f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe
Size

2.2MB
MD5

1fb4b917c67077369741d6e58d1a1034
SHA1

60789fd4235b3d0885e75868709775ef7f48161c
SHA256

f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550
SHA512

2f558d8b069131be857eaa80915bdf5cba95b64a0d20999b10ba55d0f6ed3c32c3d70831fa322fd37f191be7a2b6a6fc3809a984612e7889fc94791d03465fd6
SSDEEP

49152:UJGi/Yu60PY0o4ZURE53TY8N4HqgM3j10znjyuajBG:UIi/YAPpKGXQHMB0znerBG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2732	rundll32.exe
2732	rundll32.exe
2732	rundll32.exe
2732	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe
2684	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2076	1732	f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe	28
PID 1732 wrote to memory of 2076	1732	f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe	28
PID 1732 wrote to memory of 2076	1732	f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe	28
PID 1732 wrote to memory of 2076	1732	f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe	28
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2732 wrote to memory of 2812	2732	rundll32.exe	32
PID 2732 wrote to memory of 2812	2732	rundll32.exe	32
PID 2732 wrote to memory of 2812	2732	rundll32.exe	32
PID 2732 wrote to memory of 2812	2732	rundll32.exe	32
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33
PID 2812 wrote to memory of 2684	2812	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe
"C:\Users\Admin\AppData\Local\Temp\f70df2986df689023e302301b42bcb4cfc95b2f9900af1bbb2c7ac1570aa8550.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\T2IP4B.cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\control.exe
    CoNtROl.exE "C:\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2812
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D"
        6⤵
        Loads dropped DLL
        
        PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4C600626\T2iP4B.cmd

Filesize
29B

MD5
0380edac9d4fb933222a70eb699ae28d

SHA1
33097f2bac0bf47505499ac63326122d81916e35

SHA256
84e89a2f321308d7526ad62bf0bdc4d507186a71e862ffad2fef618900c43308

SHA512
ae06011dcd21f885f53149952b68bfbd72ea59ac9fb121edd9fcbc050f0f958341ba2e41670642a2a59942677da53e4c617b84bdb817e8f1927d0241e39c442b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4C600626\T2iP4B.cmd

Filesize
29B

MD5
0380edac9d4fb933222a70eb699ae28d

SHA1
33097f2bac0bf47505499ac63326122d81916e35

SHA256
84e89a2f321308d7526ad62bf0bdc4d507186a71e862ffad2fef618900c43308

SHA512
ae06011dcd21f885f53149952b68bfbd72ea59ac9fb121edd9fcbc050f0f958341ba2e41670642a2a59942677da53e4c617b84bdb817e8f1927d0241e39c442b

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C600626\GI.D

Filesize
2.3MB

MD5
dd5a984b013398f4371b35d3ef25b200

SHA1
d10137f9a3bebf708810059846c3717ff9614965

SHA256
f7fee9ac04fca145ba2a31a875965c2931bdb70e773e377a70904693d61e4db8

SHA512
c0bc4f9e5bbb5032c99857dd9d2a6770c84d52f327918aaa8d31bb08655d6ffb527dcf575294ff8858b1f5256b3c5f608d1fad531d4fc3e29df573aeaec82633

Download Submit
memory/2684-30-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2684-32-0x00000000025C0000-0x00000000026D0000-memory.dmp

Filesize
1.1MB

Download
memory/2684-34-0x00000000026D0000-0x00000000027C5000-memory.dmp

Filesize
980KB

Download
memory/2684-36-0x00000000026D0000-0x00000000027C5000-memory.dmp

Filesize
980KB

Download
memory/2684-37-0x00000000026D0000-0x00000000027C5000-memory.dmp

Filesize
980KB

Download
memory/2732-21-0x0000000002760000-0x0000000002855000-memory.dmp

Filesize
980KB

Download
memory/2732-23-0x0000000002760000-0x0000000002855000-memory.dmp

Filesize
980KB

Download
memory/2732-24-0x0000000002760000-0x0000000002855000-memory.dmp

Filesize
980KB

Download
memory/2732-20-0x0000000002760000-0x0000000002855000-memory.dmp

Filesize
980KB

Download
memory/2732-19-0x0000000002650000-0x0000000002760000-memory.dmp

Filesize
1.1MB

Download
memory/2732-17-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/2732-16-0x0000000000130000-0x0000000000136000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads