840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1

Analysis

max time kernel
122s
max time network
127s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2023, 19:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe
Size

1.5MB
MD5

15b42d6ec7d17dd0c8a21e11b83c32bf
SHA1

2976256fd5cccf3218f2efee23e8ae6be1946f0a
SHA256

840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1
SHA512

1dcb8d37a2c732dbcbf0bb8f5007ad75dc212a405a67641548c49ca4e3ed006515a222b6c85999df0003084e101f04b4458c35b4043b98c24d55e33210b88a92
SSDEEP

24576:mcVkKS7osA3De07oL4Hz4yuOlJ3uED0ghKWbZgqBbhrKQZ3dbp0C0+A3Lm:mcBb/7Fz4yuOlJa/qR5K8dbuls

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2596	rundll32.exe
3012	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 4624	2336	840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe	69
PID 2336 wrote to memory of 4624	2336	840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe	69
PID 2336 wrote to memory of 4624	2336	840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe	69
PID 4624 wrote to memory of 2868	4624	cmd.exe	71
PID 4624 wrote to memory of 2868	4624	cmd.exe	71
PID 4624 wrote to memory of 2868	4624	cmd.exe	71
PID 2868 wrote to memory of 2596	2868	control.exe	72
PID 2868 wrote to memory of 2596	2868	control.exe	72
PID 2868 wrote to memory of 2596	2868	control.exe	72
PID 2596 wrote to memory of 2664	2596	rundll32.exe	73
PID 2596 wrote to memory of 2664	2596	rundll32.exe	73
PID 2664 wrote to memory of 3012	2664	RunDll32.exe	74
PID 2664 wrote to memory of 3012	2664	RunDll32.exe	74
PID 2664 wrote to memory of 3012	2664	RunDll32.exe	74

C:\Users\Admin\AppData\Local\Temp\840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe
"C:\Users\Admin\AppData\Local\Temp\840e2a4ac14421f01316b66e2df50fd96f8d55d07a5ba49bfcad995f48165ea1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\GXM1.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4624
- - C:\Windows\SysWOW64\control.exe
    cONtROl "C:\Users\Admin\AppData\Local\Temp\7zS02985C97\V.Y"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS02985C97\V.Y"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS02985C97\V.Y"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS02985C97\V.Y"
        6⤵
        Loads dropped DLL
        
        PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS02985C97\GxM1.cmd

Filesize
23B

MD5
d0b59ecbc651b1302d1dcab737a5806d

SHA1
551e3e66d0736ad2a0ca75bdd006199ca7b420f3

SHA256
b646ccef8d95bae536623a28422fc88c5543aff406a3ce659c11647ecc99a65a

SHA512
6fedf2079080650351b77728c90884b5c7d506c3080c1af6944cf05f488327e6ec290a59b2a0305a9f045257ddbe91ac9886e738c80e7ba65d1aa37394814a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02985C97\V.Y

Filesize
1.6MB

MD5
3de33983acbbfd49f12490fa7cdcdffc

SHA1
ab80c989de93dd12604e6e7e7c5e330ccd2a1101

SHA256
24533893d7051b0ff3994511ad5e4dc5e3a7a7d9251e6dfc630b46dfb0b1f39e

SHA512
c897a2f774b62a8a515c952891a75d72c627890b71f1d637d53af590cb372d929900b5d57283e3351043957e22cc7adc771e90d176fced6957aa84b83d38b5a0

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02985C97\V.y

Filesize
1.6MB

MD5
3de33983acbbfd49f12490fa7cdcdffc

SHA1
ab80c989de93dd12604e6e7e7c5e330ccd2a1101

SHA256
24533893d7051b0ff3994511ad5e4dc5e3a7a7d9251e6dfc630b46dfb0b1f39e

SHA512
c897a2f774b62a8a515c952891a75d72c627890b71f1d637d53af590cb372d929900b5d57283e3351043957e22cc7adc771e90d176fced6957aa84b83d38b5a0

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02985C97\V.y

Filesize
1.6MB

MD5
3de33983acbbfd49f12490fa7cdcdffc

SHA1
ab80c989de93dd12604e6e7e7c5e330ccd2a1101

SHA256
24533893d7051b0ff3994511ad5e4dc5e3a7a7d9251e6dfc630b46dfb0b1f39e

SHA512
c897a2f774b62a8a515c952891a75d72c627890b71f1d637d53af590cb372d929900b5d57283e3351043957e22cc7adc771e90d176fced6957aa84b83d38b5a0

Download Submit
memory/2596-8-0x0000000002600000-0x0000000002606000-memory.dmp

Filesize
24KB

Download
memory/2596-12-0x0000000004730000-0x0000000004834000-memory.dmp

Filesize
1.0MB

Download
memory/2596-13-0x0000000004840000-0x000000000492D000-memory.dmp

Filesize
948KB

Download
memory/2596-16-0x0000000004840000-0x000000000492D000-memory.dmp

Filesize
948KB

Download
memory/2596-17-0x0000000004840000-0x000000000492D000-memory.dmp

Filesize
948KB

Download
memory/2596-9-0x0000000010000000-0x00000000101A1000-memory.dmp

Filesize
1.6MB

Download
memory/3012-19-0x0000000004970000-0x0000000004976000-memory.dmp

Filesize
24KB

Download
memory/3012-23-0x0000000004AA0000-0x0000000004BA4000-memory.dmp

Filesize
1.0MB

Download
memory/3012-24-0x0000000004BC0000-0x0000000004CAD000-memory.dmp

Filesize
948KB

Download
memory/3012-27-0x0000000004BC0000-0x0000000004CAD000-memory.dmp

Filesize
948KB

Download
memory/3012-28-0x0000000004BC0000-0x0000000004CAD000-memory.dmp

Filesize
948KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads