fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203

Analysis

max time kernel
152s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec22b0f93bf2e35f9c2ed338d59fed68.exe
Size

2.2MB
MD5

ec22b0f93bf2e35f9c2ed338d59fed68
SHA1

a381b0fa8727c7fc723638546b7378850beeb8d1
SHA256

fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203
SHA512

27d6b7cd371d455213b8baaae38820a3705b848238954949dd9bb8233504d4c576238f612c13c20d4c29afd369c4237a7041b89b9bc33bba5073d1ebe42db382
SSDEEP

49152:ufuyo2d519Lb2sLqcFVbnQtcYAue8AK+qs/62N9JkmN:h3m19Lb2oe29JF

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5004	rundll32.exe
1460	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4712	3472	ec22b0f93bf2e35f9c2ed338d59fed68.exe	85
PID 3472 wrote to memory of 4712	3472	ec22b0f93bf2e35f9c2ed338d59fed68.exe	85
PID 3472 wrote to memory of 4712	3472	ec22b0f93bf2e35f9c2ed338d59fed68.exe	85
PID 4712 wrote to memory of 3544	4712	cmd.exe	88
PID 4712 wrote to memory of 3544	4712	cmd.exe	88
PID 4712 wrote to memory of 3544	4712	cmd.exe	88
PID 3544 wrote to memory of 5004	3544	control.exe	89
PID 3544 wrote to memory of 5004	3544	control.exe	89
PID 3544 wrote to memory of 5004	3544	control.exe	89
PID 5004 wrote to memory of 2552	5004	rundll32.exe	90
PID 5004 wrote to memory of 2552	5004	rundll32.exe	90
PID 2552 wrote to memory of 1460	2552	RunDll32.exe	91
PID 2552 wrote to memory of 1460	2552	RunDll32.exe	91
PID 2552 wrote to memory of 1460	2552	RunDll32.exe	91

C:\Users\Admin\AppData\Local\Temp\ec22b0f93bf2e35f9c2ed338d59fed68.exe
"C:\Users\Admin\AppData\Local\Temp\ec22b0f93bf2e35f9c2ed338d59fed68.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\4FJTR.cMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4712
- - C:\Windows\SysWOW64\control.exe
    CONtROL "C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3544
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:5004
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o"
        6⤵
        Loads dropped DLL
        
        PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\4fJTr.cmd

Filesize
27B

MD5
e128cac46496e91dc85f16c10dbbf8a4

SHA1
727c24ff1e81d577652251091a94da35040d65bc

SHA256
0c3abdbda7527b7a256670828d0b6abc7c93cc1ce6d18209007f4d0542c31a99

SHA512
3ed32e76f5ec9735e786639e992e2dcbd9b15dbf6d02d865e4071f88ed706406f714d6f8a85e2dc4a3194a799120eafda205d6c6975df3448dae9fcf77e2ad8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o

Filesize
2.4MB

MD5
0255f1f5ddcd8b99f93dfae4980cc9f2

SHA1
f948966990414fa49230631ad612a30d70ee2f22

SHA256
618a2c28de7593e6e9e17affd34ff2b05fe7b3c00740343c81f554f65cdefbc8

SHA512
8092eea9415b047f40e9517f13fb52668f5813fe566f9d993227c957f1fcaf1e59f535e34e5c626d4294e74050d99f581c0f11c734a26c484118cae3f98d9b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o

Filesize
2.4MB

MD5
0255f1f5ddcd8b99f93dfae4980cc9f2

SHA1
f948966990414fa49230631ad612a30d70ee2f22

SHA256
618a2c28de7593e6e9e17affd34ff2b05fe7b3c00740343c81f554f65cdefbc8

SHA512
8092eea9415b047f40e9517f13fb52668f5813fe566f9d993227c957f1fcaf1e59f535e34e5c626d4294e74050d99f581c0f11c734a26c484118cae3f98d9b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09D4F4A7\JG.o

Filesize
2.4MB

MD5
0255f1f5ddcd8b99f93dfae4980cc9f2

SHA1
f948966990414fa49230631ad612a30d70ee2f22

SHA256
618a2c28de7593e6e9e17affd34ff2b05fe7b3c00740343c81f554f65cdefbc8

SHA512
8092eea9415b047f40e9517f13fb52668f5813fe566f9d993227c957f1fcaf1e59f535e34e5c626d4294e74050d99f581c0f11c734a26c484118cae3f98d9b23

Download Submit
memory/1460-28-0x00000000032D0000-0x00000000033CC000-memory.dmp

Filesize
1008KB

Download
memory/1460-27-0x00000000032D0000-0x00000000033CC000-memory.dmp

Filesize
1008KB

Download
memory/1460-24-0x00000000032D0000-0x00000000033CC000-memory.dmp

Filesize
1008KB

Download
memory/1460-23-0x00000000031B0000-0x00000000032C9000-memory.dmp

Filesize
1.1MB

Download
memory/1460-19-0x00000000029B0000-0x00000000029B6000-memory.dmp

Filesize
24KB

Download
memory/5004-9-0x0000000010000000-0x0000000010271000-memory.dmp

Filesize
2.4MB

Download
memory/5004-17-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/5004-16-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/5004-13-0x0000000003570000-0x000000000366C000-memory.dmp

Filesize
1008KB

Download
memory/5004-12-0x0000000010000000-0x0000000010271000-memory.dmp

Filesize
2.4MB

Download
memory/5004-11-0x0000000003450000-0x0000000003569000-memory.dmp

Filesize
1.1MB

Download
memory/5004-8-0x0000000002D40000-0x0000000002D46000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads