0x0000000000680000-0x0000000000686000-memory.dmp

Filesize
24KB

Download
memory/5076-18-0x00000000020B0000-0x00000000020B6000-memory.dmp

Filesize
24KB

Download
memory/5076-21-0x0000000002780000-0x00000000028A1000-memory.dmp

Filesize
1.1MB

Download
memory/5076-23-0x00000000028B0000-0x00000000029B6000-memory.dmp

Filesize
1.0MB

Download
memory/5076-25-0x00000000028B0000-0x00000000029B6000-memory.dmp

Filesize
1.0MB

Download
memory/5076-26-0x00000000028B0000-0x00000000029B6000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads