58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56

General

Target

58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe
Size

2.6MB
MD5

e4441f76160ca931564c29e82e8f2bb2
SHA1

e37ddb66e5938aded1f3c9dac426e24d20a9c47b
SHA256

58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56
SHA512

3af898f568bb6f2db85cb69de68463313895040184c6d57a7a90bb6a249fbf6ea9143671010ad7e59518c2d625b331e913b2d3818c8c392ce3d85e124f71cfc3
SSDEEP

49152:ufyKuNA9M2rmabiSDaj2fscAHOaLMsirHYfz9wdbOutG:S+Ay2rmYiSw2f4OaLMsq4r9wdbq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
344	rundll32.exe
608	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 2880	4176	58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe	70
PID 4176 wrote to memory of 2880	4176	58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe	70
PID 4176 wrote to memory of 2880	4176	58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe	70
PID 2880 wrote to memory of 228	2880	cmd.exe	72
PID 2880 wrote to memory of 228	2880	cmd.exe	72
PID 2880 wrote to memory of 228	2880	cmd.exe	72
PID 228 wrote to memory of 344	228	control.exe	73
PID 228 wrote to memory of 344	228	control.exe	73
PID 228 wrote to memory of 344	228	control.exe	73
PID 344 wrote to memory of 2664	344	rundll32.exe	74
PID 344 wrote to memory of 2664	344	rundll32.exe	74
PID 2664 wrote to memory of 608	2664	RunDll32.exe	75
PID 2664 wrote to memory of 608	2664	RunDll32.exe	75
PID 2664 wrote to memory of 608	2664	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe
"C:\Users\Admin\AppData\Local\Temp\58e2d7dc8df883ac447bb2cb692696c1825ff4d42094466714539279a235cb56.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\UV8U8NGG.Bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Windows\SysWOW64\control.exe
    cOnTrOl "C:\Users\Admin\AppData\Local\Temp\7zS050682D7\yRTDB_.DK7"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS050682D7\yRTDB_.DK7"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:344
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS050682D7\yRTDB_.DK7"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS050682D7\yRTDB_.DK7"
        6⤵
        Loads dropped DLL
        
        PID:608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS050682D7\UV8u8NGG.bat

Filesize
26B

MD5
47a0be4b4df01c39cf753a370ee53eef

SHA1
2c4a552e9881c1e2fb587badb2a271c604b0b904

SHA256
b60477096c629a9e19f794f2f70cd92b40b6d343f70b64777395980f9c415f11

SHA512
c42e84c69ac820a679165213a9c734df4e28f7b39b40d044fbef357bb3de70dae269642798665dc83f1a130a680fd8b306296f88fb01490080544d03e9f0920b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS050682D7\yRTDB_.DK7

Filesize
2.6MB

MD5
24e8c5d32c8e0dd622f2c87501af9831

SHA1
3bdf2182d52bda3ed762607580bf306244600d08

SHA256
36b3178e88bb2a1b9edb74e5d3662d7a55d2d0ce0f36a3885e982b082801f124

SHA512
174644c73406689b608b014e73f08f1eedcf169cfa95be594e9891de20e694f4392385455335c5aa920baaba673beb71191570e82548b3e8fc0ddf85ffc7a4e5

Download Submit
\Users\Admin\AppData\Local\Temp\7zS050682D7\yrTDb_.dk7

Filesize
2.6MB

MD5
24e8c5d32c8e0dd622f2c87501af9831

SHA1
3bdf2182d52bda3ed762607580bf306244600d08

SHA256
36b3178e88bb2a1b9edb74e5d3662d7a55d2d0ce0f36a3885e982b082801f124

SHA512
174644c73406689b608b014e73f08f1eedcf169cfa95be594e9891de20e694f4392385455335c5aa920baaba673beb71191570e82548b3e8fc0ddf85ffc7a4e5

Download Submit
\Users\Admin\AppData\Local\Temp\7zS050682D7\yrTDb_.dk7

Filesize
2.6MB

MD5
24e8c5d32c8e0dd622f2c87501af9831

SHA1
3bdf2182d52bda3ed762607580bf306244600d08

SHA256
36b3178e88bb2a1b9edb74e5d3662d7a55d2d0ce0f36a3885e982b082801f124

SHA512
174644c73406689b608b014e73f08f1eedcf169cfa95be594e9891de20e694f4392385455335c5aa920baaba673beb71191570e82548b3e8fc0ddf85ffc7a4e5

Download Submit
memory/344-15-0x0000000004A70000-0x0000000004B67000-memory.dmp

Filesize
988KB

Download
memory/344-11-0x0000000004950000-0x0000000004A62000-memory.dmp

Filesize
1.1MB

Download
memory/344-13-0x0000000004A70000-0x0000000004B67000-memory.dmp

Filesize
988KB

Download
memory/344-12-0x0000000004A70000-0x0000000004B67000-memory.dmp

Filesize
988KB

Download
memory/344-8-0x0000000000730000-0x0000000000736000-memory.dmp

Filesize
24KB

Download
memory/344-16-0x0000000004A70000-0x0000000004B67000-memory.dmp

Filesize
988KB

Download
memory/344-9-0x0000000010000000-0x00000000102A1000-memory.dmp

Filesize
2.6MB

Download
memory/608-18-0x0000000000790000-0x0000000000796000-memory.dmp

Filesize
24KB

Download
memory/608-21-0x0000000004820000-0x0000000004932000-memory.dmp

Filesize
1.1MB

Download
memory/608-23-0x0000000004940000-0x0000000004A37000-memory.dmp

Filesize
988KB

Download
memory/608-25-0x0000000004940000-0x0000000004A37000-memory.dmp

Filesize
988KB

Download
memory/608-26-0x0000000004940000-0x0000000004A37000-memory.dmp

Filesize
988KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads