4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466

Analysis

max time kernel
305s
max time network
321s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06/10/2023, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe
Size

2.2MB
MD5

612066700e7e1fa397a2e11cfd80257c
SHA1

2cb5e2284114c05ea84fd9514a4e86c0eb33cc27
SHA256

4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466
SHA512

6fc38a78c333077290e07989fd47bb4dbda8ec3d0ccd729629df54a2198ebc6e74c21d572ace9f5daec611a0d995b74142519c16cef1fbe8f29509c84bc198ea
SSDEEP

49152:mcBy9xGwPT7oIAtj4yfa+6/wgiuDqnI5SLnIE5y2UGALJ:m/w3jNiyZu2I5Mn42kLJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2704	rundll32.exe
2704	rundll32.exe
2704	rundll32.exe
2704	rundll32.exe
2484	rundll32.exe
2484	rundll32.exe
2484	rundll32.exe
2484	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2576	1128	4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe	27
PID 1128 wrote to memory of 2576	1128	4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe	27
PID 1128 wrote to memory of 2576	1128	4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe	27
PID 1128 wrote to memory of 2576	1128	4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe	27
PID 2576 wrote to memory of 2692	2576	cmd.exe	29
PID 2576 wrote to memory of 2692	2576	cmd.exe	29
PID 2576 wrote to memory of 2692	2576	cmd.exe	29
PID 2576 wrote to memory of 2692	2576	cmd.exe	29
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2692 wrote to memory of 2704	2692	control.exe	30
PID 2704 wrote to memory of 2464	2704	rundll32.exe	33
PID 2704 wrote to memory of 2464	2704	rundll32.exe	33
PID 2704 wrote to memory of 2464	2704	rundll32.exe	33
PID 2704 wrote to memory of 2464	2704	rundll32.exe	33
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34
PID 2464 wrote to memory of 2484	2464	RunDll32.exe	34

C:\Users\Admin\AppData\Local\Temp\4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe
"C:\Users\Admin\AppData\Local\Temp\4b17e3a8e7141f271b53e22a1bfe1e18f7f209bf17cd9cfa4a82530628339466.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\P.cmD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Windows\SysWOW64\control.exe
    CONTRoL "C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGRYDTH.m"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGRYDTH.m"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGRYDTH.m"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2464
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGRYDTH.m"
        6⤵
        Loads dropped DLL
        
        PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\p.cmd

Filesize
32B

MD5
8ab57201fff268d7cd81ef1ec3bb4e51

SHA1
14104cb74c671719293ecbc7a459a611d9faa4d7

SHA256
01f9221a75b3ade3c3f8f6f3f0e2bfb797632e3399985ccccf9ca5c7ccf7ab6d

SHA512
e561736f6a38b34517028d9cb155f105d2c046bd05933f800f56d26f7e47264544f8f33102f8c5419766eb1faa8d07d03c74962911e4ef4d8304a26a3f8b05f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\p.cmd

Filesize
32B

MD5
8ab57201fff268d7cd81ef1ec3bb4e51

SHA1
14104cb74c671719293ecbc7a459a611d9faa4d7

SHA256
01f9221a75b3ade3c3f8f6f3f0e2bfb797632e3399985ccccf9ca5c7ccf7ab6d

SHA512
e561736f6a38b34517028d9cb155f105d2c046bd05933f800f56d26f7e47264544f8f33102f8c5419766eb1faa8d07d03c74962911e4ef4d8304a26a3f8b05f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGRYDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS864B0B96\pGryDTH.m

Filesize
2.2MB

MD5
6353f6cfecb49273c535f2b44dfeabd5

SHA1
8c371fd2252a3628022d64ba5b7e0cf625a885a8

SHA256
66d5146e2dbf844eb9639c96ec98244479ceb1e5d21aa2a90b25c30f31ab2b54

SHA512
e04700bb3adc8943e3c680fea82fe5f623fdd1ff9a9a9d6f4475d744831f1ff2ee55b4a66b424ba53d6e140c232762438a7bfa4e75ebfe96ad893280fd21251e

Download Submit
memory/2484-41-0x0000000002900000-0x0000000002A06000-memory.dmp

Filesize
1.0MB

Download
memory/2484-40-0x0000000002900000-0x0000000002A06000-memory.dmp

Filesize
1.0MB

Download
memory/2484-38-0x0000000002900000-0x0000000002A06000-memory.dmp

Filesize
1.0MB

Download
memory/2484-36-0x00000000027D0000-0x00000000028F1000-memory.dmp

Filesize
1.1MB

Download
memory/2484-31-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/2704-25-0x0000000002870000-0x0000000002976000-memory.dmp

Filesize
1.0MB

Download
memory/2704-16-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download
memory/2704-17-0x0000000010000000-0x000000001022E000-memory.dmp

Filesize
2.2MB

Download
memory/2704-26-0x0000000002870000-0x0000000002976000-memory.dmp

Filesize
1.0MB

Download
memory/2704-21-0x0000000002460000-0x0000000002581000-memory.dmp

Filesize
1.1MB

Download
memory/2704-23-0x0000000002870000-0x0000000002976000-memory.dmp

Filesize
1.0MB

Download
memory/2704-22-0x0000000002870000-0x0000000002976000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads