6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08-10-2023 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe
Size

2.6MB
MD5

f0f4d913941593b2cfaf76bbdf8906c1
SHA1

e17e35225ccfff59fe327b4a7900e5a223115059
SHA256

6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827
SHA512

84784b2f44e13c13a2bf42c83447d5ea65a2f4ced3d834c47a41f6b6c87bdec7e53a8e70fffdd32cb4121404749c0cb2cd807a084f171142c17de465e6ca3d18
SSDEEP

49152:UJGi9KcvmwM9a42u2y34uIJrkencq+2N5O1uoZD94yy1EsdH+NWS8QDBbHVLoZFo:UIi9xmwYap/Y4/Jrr+61oZDETdH0h1Hz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2632	rundll32.exe
2632	rundll32.exe
2632	rundll32.exe
2632	rundll32.exe
2696	rundll32.exe
2696	rundll32.exe
2696	rundll32.exe
2696	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2688	1856	6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe	28
PID 1856 wrote to memory of 2688	1856	6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe	28
PID 1856 wrote to memory of 2688	1856	6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe	28
PID 1856 wrote to memory of 2688	1856	6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe	28
PID 2688 wrote to memory of 2188	2688	cmd.exe	30
PID 2688 wrote to memory of 2188	2688	cmd.exe	30
PID 2688 wrote to memory of 2188	2688	cmd.exe	30
PID 2688 wrote to memory of 2188	2688	cmd.exe	30
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2188 wrote to memory of 2632	2188	control.exe	31
PID 2632 wrote to memory of 2532	2632	rundll32.exe	32
PID 2632 wrote to memory of 2532	2632	rundll32.exe	32
PID 2632 wrote to memory of 2532	2632	rundll32.exe	32
PID 2632 wrote to memory of 2532	2632	rundll32.exe	32
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33
PID 2532 wrote to memory of 2696	2532	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe
"C:\Users\Admin\AppData\Local\Temp\6f4fe023a4cc878e187d02b16eaa049a66165c741bf6663c6d8454075a8a4827.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\TOLQZwF.cMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\SysWOW64\control.exe
    coNTrOl.EXe "C:\Users\Admin\AppData\Local\Temp\7zS0470D046\RU87DHSS.G_A"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0470D046\RU87DHSS.G_A"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0470D046\RU87DHSS.G_A"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2532
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS0470D046\RU87DHSS.G_A"
        6⤵
        Loads dropped DLL
        
        PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0470D046\RU87DHSS.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0470D046\tOLqZwf.cmd

Filesize
37B

MD5
a12b8bb1460a6fc596896e1cd7fbc34b

SHA1
d2c3faa67ac092017a56242e520ea5100bfaeadb

SHA256
e2244e1c912fab772355f236e4b76cd9573b30399a3b66fd8f0fa925f45cf93c

SHA512
a139c11ca8f9e359185e12bd734561f55b7d4222856741b34d000ce18325c3e360654e4cb88e85753630e4ba552e0c565f7883b8019b0da8e9f5eb8cb8d36634

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0470D046\tOLqZwf.cmd

Filesize
37B

MD5
a12b8bb1460a6fc596896e1cd7fbc34b

SHA1
d2c3faa67ac092017a56242e520ea5100bfaeadb

SHA256
e2244e1c912fab772355f236e4b76cd9573b30399a3b66fd8f0fa925f45cf93c

SHA512
a139c11ca8f9e359185e12bd734561f55b7d4222856741b34d000ce18325c3e360654e4cb88e85753630e4ba552e0c565f7883b8019b0da8e9f5eb8cb8d36634

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0470D046\rU87dHss.G_A

Filesize
2.6MB

MD5
6fb54e30ec818e57a84681f4b834f22d

SHA1
8f809e744c74d751492c719aab2bfa6d17989097

SHA256
83ec45c7b38f49195cac4af77aa404b75817f2aba682d28f8468f5a33173bad1

SHA512
2724f9622266442a2ee96acfe192c46d6d9d7d157acdd383198619de6cfafda067dd393e9bf6b886ca6af171e974496855719138554c32381c43e7c5427b7160

Download Submit
memory/2632-17-0x0000000000110000-0x0000000000116000-memory.dmp

Filesize
24KB

Download
memory/2632-21-0x00000000025A0000-0x00000000026AD000-memory.dmp

Filesize
1.1MB

Download
memory/2632-23-0x00000000026B0000-0x00000000027A4000-memory.dmp

Filesize
976KB

Download
memory/2632-22-0x00000000026B0000-0x00000000027A4000-memory.dmp

Filesize
976KB

Download
memory/2632-25-0x00000000026B0000-0x00000000027A4000-memory.dmp

Filesize
976KB

Download
memory/2632-26-0x00000000026B0000-0x00000000027A4000-memory.dmp

Filesize
976KB

Download
memory/2632-16-0x0000000010000000-0x000000001028E000-memory.dmp

Filesize
2.6MB

Download
memory/2696-32-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/2696-39-0x00000000026B0000-0x00000000027A4000-memory.dmp

Filesize
976KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads