499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe
Size

2.9MB
MD5

bb7cef663dc9f517ac353f0d05963fef
SHA1

306f7017624db7b982f90a25b149ad9daffd55d8
SHA256

499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3
SHA512

7d784bc3ce819a7592adb832c88dd7b81472ab63a35b142e9f0860d27de9d71f96aebfcb9ee9d031fa085eab1da3921c91dfb6adfa3fa1a26aa5ca8f65a02221
SSDEEP

49152:WfFS+8z8pouO6iHIn9ImkLqu8g+dxRRWwJb4gU0g9OCC6BW7aSHkH:WdSzz8pHziHInumkLf8TDRWwN7UZU7af

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3288	rundll32.exe
212	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 3916	3556	499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe	86
PID 3556 wrote to memory of 3916	3556	499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe	86
PID 3556 wrote to memory of 3916	3556	499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe	86
PID 3916 wrote to memory of 636	3916	cmd.exe	88
PID 3916 wrote to memory of 636	3916	cmd.exe	88
PID 3916 wrote to memory of 636	3916	cmd.exe	88
PID 636 wrote to memory of 3288	636	control.exe	89
PID 636 wrote to memory of 3288	636	control.exe	89
PID 636 wrote to memory of 3288	636	control.exe	89
PID 3288 wrote to memory of 1776	3288	rundll32.exe	94
PID 3288 wrote to memory of 1776	3288	rundll32.exe	94
PID 1776 wrote to memory of 212	1776	RunDll32.exe	95
PID 1776 wrote to memory of 212	1776	RunDll32.exe	95
PID 1776 wrote to memory of 212	1776	RunDll32.exe	95

C:\Users\Admin\AppData\Local\Temp\499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe
"C:\Users\Admin\AppData\Local\Temp\499a8a51291f032d31b8817128ada90399eab0aed5460e4f639c6de61659aec3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\~yJD4e.baT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Windows\SysWOW64\control.exe
    ControL "C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUI3.RU"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:636
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUI3.RU"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3288
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUI3.RU"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1776
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUI3.RU"
        6⤵
        Loads dropped DLL
        
        PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUI3.RU

Filesize
2.9MB

MD5
d6b0ef7a9163b1a360be93161928bc9f

SHA1
d81c2b28e37cf5afe18b2c6a6b2e48f608ff6e94

SHA256
79a10d4f8e899135af70a30cc17183cb99026317f7a45b883168a095e1d3a963

SHA512
ff70f6427e516e4df3187fe21c638caea59b0c17b944ac060cfed0999ec28ee3683f1c9a15f357ec78809432cbb7695b84b64d1d8c119cc4d94797ab5a528003

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUi3.Ru

Filesize
2.9MB

MD5
d6b0ef7a9163b1a360be93161928bc9f

SHA1
d81c2b28e37cf5afe18b2c6a6b2e48f608ff6e94

SHA256
79a10d4f8e899135af70a30cc17183cb99026317f7a45b883168a095e1d3a963

SHA512
ff70f6427e516e4df3187fe21c638caea59b0c17b944ac060cfed0999ec28ee3683f1c9a15f357ec78809432cbb7695b84b64d1d8c119cc4d94797ab5a528003

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\PLnUi3.Ru

Filesize
2.9MB

MD5
d6b0ef7a9163b1a360be93161928bc9f

SHA1
d81c2b28e37cf5afe18b2c6a6b2e48f608ff6e94

SHA256
79a10d4f8e899135af70a30cc17183cb99026317f7a45b883168a095e1d3a963

SHA512
ff70f6427e516e4df3187fe21c638caea59b0c17b944ac060cfed0999ec28ee3683f1c9a15f357ec78809432cbb7695b84b64d1d8c119cc4d94797ab5a528003

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4ED13257\~yJD4e.bat

Filesize
24B

MD5
5b2e7ae14876803ce52cab49132d3eb2

SHA1
5e582785f2f11471f1f023eb0e6ecc96e68e8ff2

SHA256
ee93e9abe21e57f275eaab3683f18a23e1dba75b888d8909c14a8acaf4e99e0e

SHA512
209d94eaf56d1f5670b2dde7000ca99226aeeed94ea65c98c7d824e4797a6f52f77cbef1d83ed73892efcba961e50474fd497d9e7d36d3c32232d762d95231c2

Download Submit
memory/212-26-0x0000000002920000-0x0000000002A26000-memory.dmp

Filesize
1.0MB

Download
memory/212-25-0x0000000002920000-0x0000000002A26000-memory.dmp

Filesize
1.0MB

Download
memory/212-23-0x0000000002920000-0x0000000002A26000-memory.dmp

Filesize
1.0MB

Download
memory/212-21-0x00000000027F0000-0x0000000002911000-memory.dmp

Filesize
1.1MB

Download
memory/212-19-0x0000000000690000-0x0000000000696000-memory.dmp

Filesize
24KB

Download
memory/3288-9-0x0000000010000000-0x00000000102E6000-memory.dmp

Filesize
2.9MB

Download
memory/3288-16-0x0000000002E90000-0x0000000002F96000-memory.dmp

Filesize
1.0MB

Download
memory/3288-15-0x0000000002E90000-0x0000000002F96000-memory.dmp

Filesize
1.0MB

Download
memory/3288-13-0x0000000002E90000-0x0000000002F96000-memory.dmp

Filesize
1.0MB

Download
memory/3288-12-0x0000000002E90000-0x0000000002F96000-memory.dmp

Filesize
1.0MB

Download
memory/3288-11-0x0000000002D60000-0x0000000002E81000-memory.dmp

Filesize
1.1MB

Download
memory/3288-8-0x0000000000CF0000-0x0000000000CF6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads