5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162

Analysis

max time kernel
118s
max time network
146s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 21:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe
Size

2.2MB
MD5

1fb6590ffcdc704552cf24318a640fff
SHA1

1a1c9dfe7bb2c8cd187b5fb66a8fceefbc1f724b
SHA256

5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162
SHA512

e73649137afef20c23d9d2fa98143a5237f0d3b3c70fd4d21fae078ea97584dcc45fc05f8979a12102de5bbf44ca75edacaf17d2bff599085b4a3b75ce5e8a1e
SSDEEP

49152:WfRn+UB5b0HHgrYTtSkFk56FtbwYeueJKtws1X0ruU:Wh5uHA4k4NeJKtwsZ0r3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2832	rundll32.exe
2832	rundll32.exe
2832	rundll32.exe
2832	rundll32.exe
2568	rundll32.exe
2568	rundll32.exe
2568	rundll32.exe
2568	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1164	2120	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe	28
PID 2120 wrote to memory of 1164	2120	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe	28
PID 2120 wrote to memory of 1164	2120	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe	28
PID 2120 wrote to memory of 1164	2120	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe	28
PID 1164 wrote to memory of 2788	1164	cmd.exe	30
PID 1164 wrote to memory of 2788	1164	cmd.exe	30
PID 1164 wrote to memory of 2788	1164	cmd.exe	30
PID 1164 wrote to memory of 2788	1164	cmd.exe	30
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2788 wrote to memory of 2832	2788	control.exe	31
PID 2832 wrote to memory of 2552	2832	rundll32.exe	34
PID 2832 wrote to memory of 2552	2832	rundll32.exe	34
PID 2832 wrote to memory of 2552	2832	rundll32.exe	34
PID 2832 wrote to memory of 2552	2832	rundll32.exe	34
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35
PID 2552 wrote to memory of 2568	2552	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\X0QfU.Bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Windows\SysWOW64\control.exe
    CoNtrOl "C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\zQzUVS1.ZJV"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\zQzUVS1.ZJV"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\zQzUVS1.ZJV"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\zQzUVS1.ZJV"
        6⤵
        Loads dropped DLL
        
        PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\x0qfU.bat

Filesize
32B

MD5
5fab49e4ab64338acdf391018ef98f14

SHA1
67ec59276392ee371a0a72df2fba853217b577c4

SHA256
211f4e55008449ec51fabe8cf32cf8f872417f95f2fda5afd7a769300ebf0402

SHA512
cd5466ea848f9c87f5ffdd9fffa2e93a32d74d35a7ad10222db8a601f1597a792b8c462ec7b7083ae14216614b2efbc48feaaa40b82cd7973955a9a5913b6a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\x0qfU.bat

Filesize
32B

MD5
5fab49e4ab64338acdf391018ef98f14

SHA1
67ec59276392ee371a0a72df2fba853217b577c4

SHA256
211f4e55008449ec51fabe8cf32cf8f872417f95f2fda5afd7a769300ebf0402

SHA512
cd5466ea848f9c87f5ffdd9fffa2e93a32d74d35a7ad10222db8a601f1597a792b8c462ec7b7083ae14216614b2efbc48feaaa40b82cd7973955a9a5913b6a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84839AA6\zQzUVS1.ZJV

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
\Users\Admin\AppData\Local\Temp\7zS84839AA6\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
memory/2568-30-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2568-37-0x00000000026D0000-0x00000000027E9000-memory.dmp

Filesize
1.1MB

Download
memory/2568-38-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2568-41-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2568-42-0x00000000027F0000-0x00000000028EC000-memory.dmp

Filesize
1008KB

Download
memory/2832-21-0x0000000002870000-0x000000000296C000-memory.dmp

Filesize
1008KB

Download
memory/2832-24-0x0000000002870000-0x000000000296C000-memory.dmp

Filesize
1008KB

Download
memory/2832-25-0x0000000002870000-0x000000000296C000-memory.dmp

Filesize
1008KB

Download
memory/2832-20-0x0000000002750000-0x0000000002869000-memory.dmp

Filesize
1.1MB

Download
memory/2832-17-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/2832-16-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads