b653a89e2a50d9f48353c875198d7f64344d227accdc5c8bd35823502800842b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe
Size

2.2MB
MD5

5bacad997fee21b16c7265d27f8cf2f7
SHA1

4c16385554f31b237336e0ec27674127ba9dd735
SHA256

b653a89e2a50d9f48353c875198d7f64344d227accdc5c8bd35823502800842b
SHA512

f0c4ee6777092526de94c92c120ab0b21eed6f6e8fc49e5359178ee3a4a96b7eb2d0689f87f39c26fad6b9cd6a86da43c33ef2de7f8b3e26fb15e7bcf02d4376
SSDEEP

49152:ufC4M200n9b3Dd0iefUpYpYsEWFSrV5N7mAui+wSnpgrEIr:jxk350HfUOhEWFSr7xu4SpdIr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2408	rundll32.exe
2408	rundll32.exe
2408	rundll32.exe
2408	rundll32.exe
2980	rundll32.exe
2980	rundll32.exe
2980	rundll32.exe
2980	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2076	2200	SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe	28
PID 2200 wrote to memory of 2076	2200	SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe	28
PID 2200 wrote to memory of 2076	2200	SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe	28
PID 2200 wrote to memory of 2076	2200	SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe	28
PID 2076 wrote to memory of 2208	2076	cmd.exe	30
PID 2076 wrote to memory of 2208	2076	cmd.exe	30
PID 2076 wrote to memory of 2208	2076	cmd.exe	30
PID 2076 wrote to memory of 2208	2076	cmd.exe	30
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2208 wrote to memory of 2408	2208	control.exe	31
PID 2408 wrote to memory of 2620	2408	rundll32.exe	32
PID 2408 wrote to memory of 2620	2408	rundll32.exe	32
PID 2408 wrote to memory of 2620	2408	rundll32.exe	32
PID 2408 wrote to memory of 2620	2408	rundll32.exe	32
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33
PID 2620 wrote to memory of 2980	2620	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.29934.27343.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\SDUUEurC.baT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\control.exe
    cONtrol "C:\Users\Admin\AppData\Local\Temp\7zS898B1766\QEGMnP.lV"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS898B1766\QEGMnP.lV"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2408
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS898B1766\QEGMnP.lV"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2620
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS898B1766\QEGMnP.lV"
        6⤵
        Loads dropped DLL
        
        PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS898B1766\QEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS898B1766\sDUUEurC.bat

Filesize
31B

MD5
25dc217ac54b00e2e53649ec0676183a

SHA1
6b6c7bfc2efe57fe0776aa66751588aa2e20788c

SHA256
105a7495ceafadd78cf766ac2423faf32a180194bf51466d1187387b29646db7

SHA512
e8b3ad77580eed5856caa0ecdd4eb683f6896bdecb7cec1d59f97a8c19aac9a13b458a98e3a8b014c28d59ec644ab53af6789c5cce0e5a82d182872c3559d68e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS898B1766\sDUUEurC.bat

Filesize
31B

MD5
25dc217ac54b00e2e53649ec0676183a

SHA1
6b6c7bfc2efe57fe0776aa66751588aa2e20788c

SHA256
105a7495ceafadd78cf766ac2423faf32a180194bf51466d1187387b29646db7

SHA512
e8b3ad77580eed5856caa0ecdd4eb683f6896bdecb7cec1d59f97a8c19aac9a13b458a98e3a8b014c28d59ec644ab53af6789c5cce0e5a82d182872c3559d68e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
\Users\Admin\AppData\Local\Temp\7zS898B1766\qEGMnP.lV

Filesize
2.3MB

MD5
5780caa07db841a6055da9b4b4ba83ec

SHA1
3934ef9e39fbbfbf5b1c68df8ed82b4af56e16be

SHA256
0e5646fb7f743fd7f90b67686d45bb8c4bde3fab5cf6d80dd839d061abdcfa24

SHA512
6feea9f5177286176429126f0b427ad11ab134f5b593e93bac808c79add3da77ac998975b602b85d0d68012a9e4df23d07aec093dca67dd614f47a5eda2881d8

Download Submit
memory/2408-16-0x00000000001D0000-0x00000000001D6000-memory.dmp

Filesize
24KB

Download
memory/2408-27-0x00000000027B0000-0x00000000028B8000-memory.dmp

Filesize
1.0MB

Download
memory/2408-17-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2408-26-0x00000000027B0000-0x00000000028B8000-memory.dmp

Filesize
1.0MB

Download
memory/2408-22-0x0000000002680000-0x00000000027A4000-memory.dmp

Filesize
1.1MB

Download
memory/2408-23-0x00000000027B0000-0x00000000028B8000-memory.dmp

Filesize
1.0MB

Download
memory/2980-32-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download
memory/2980-36-0x0000000002460000-0x0000000002584000-memory.dmp

Filesize
1.1MB

Download
memory/2980-37-0x0000000002590000-0x0000000002698000-memory.dmp

Filesize
1.0MB

Download
memory/2980-40-0x0000000002590000-0x0000000002698000-memory.dmp

Filesize
1.0MB

Download
memory/2980-41-0x0000000002590000-0x0000000002698000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads