e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe
Size

2.2MB
MD5

3135d14f9bbfd3e88aa95af4c5b32b7b
SHA1

9c90bde8bc99cad62838ed2505e3988e0132baa3
SHA256

e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8
SHA512

3d119f5d7709e6a3ea7963b429ec24da9d44a2fd9e57c997ecec093423d270cd358391fc800092b63ff8d187c26d54dab92aeeeb3feaa6302dbbdf3f9f2ceb17
SSDEEP

49152:UJGiBYymwlLKEbatSN/FBMjg24BDj2jhA9DQ65nR5d:UIiBYyRwtSpkCj2jhApH5d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
636	rundll32.exe
1036	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 2200	4480	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	85
PID 4480 wrote to memory of 2200	4480	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	85
PID 4480 wrote to memory of 2200	4480	e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe	85
PID 2200 wrote to memory of 4180	2200	cmd.exe	88
PID 2200 wrote to memory of 4180	2200	cmd.exe	88
PID 2200 wrote to memory of 4180	2200	cmd.exe	88
PID 4180 wrote to memory of 636	4180	control.exe	89
PID 4180 wrote to memory of 636	4180	control.exe	89
PID 4180 wrote to memory of 636	4180	control.exe	89
PID 636 wrote to memory of 4740	636	rundll32.exe	90
PID 636 wrote to memory of 4740	636	rundll32.exe	90
PID 4740 wrote to memory of 1036	4740	RunDll32.exe	91
PID 4740 wrote to memory of 1036	4740	RunDll32.exe	91
PID 4740 wrote to memory of 1036	4740	RunDll32.exe	91

C:\Users\Admin\AppData\Local\Temp\e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe
"C:\Users\Admin\AppData\Local\Temp\e3277d8b1a93642890921c19cd74479fb1d165ba917d87fcf48f062705c2e9a8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\UWhcMJp.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Windows\SysWOW64\control.exe
    ConTRoL.EXE "C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4180
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:636
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4740
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~"
        6⤵
        Loads dropped DLL
        
        PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0814C247\Qg568.4~

Filesize
2.3MB

MD5
89321d8101d3e35f525c0e7aaa7f6eea

SHA1
2810f06c99cc8f17bc397bceae36eb61dc201243

SHA256
e0a7a72da3e9dba38742f81779b5cbdd5e080dee616d30f97cbd0a840ac204c7

SHA512
d69020664a4e5a5b80ec8cd41f1f423ec030a3f55d89d6cbd1d18bc92f7aa18959a904918b32d01c5e1b9a2c709f843842a550f025ec89b9cb4bd0a4c2e76277

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0814C247\UWhcMJp.cmd

Filesize
30B

MD5
f9676e2c3e356c8efce1fd7861d04e8b

SHA1
306dbbd42bcf66a604cb3c8e339ea70e8cfe85bb

SHA256
cd2ed964702f02e1a7b9538fc5ad99b6a1ad667f62b2f4a8169d6f19a1bc24ab

SHA512
f2d1860deddb6e208635072b1ca028003204250aae488c59844f6823e3998a87513058cad9c4cddbfdacbd987700031ed7e0554ec2b26391204c5be61752aa93

Download Submit
memory/636-15-0x0000000003500000-0x0000000003601000-memory.dmp

Filesize
1.0MB

Download
memory/636-11-0x00000000033E0000-0x00000000034FB000-memory.dmp

Filesize
1.1MB

Download
memory/636-13-0x0000000003500000-0x0000000003601000-memory.dmp

Filesize
1.0MB

Download
memory/636-12-0x0000000003500000-0x0000000003601000-memory.dmp

Filesize
1.0MB

Download
memory/636-9-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/636-16-0x0000000003500000-0x0000000003601000-memory.dmp

Filesize
1.0MB

Download
memory/636-8-0x0000000001290000-0x0000000001296000-memory.dmp

Filesize
24KB

Download
memory/1036-18-0x0000000001530000-0x0000000001536000-memory.dmp

Filesize
24KB

Download
memory/1036-21-0x00000000034A0000-0x00000000035BB000-memory.dmp

Filesize
1.1MB

Download
memory/1036-23-0x00000000035C0000-0x00000000036C1000-memory.dmp

Filesize
1.0MB

Download
memory/1036-25-0x00000000035C0000-0x00000000036C1000-memory.dmp

Filesize
1.0MB

Download
memory/1036-26-0x00000000035C0000-0x00000000036C1000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads