1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe
Size

2.6MB
MD5

12859d10f4d4a5d0a72ea0d78d2859d6
SHA1

5c69218334c8a51076b79521c6be099e7734a45f
SHA256

1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab
SHA512

bce5b97f60ed0ba5f6e44a80e0cd9b787d61241ed33ecf263223413bdfdc78cb9ebda170792568cc009d716019d578c02eb50474ee297448648e3756fcca22ac
SSDEEP

49152:UJGihMQvu4M7KmSrbLZvEooHtC3wGEU4LHYZjAqPtP4p23icT/NczTBzjDZVUvUL:UIihMEa7KmebLZcooHRGpKHKAYiwvT/6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4148	rundll32.exe
536	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 928	3736	1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe	85
PID 3736 wrote to memory of 928	3736	1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe	85
PID 3736 wrote to memory of 928	3736	1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe	85
PID 928 wrote to memory of 4724	928	cmd.exe	87
PID 928 wrote to memory of 4724	928	cmd.exe	87
PID 928 wrote to memory of 4724	928	cmd.exe	87
PID 4724 wrote to memory of 4148	4724	control.exe	89
PID 4724 wrote to memory of 4148	4724	control.exe	89
PID 4724 wrote to memory of 4148	4724	control.exe	89
PID 4148 wrote to memory of 4948	4148	rundll32.exe	91
PID 4148 wrote to memory of 4948	4148	rundll32.exe	91
PID 4948 wrote to memory of 536	4948	RunDll32.exe	92
PID 4948 wrote to memory of 536	4948	RunDll32.exe	92
PID 4948 wrote to memory of 536	4948	RunDll32.exe	92

C:\Users\Admin\AppData\Local\Temp\1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe
"C:\Users\Admin\AppData\Local\Temp\1fa38b0438b8059815f3b8028a5913bc5ccf1c31820283377675486fd1eda0ab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\T14s__SZ.Cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:928
- - C:\Windows\SysWOW64\control.exe
    CONtrol "C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFO5.QJf"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFO5.QJf"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4148
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFO5.QJf"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4948
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFO5.QJf"
        6⤵
        Loads dropped DLL
        
        PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\T14s__sz.cmd

Filesize
31B

MD5
7d77e90fdb0bafaded7d944d94716be2

SHA1
ad5bf714e629a50c500acd7129a033cfe33ba4bf

SHA256
bf3bbaf62a59ded35272d654e2521b42c3b508e8fd8948e4cc5ee7fe9ef594d0

SHA512
8a39bec32dc4d35b8c85a6693ad7c7b7eaa75f4ddc3aa94e657f90766ce9445a56555ea2bede8c66661ad543b560161b112ac59aa30ef1fa3790033b760d0f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFO5.QJf

Filesize
2.6MB

MD5
3163478ba0e935227a1f8d6891533726

SHA1
6333ccf93325197f9331b6400db0f98565c58ff3

SHA256
e163dda28367624636aead2e736f51b4175a65a31e584971df2773df3d98b82d

SHA512
cc17ea2466747f6e8678907a1e8ac70e96e172f6b8fbc0577f865df0922ef0b418eb81016d2fe6d93d3addbfd70ea97957e1b82ca269019dbe019810c9d5d9b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFo5.qjf

Filesize
2.6MB

MD5
3163478ba0e935227a1f8d6891533726

SHA1
6333ccf93325197f9331b6400db0f98565c58ff3

SHA256
e163dda28367624636aead2e736f51b4175a65a31e584971df2773df3d98b82d

SHA512
cc17ea2466747f6e8678907a1e8ac70e96e172f6b8fbc0577f865df0922ef0b418eb81016d2fe6d93d3addbfd70ea97957e1b82ca269019dbe019810c9d5d9b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS89EB1657\u6yFo5.qjf

Filesize
2.6MB

MD5
3163478ba0e935227a1f8d6891533726

SHA1
6333ccf93325197f9331b6400db0f98565c58ff3

SHA256
e163dda28367624636aead2e736f51b4175a65a31e584971df2773df3d98b82d

SHA512
cc17ea2466747f6e8678907a1e8ac70e96e172f6b8fbc0577f865df0922ef0b418eb81016d2fe6d93d3addbfd70ea97957e1b82ca269019dbe019810c9d5d9b2

Download Submit
memory/536-26-0x0000000003530000-0x0000000003617000-memory.dmp

Filesize
924KB

Download
memory/536-25-0x0000000003530000-0x0000000003617000-memory.dmp

Filesize
924KB

Download
memory/536-22-0x0000000003530000-0x0000000003617000-memory.dmp

Filesize
924KB

Download
memory/536-21-0x0000000003430000-0x000000000352E000-memory.dmp

Filesize
1016KB

Download
memory/536-19-0x0000000001200000-0x0000000001206000-memory.dmp

Filesize
24KB

Download
memory/4148-8-0x0000000002670000-0x0000000002676000-memory.dmp

Filesize
24KB

Download
memory/4148-16-0x0000000002E80000-0x0000000002F67000-memory.dmp

Filesize
924KB

Download
memory/4148-15-0x0000000002E80000-0x0000000002F67000-memory.dmp

Filesize
924KB

Download
memory/4148-12-0x0000000002E80000-0x0000000002F67000-memory.dmp

Filesize
924KB

Download
memory/4148-11-0x0000000002D80000-0x0000000002E7E000-memory.dmp

Filesize
1016KB

Download
memory/4148-9-0x0000000010000000-0x0000000010294000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads