64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e

Analysis

max time kernel
165s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2023 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe
Size

2.2MB
MD5

129b84fb7ad6599bc881360d512e827d
SHA1

169f4d51483e450281dc198e9d9b3b20e3896063
SHA256

64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
SHA512

cdaf9c92f76de85afc2cd850b9d10ac0546180b76df90fa47fc1bf7e991af43cc9c11041d01ccf5d44fafcce0ce174331e8221b503e4be90df7af813bb694075
SSDEEP

49152:ufdrf4AJ8DGUehMBNBSHnbaG4XWEucbfntpvSCD7EJ9Q:OrZ2GBhoNBscXducbfbZZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4764	rundll32.exe
1492	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 1104	3532	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	86
PID 3532 wrote to memory of 1104	3532	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	86
PID 3532 wrote to memory of 1104	3532	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	86
PID 1104 wrote to memory of 4744	1104	cmd.exe	88
PID 1104 wrote to memory of 4744	1104	cmd.exe	88
PID 1104 wrote to memory of 4744	1104	cmd.exe	88
PID 4744 wrote to memory of 4764	4744	control.exe	90
PID 4744 wrote to memory of 4764	4744	control.exe	90
PID 4744 wrote to memory of 4764	4744	control.exe	90
PID 4764 wrote to memory of 3776	4764	rundll32.exe	98
PID 4764 wrote to memory of 3776	4764	rundll32.exe	98
PID 3776 wrote to memory of 1492	3776	RunDll32.exe	99
PID 3776 wrote to memory of 1492	3776	RunDll32.exe	99
PID 3776 wrote to memory of 1492	3776	RunDll32.exe	99

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\LI5VOZAn.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Windows\SysWOW64\control.exe
    cOntROL "C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\ZMEpN.5"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4744
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\ZMEpN.5"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4764
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\ZMEpN.5"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3776
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\ZMEpN.5"
        6⤵
        Loads dropped DLL
        
        PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\LI5VOzAn.bat

Filesize
27B

MD5
374272bf91dac4bcbf580623bba12e65

SHA1
e4e3261153e2da2405cf95d6cba80aa82c6e411a

SHA256
148e3ddb434fdf0aae295c4774d01e7ab0ee8e16ca2e31a88d8bd9ce5a9bde8c

SHA512
357ed726b9a1747ab63fc711bf87bcded6f87c5d1e8988309250d05b3f117ce092234feb80c47c0a5e15a41afde26a9773f5d03b839d8f05b4134670a4bbc39d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\ZMEpN.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCCD0E968\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
memory/1492-27-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/1492-26-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/1492-23-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/1492-22-0x0000000003450000-0x0000000003569000-memory.dmp

Filesize
1.1MB

Download
memory/1492-18-0x0000000000FF0000-0x0000000000FF6000-memory.dmp

Filesize
24KB

Download
memory/4764-9-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/4764-16-0x0000000002D90000-0x0000000002E8C000-memory.dmp

Filesize
1008KB

Download
memory/4764-15-0x0000000002D90000-0x0000000002E8C000-memory.dmp

Filesize
1008KB

Download
memory/4764-12-0x0000000002D90000-0x0000000002E8C000-memory.dmp

Filesize
1008KB

Download
memory/4764-11-0x0000000003230000-0x0000000003349000-memory.dmp

Filesize
1.1MB

Download
memory/4764-8-0x0000000000EC0000-0x0000000000EC6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads