b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 21:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe
Size

2.2MB
MD5

b7db7a02a8590f38ba28dd5d4a75bd7b
SHA1

2f244bc5c19b10be3b35f6ebba3b75d12edadcbc
SHA256

b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d
SHA512

7a5a595a8f827bef7172974d321c50ca579314b58d6692862a3747fdb9eda101d103d0891a0849995762f5cad86fead5231dad731ea36592d9b24ac540c50eaa
SSDEEP

49152:WfAm2sLxHoyUTWgvedeVU8yTtCKE6lW0Ez0q3MFS/sktK:WLnHaeQUNRCYlbgC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2924	rundll32.exe
4832	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2636	1712	b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe	86
PID 1712 wrote to memory of 2636	1712	b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe	86
PID 1712 wrote to memory of 2636	1712	b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe	86
PID 2636 wrote to memory of 780	2636	cmd.exe	88
PID 2636 wrote to memory of 780	2636	cmd.exe	88
PID 2636 wrote to memory of 780	2636	cmd.exe	88
PID 780 wrote to memory of 2924	780	control.exe	90
PID 780 wrote to memory of 2924	780	control.exe	90
PID 780 wrote to memory of 2924	780	control.exe	90
PID 2924 wrote to memory of 4556	2924	rundll32.exe	92
PID 2924 wrote to memory of 4556	2924	rundll32.exe	92
PID 4556 wrote to memory of 4832	4556	RunDll32.exe	93
PID 4556 wrote to memory of 4832	4556	RunDll32.exe	93
PID 4556 wrote to memory of 4832	4556	RunDll32.exe	93

C:\Users\Admin\AppData\Local\Temp\b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe
"C:\Users\Admin\AppData\Local\Temp\b6c7f66593503ce7de53dec372a3407ab0c0ed221007eac96e44dd9b9488df0d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\xO77CPZ.bAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Windows\SysWOW64\control.exe
    COntROL "C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:780
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4556
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6"
        6⤵
        Loads dropped DLL
        
        PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6

Filesize
2.3MB

MD5
83671c813cffa6dd9a8b2fafc5f9bd13

SHA1
5f27dc59cc5277068f2309fc2c759e8a1edf2942

SHA256
2e04be8a6b42f26774ab93c93f09d6e1dc4f39e7dfbcd941b87f8a8c35bcaf0d

SHA512
02a0a14a98a0ad567b816802937912f6e30eb3cac3e7b7ddce223f3815d4ea368a3403ca9d1fc7d250e5fe4a9fb0e6b698c25bd7fe009b6257e7ed4e88c08f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6

Filesize
2.3MB

MD5
83671c813cffa6dd9a8b2fafc5f9bd13

SHA1
5f27dc59cc5277068f2309fc2c759e8a1edf2942

SHA256
2e04be8a6b42f26774ab93c93f09d6e1dc4f39e7dfbcd941b87f8a8c35bcaf0d

SHA512
02a0a14a98a0ad567b816802937912f6e30eb3cac3e7b7ddce223f3815d4ea368a3403ca9d1fc7d250e5fe4a9fb0e6b698c25bd7fe009b6257e7ed4e88c08f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\QUe3RU4z.f6

Filesize
2.3MB

MD5
83671c813cffa6dd9a8b2fafc5f9bd13

SHA1
5f27dc59cc5277068f2309fc2c759e8a1edf2942

SHA256
2e04be8a6b42f26774ab93c93f09d6e1dc4f39e7dfbcd941b87f8a8c35bcaf0d

SHA512
02a0a14a98a0ad567b816802937912f6e30eb3cac3e7b7ddce223f3815d4ea368a3403ca9d1fc7d250e5fe4a9fb0e6b698c25bd7fe009b6257e7ed4e88c08f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0B65F827\xO77CpZ.bat

Filesize
29B

MD5
b7d2b0c4a2668b61a5bd59c67de7c5f3

SHA1
d8f0d75dc9ad21b1719983b476675bcf85053c7c

SHA256
0a51a4776ebbcb84535d45031519af3d1da64f1e64127aeb286dbf942530bb11

SHA512
387aeac127c69c7651358ba1c11ced05292ef0815cf33f9a6c8fc88c100330d286a51ed7a7f1d74713bfc1a78837c8548ad0bd93d916a7eb780cb88cf242f655

Download Submit
memory/2924-16-0x0000000003390000-0x0000000003498000-memory.dmp

Filesize
1.0MB

Download
memory/2924-11-0x0000000003260000-0x0000000003384000-memory.dmp

Filesize
1.1MB

Download
memory/2924-12-0x0000000003390000-0x0000000003498000-memory.dmp

Filesize
1.0MB

Download
memory/2924-15-0x0000000003390000-0x0000000003498000-memory.dmp

Filesize
1.0MB

Download
memory/2924-9-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2924-17-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2924-8-0x0000000001150000-0x0000000001156000-memory.dmp

Filesize
24KB

Download
memory/4832-22-0x00000000026E0000-0x00000000026E6000-memory.dmp

Filesize
24KB

Download
memory/4832-25-0x0000000002EB0000-0x0000000002FD4000-memory.dmp

Filesize
1.1MB

Download
memory/4832-26-0x0000000002FE0000-0x00000000030E8000-memory.dmp

Filesize
1.0MB

Download
memory/4832-29-0x0000000002FE0000-0x00000000030E8000-memory.dmp

Filesize
1.0MB

Download
memory/4832-30-0x0000000002FE0000-0x00000000030E8000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads