97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe
Size

2.2MB
MD5

07d3370f9ca798615e91d61205e0b6ef
SHA1

779c980417ca0ce3eaa98b905bb0f4604b784105
SHA256

97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999
SHA512

d213a6e16a29dd169dc2910c51db151a45ca0445d675a9450ccc201bd6440c89caaffafa4392dca6aa0e0434d9f790925fad00b03c1958855a9b5870976e651d
SSDEEP

49152:Wfh2oHpjtlyng2uVPszkRAfo9hsdBbYbb84s5E2:WwoHrlyg2xzkR5YdBbYbw44E2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4324	rundll32.exe
1120	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4308	4408	97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe	86
PID 4408 wrote to memory of 4308	4408	97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe	86
PID 4408 wrote to memory of 4308	4408	97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe	86
PID 4308 wrote to memory of 4824	4308	cmd.exe	88
PID 4308 wrote to memory of 4824	4308	cmd.exe	88
PID 4308 wrote to memory of 4824	4308	cmd.exe	88
PID 4824 wrote to memory of 4324	4824	control.exe	91
PID 4824 wrote to memory of 4324	4824	control.exe	91
PID 4824 wrote to memory of 4324	4824	control.exe	91
PID 4324 wrote to memory of 3040	4324	rundll32.exe	95
PID 4324 wrote to memory of 3040	4324	rundll32.exe	95
PID 3040 wrote to memory of 1120	3040	RunDll32.exe	96
PID 3040 wrote to memory of 1120	3040	RunDll32.exe	96
PID 3040 wrote to memory of 1120	3040	RunDll32.exe	96

C:\Users\Admin\AppData\Local\Temp\97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe
"C:\Users\Admin\AppData\Local\Temp\97775b6d80535de7482269ee9bb7374f33ce99a9b500fac1eb9235295d655999.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\UCK.baT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4308
- - C:\Windows\SysWOW64\control.exe
    ConTROL.EXE "C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.V"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4824
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.V"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4324
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.V"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3040
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.V"
        6⤵
        Loads dropped DLL
        
        PID:1120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.V

Filesize
2.4MB

MD5
69ecc3512762ac55f5a00e4b9a113211

SHA1
a526c8f75e367a8dac1736a29a65eb2908336365

SHA256
b31314a5aec6329f495f651e7486a8524e38b0aeeb547881316dda30346adb43

SHA512
e3e9df205a726b4a796c16c3d28d7975dadd753e8cb3018a8f551101bbdecf9460e90899d58e6998139a065c07709426a4a61dfc1f2d62ad2c4c99402b44dc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.v

Filesize
2.4MB

MD5
69ecc3512762ac55f5a00e4b9a113211

SHA1
a526c8f75e367a8dac1736a29a65eb2908336365

SHA256
b31314a5aec6329f495f651e7486a8524e38b0aeeb547881316dda30346adb43

SHA512
e3e9df205a726b4a796c16c3d28d7975dadd753e8cb3018a8f551101bbdecf9460e90899d58e6998139a065c07709426a4a61dfc1f2d62ad2c4c99402b44dc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS83141F97\BqC.v

Filesize
2.4MB

MD5
69ecc3512762ac55f5a00e4b9a113211

SHA1
a526c8f75e367a8dac1736a29a65eb2908336365

SHA256
b31314a5aec6329f495f651e7486a8524e38b0aeeb547881316dda30346adb43

SHA512
e3e9df205a726b4a796c16c3d28d7975dadd753e8cb3018a8f551101bbdecf9460e90899d58e6998139a065c07709426a4a61dfc1f2d62ad2c4c99402b44dc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS83141F97\UCk.bat

Filesize
31B

MD5
902459a27689b0c7ab482a62be7b3f50

SHA1
168cd708cf7a2eee863d4d5bdb09b0ca68e85eb0

SHA256
fbc50dc6a9066f2fb3a05f20d57e65dcab8bf35eb68059b8d92bec41b83ae622

SHA512
73f09b1108e223d08090fb2ecc380af6c91f52953efdb89b457db1be15e6fd9871b76250e1175af4605049e852d2b1521f41e0799c9b1fe6440a651ce36d2fe1

Download Submit
memory/1120-29-0x0000000002B10000-0x0000000002C0C000-memory.dmp

Filesize
1008KB

Download
memory/1120-28-0x0000000002B10000-0x0000000002C0C000-memory.dmp

Filesize
1008KB

Download
memory/1120-25-0x0000000002B10000-0x0000000002C0C000-memory.dmp

Filesize
1008KB

Download
memory/1120-24-0x00000000029F0000-0x0000000002B09000-memory.dmp

Filesize
1.1MB

Download
memory/1120-20-0x0000000000D70000-0x0000000000D76000-memory.dmp

Filesize
24KB

Download
memory/4324-8-0x00000000031A0000-0x00000000031A6000-memory.dmp

Filesize
24KB

Download
memory/4324-18-0x0000000010000000-0x0000000010271000-memory.dmp

Filesize
2.4MB

Download
memory/4324-17-0x0000000003430000-0x000000000352C000-memory.dmp

Filesize
1008KB

Download
memory/4324-16-0x0000000003430000-0x000000000352C000-memory.dmp

Filesize
1008KB

Download
memory/4324-13-0x0000000003430000-0x000000000352C000-memory.dmp

Filesize
1008KB

Download
memory/4324-12-0x0000000003300000-0x0000000003419000-memory.dmp

Filesize
1.1MB

Download
memory/4324-9-0x0000000010000000-0x0000000010271000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads