e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe
Size

2.2MB
MD5

3135d14f9bbfd3e88aa95af4c5b32b7b
SHA1

9c90bde8bc99cad62838ed2505e3988e0132baa3
SHA256

e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8
SHA512

3d119f5d7709e6a3ea7963b429ec24da9d44a2fd9e57c997ecec093423d270cd358391fc800092b63ff8d187c26d54dab92aeeeb3feaa6302dbbdf3f9f2ceb17
SSDEEP

49152:UJGiBYymwlLKEbatSN/FBMjg24BDj2jhA9DQ65nR5d:UIiBYyRwtSpkCj2jhApH5d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2796	rundll32.exe
2796	rundll32.exe
2796	rundll32.exe
2796	rundll32.exe
2628	rundll32.exe
2628	rundll32.exe
2628	rundll32.exe
2628	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2396	2432	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	28
PID 2432 wrote to memory of 2396	2432	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	28
PID 2432 wrote to memory of 2396	2432	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	28
PID 2432 wrote to memory of 2396	2432	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	28
PID 2396 wrote to memory of 2652	2396	cmd.exe	30
PID 2396 wrote to memory of 2652	2396	cmd.exe	30
PID 2396 wrote to memory of 2652	2396	cmd.exe	30
PID 2396 wrote to memory of 2652	2396	cmd.exe	30
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2652 wrote to memory of 2796	2652	control.exe	31
PID 2796 wrote to memory of 2948	2796	rundll32.exe	32
PID 2796 wrote to memory of 2948	2796	rundll32.exe	32
PID 2796 wrote to memory of 2948	2796	rundll32.exe	32
PID 2796 wrote to memory of 2948	2796	rundll32.exe	32
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33
PID 2948 wrote to memory of 2628	2948	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe
"C:\Users\Admin\AppData\Local\Temp\e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\UWhcMJp.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Windows\SysWOW64\control.exe
    ConTRoL.EXE "C:\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2948
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~"
        6⤵
        Loads dropped DLL
        
        PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS089B4556\UWhcMJp.cmd

Filesize
30B

MD5
f9676e2c3e356c8efce1fd7861d04e8b

SHA1
306dbbd42bcf66a604cb3c8e339ea70e8cfe85bb

SHA256
cd2ed964702f02e1a7b9538fc5ad99b6a1ad667f62b2f4a8169d6f19a1bc24ab

SHA512
f2d1860deddb6e208635072b1ca028003204250aae488c59844f6823e3998a87513058cad9c4cddbfdacbd987700031ed7e0554ec2b26391204c5be61752aa93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS089B4556\UWhcMJp.cmd

Filesize
30B

MD5
f9676e2c3e356c8efce1fd7861d04e8b

SHA1
306dbbd42bcf66a604cb3c8e339ea70e8cfe85bb

SHA256
cd2ed964702f02e1a7b9538fc5ad99b6a1ad667f62b2f4a8169d6f19a1bc24ab

SHA512
f2d1860deddb6e208635072b1ca028003204250aae488c59844f6823e3998a87513058cad9c4cddbfdacbd987700031ed7e0554ec2b26391204c5be61752aa93

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
\Users\Admin\AppData\Local\Temp\7zS089B4556\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
memory/2628-30-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/2628-32-0x0000000002660000-0x000000000277B000-memory.dmp

Filesize
1.1MB

Download
memory/2628-34-0x0000000002780000-0x0000000002881000-memory.dmp

Filesize
1.0MB

Download
memory/2628-36-0x0000000002780000-0x0000000002881000-memory.dmp

Filesize
1.0MB

Download
memory/2628-37-0x0000000002780000-0x0000000002881000-memory.dmp

Filesize
1.0MB

Download
memory/2796-21-0x0000000002950000-0x0000000002A51000-memory.dmp

Filesize
1.0MB

Download
memory/2796-23-0x0000000002950000-0x0000000002A51000-memory.dmp

Filesize
1.0MB

Download
memory/2796-24-0x0000000002950000-0x0000000002A51000-memory.dmp

Filesize
1.0MB

Download
memory/2796-20-0x0000000002950000-0x0000000002A51000-memory.dmp

Filesize
1.0MB

Download
memory/2796-19-0x0000000002830000-0x000000000294B000-memory.dmp

Filesize
1.1MB

Download
memory/2796-17-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download
memory/2796-16-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads