da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe
Size

2.2MB
MD5

e4c9538ee2e50662bf7c2b701b8d1e57
SHA1

0be1f4fb075866dac9138b1aa3ab2e1586915528
SHA256

da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e
SHA512

2790eb7cd8f5c0b5fe881322fc0a1775b631f26d2bd4444a1c875c3a49fbe1500b0419ba73e098867f333f93cc646e749d3018585cd475f423dc8b3810339955
SSDEEP

49152:ufaq87bBVQ+dZWakWcQIDI5eYB7HiP9kqvpQ1FRjro:ZpzZTZDCPGiQ1no

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2016	rundll32.exe
2016	rundll32.exe
2016	rundll32.exe
2016	rundll32.exe
2764	rundll32.exe
2764	rundll32.exe
2764	rundll32.exe
2764	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 3056	1704	da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe	28
PID 1704 wrote to memory of 3056	1704	da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe	28
PID 1704 wrote to memory of 3056	1704	da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe	28
PID 1704 wrote to memory of 3056	1704	da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe	28
PID 3056 wrote to memory of 2892	3056	cmd.exe	30
PID 3056 wrote to memory of 2892	3056	cmd.exe	30
PID 3056 wrote to memory of 2892	3056	cmd.exe	30
PID 3056 wrote to memory of 2892	3056	cmd.exe	30
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2892 wrote to memory of 2016	2892	control.exe	31
PID 2016 wrote to memory of 2736	2016	rundll32.exe	32
PID 2016 wrote to memory of 2736	2016	rundll32.exe	32
PID 2016 wrote to memory of 2736	2016	rundll32.exe	32
PID 2016 wrote to memory of 2736	2016	rundll32.exe	32
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33
PID 2736 wrote to memory of 2764	2736	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe
"C:\Users\Admin\AppData\Local\Temp\da9556ef3fd609709cc07f635978b1d428cd8bd681ebbe1679b5f7c10fa0270e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\6MXMQ.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\SysWOW64\control.exe
    CONtRol "C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2016
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2736
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1"
        6⤵
        Loads dropped DLL
        
        PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\6MXmQ.bat

Filesize
23B

MD5
a2dc6739541f40e7a865ceccc736bfa9

SHA1
ed3e534852b6cd952139a8040d2f6dca6c84fdc9

SHA256
8acad9bfb6e60f33a4838402984c1e7fcf7391287c035d72d6a8130c4284f31b

SHA512
65ffbe7a60aee7679f69d8ba465505220345675021967f83d61d669bc3ae9f6aa0a96e1098e815a5dce01b82492f780f215e834197cace204a51c7d73cadb8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\6MXmQ.bat

Filesize
23B

MD5
a2dc6739541f40e7a865ceccc736bfa9

SHA1
ed3e534852b6cd952139a8040d2f6dca6c84fdc9

SHA256
8acad9bfb6e60f33a4838402984c1e7fcf7391287c035d72d6a8130c4284f31b

SHA512
65ffbe7a60aee7679f69d8ba465505220345675021967f83d61d669bc3ae9f6aa0a96e1098e815a5dce01b82492f780f215e834197cace204a51c7d73cadb8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A687B56\B.Tv1

Filesize
2.3MB

MD5
cb6a3da7d75d249705b2ccba171c6c5b

SHA1
13e7771ac0f4103072f5a6aac43adcdba52bc86b

SHA256
b5586a729e338c5ab432142a012e93386f3dab0d3e5587203926253be5ac76d4

SHA512
68d4ddfb654418d1489903b4810d45376a58d2b857bf4d4d01e06a2f1b2ad879484ec68376c696e369d80c234afb3500e24c726e9ccaf760406e105327431105

Download Submit
memory/2016-16-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2016-23-0x0000000002800000-0x0000000002901000-memory.dmp

Filesize
1.0MB

Download
memory/2016-24-0x0000000002800000-0x0000000002901000-memory.dmp

Filesize
1.0MB

Download
memory/2016-17-0x0000000000140000-0x0000000000146000-memory.dmp

Filesize
24KB

Download
memory/2016-19-0x00000000026E0000-0x00000000027FB000-memory.dmp

Filesize
1.1MB

Download
memory/2016-21-0x0000000002800000-0x0000000002901000-memory.dmp

Filesize
1.0MB

Download
memory/2016-20-0x0000000002800000-0x0000000002901000-memory.dmp

Filesize
1.0MB

Download
memory/2764-30-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/2764-32-0x0000000002650000-0x000000000276B000-memory.dmp

Filesize
1.1MB

Download
memory/2764-34-0x0000000002770000-0x0000000002871000-memory.dmp

Filesize
1.0MB

Download
memory/2764-36-0x0000000002770000-0x0000000002871000-memory.dmp

Filesize
1.0MB

Download
memory/2764-37-0x0000000002770000-0x0000000002871000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads