cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 20:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe
Size

2.0MB
MD5

b2357d442fa6e01f339ef848d3e366f9
SHA1

12d0ff4f3ecab7dad74801d36b101c82abafc620
SHA256

cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626
SHA512

fad431839075adb053e4d7bc6410e403087bb83f2c4402bba7807adc773ad28555e6011af34e891df6645c009139ee7f22018e5e99640a05165c4d45ac2ec2c0
SSDEEP

49152:UJGiw7MqgnLzoDUfq3ywWBhozFgDrlt84KNEA1/:UIiw7Mqgv4UC3yL8iDxnbA1/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2976	rundll32.exe
2480	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3372	4388	cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe	85
PID 4388 wrote to memory of 3372	4388	cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe	85
PID 4388 wrote to memory of 3372	4388	cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe	85
PID 3372 wrote to memory of 2632	3372	cmd.exe	87
PID 3372 wrote to memory of 2632	3372	cmd.exe	87
PID 3372 wrote to memory of 2632	3372	cmd.exe	87
PID 2632 wrote to memory of 2976	2632	control.exe	88
PID 2632 wrote to memory of 2976	2632	control.exe	88
PID 2632 wrote to memory of 2976	2632	control.exe	88
PID 2976 wrote to memory of 2384	2976	rundll32.exe	91
PID 2976 wrote to memory of 2384	2976	rundll32.exe	91
PID 2384 wrote to memory of 2480	2384	RunDll32.exe	92
PID 2384 wrote to memory of 2480	2384	RunDll32.exe	92
PID 2384 wrote to memory of 2480	2384	RunDll32.exe	92

C:\Users\Admin\AppData\Local\Temp\cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe
"C:\Users\Admin\AppData\Local\Temp\cdf7fa88660f40418983fd957f4c32f8809afce66d55d5a023931eab5fd16626.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\JJ.bAt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3372
- - C:\Windows\SysWOW64\control.exe
    ControL.ExE "C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGFlkX.E"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGFlkX.E"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2976
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGFlkX.E"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2384
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGFlkX.E"
        6⤵
        Loads dropped DLL
        
        PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4212F557\jJ.bat

Filesize
33B

MD5
dfd4412fd07934a79ebe63a7a98a49d7

SHA1
de96a6d06f0d2055569e57b0daa89707754bb575

SHA256
4970c6bc841dcd4e109836f761a13a8e529fb972ce0c1911014a60f6c46a79ca

SHA512
63396abcc407572f3b9cf742a80a41e3c8a3cfdfb3ed0eebb984c2f80e8ca621dcd99c11ecd4fd596fd6b2b7aa5c6a9ab70742a978a359a014b07f73f9899c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGFlkX.E

Filesize
2.1MB

MD5
9b121745d0dfe790a726586950f5dbe8

SHA1
d4b44d0b18afe0fff57b419560ca7bd50b019834

SHA256
76956df174e590b91292e720bbd017a9935b745d5f4590afa81112eb7cb47501

SHA512
4f7ccd1449f43adeb6962f404b1267d74bdd8c587ac2aff13edeb3a5db9308cda29263540a1c3e4b2079ab156e4d3b4135e709ac27bc65648c0a72d176ae342b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGflkX.E

Filesize
2.1MB

MD5
9b121745d0dfe790a726586950f5dbe8

SHA1
d4b44d0b18afe0fff57b419560ca7bd50b019834

SHA256
76956df174e590b91292e720bbd017a9935b745d5f4590afa81112eb7cb47501

SHA512
4f7ccd1449f43adeb6962f404b1267d74bdd8c587ac2aff13edeb3a5db9308cda29263540a1c3e4b2079ab156e4d3b4135e709ac27bc65648c0a72d176ae342b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4212F557\~SfGflkX.E

Filesize
2.1MB

MD5
9b121745d0dfe790a726586950f5dbe8

SHA1
d4b44d0b18afe0fff57b419560ca7bd50b019834

SHA256
76956df174e590b91292e720bbd017a9935b745d5f4590afa81112eb7cb47501

SHA512
4f7ccd1449f43adeb6962f404b1267d74bdd8c587ac2aff13edeb3a5db9308cda29263540a1c3e4b2079ab156e4d3b4135e709ac27bc65648c0a72d176ae342b

Download Submit
memory/2480-26-0x00000000028A0000-0x000000000298D000-memory.dmp

Filesize
948KB

Download
memory/2480-25-0x00000000028A0000-0x000000000298D000-memory.dmp

Filesize
948KB

Download
memory/2480-22-0x00000000028A0000-0x000000000298D000-memory.dmp

Filesize
948KB

Download
memory/2480-21-0x0000000002790000-0x0000000002894000-memory.dmp

Filesize
1.0MB

Download
memory/2480-18-0x0000000001FF0000-0x0000000001FF6000-memory.dmp

Filesize
24KB

Download
memory/2976-8-0x0000000000A40000-0x0000000000A46000-memory.dmp

Filesize
24KB

Download
memory/2976-16-0x00000000029C0000-0x0000000002AAD000-memory.dmp

Filesize
948KB

Download
memory/2976-15-0x00000000029C0000-0x0000000002AAD000-memory.dmp

Filesize
948KB

Download
memory/2976-12-0x00000000029C0000-0x0000000002AAD000-memory.dmp

Filesize
948KB

Download
memory/2976-11-0x00000000028B0000-0x00000000029B4000-memory.dmp

Filesize
1.0MB

Download
memory/2976-9-0x0000000010000000-0x0000000010211000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads