042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb

Analysis

max time kernel
188s
max time network
297s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
10/10/2023, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe
Size

2.6MB
MD5

abe985fed6098ddf3861667d50f7312e
SHA1

ca1018008868917c49ffd2b21825f8f61b4cd6df
SHA256

042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb
SHA512

48873bb9c2bd2a1e0c804e77f927bfcf24f1a85d0ac9434fb7b80f664b43f65f1d2bb77fe0bda4109d3d411ed33baabcc72202ed452e2da5211dbcfc7b92e1b0
SSDEEP

49152:UJGi/XP1sQHxMD0tlsShHQwsdk+8U/fRJNLEDl4BbZr3qqp0MjERINfAhDZh+1Gj:UIi/XdsQHSD031QwGL8UnRJNKl8l3R0p

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1924	rundll32.exe
4224	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2540	1244	042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe	70
PID 1244 wrote to memory of 2540	1244	042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe	70
PID 1244 wrote to memory of 2540	1244	042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe	70
PID 2540 wrote to memory of 1884	2540	cmd.exe	72
PID 2540 wrote to memory of 1884	2540	cmd.exe	72
PID 2540 wrote to memory of 1884	2540	cmd.exe	72
PID 1884 wrote to memory of 1924	1884	control.exe	73
PID 1884 wrote to memory of 1924	1884	control.exe	73
PID 1884 wrote to memory of 1924	1884	control.exe	73
PID 1924 wrote to memory of 3616	1924	rundll32.exe	74
PID 1924 wrote to memory of 3616	1924	rundll32.exe	74
PID 3616 wrote to memory of 4224	3616	RunDll32.exe	75
PID 3616 wrote to memory of 4224	3616	RunDll32.exe	75
PID 3616 wrote to memory of 4224	3616	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe
"C:\Users\Admin\AppData\Local\Temp\042088fa2675393bf37007692e12e797a774820d2f47a7c8da957d61ab09cbdb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\njIY.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Windows\SysWOW64\control.exe
    CoNtrol.eXE "C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81Ar0KG.f4"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1884
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81Ar0KG.f4"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1924
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81Ar0KG.f4"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3616
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81Ar0KG.f4"
        6⤵
        Loads dropped DLL
        
        PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81Ar0KG.f4

Filesize
2.6MB

MD5
9498869ddbbefec97094a90353fda571

SHA1
4052c1c460d5ac7d0b74b87e49e6f7c908bd289b

SHA256
069099ea6a57bfd364b625a924ea8012eb1b5c07fff4bbe7f8cb90b3514bb9a2

SHA512
da448ae3fc7f7d06ac083cd71621a6bf18857b3211545b615933d2f9f7ed89ca47050476ff62acf94dd2f1376e1a3070ad4a64836f0df9201039ebe95dc930ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\njIY.cmd

Filesize
31B

MD5
55872f20ffbb0b58c874c287ed10db58

SHA1
3d600f7fdd7955dd3baea6c0d6ef333e4b27ba5d

SHA256
65cbacd867f80f974157136649530ad511ffc4eecbdbed1a6189f88d44d64f91

SHA512
27f31a7fc190d42880392bdc167b086f3bc433816716db62d6078fca61bc526d70204c0c41d06e3a441a53add7b1753e3aed0f23c1744a391a692619ab6a33ff

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81ar0KG.f4

Filesize
2.6MB

MD5
9498869ddbbefec97094a90353fda571

SHA1
4052c1c460d5ac7d0b74b87e49e6f7c908bd289b

SHA256
069099ea6a57bfd364b625a924ea8012eb1b5c07fff4bbe7f8cb90b3514bb9a2

SHA512
da448ae3fc7f7d06ac083cd71621a6bf18857b3211545b615933d2f9f7ed89ca47050476ff62acf94dd2f1376e1a3070ad4a64836f0df9201039ebe95dc930ef

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCD48EFD7\81ar0KG.f4

Filesize
2.6MB

MD5
9498869ddbbefec97094a90353fda571

SHA1
4052c1c460d5ac7d0b74b87e49e6f7c908bd289b

SHA256
069099ea6a57bfd364b625a924ea8012eb1b5c07fff4bbe7f8cb90b3514bb9a2

SHA512
da448ae3fc7f7d06ac083cd71621a6bf18857b3211545b615933d2f9f7ed89ca47050476ff62acf94dd2f1376e1a3070ad4a64836f0df9201039ebe95dc930ef

Download Submit
memory/1924-8-0x00000000007A0000-0x00000000007A6000-memory.dmp

Filesize
24KB

Download
memory/1924-11-0x0000000004900000-0x0000000004A08000-memory.dmp

Filesize
1.0MB

Download
memory/1924-12-0x0000000004A10000-0x0000000004AFE000-memory.dmp

Filesize
952KB

Download
memory/1924-15-0x0000000004A10000-0x0000000004AFE000-memory.dmp

Filesize
952KB

Download
memory/1924-16-0x0000000004A10000-0x0000000004AFE000-memory.dmp

Filesize
952KB

Download
memory/1924-9-0x0000000010000000-0x000000001028F000-memory.dmp

Filesize
2.6MB

Download
memory/4224-18-0x0000000000E10000-0x0000000000E16000-memory.dmp

Filesize
24KB

Download
memory/4224-21-0x0000000004A40000-0x0000000004B48000-memory.dmp

Filesize
1.0MB

Download
memory/4224-22-0x0000000004B50000-0x0000000004C3E000-memory.dmp

Filesize
952KB

Download
memory/4224-25-0x0000000004B50000-0x0000000004C3E000-memory.dmp

Filesize
952KB

Download
memory/4224-26-0x0000000004B50000-0x0000000004C3E000-memory.dmp

Filesize
952KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads