5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe
Size

2.2MB
MD5

1fb6590ffcdc704552cf24318a640fff
SHA1

1a1c9dfe7bb2c8cd187b5fb66a8fceefbc1f724b
SHA256

5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162
SHA512

e73649137afef20c23d9d2fa98143a5237f0d3b3c70fd4d21fae078ea97584dcc45fc05f8979a12102de5bbf44ca75edacaf17d2bff599085b4a3b75ce5e8a1e
SSDEEP

49152:WfRn+UB5b0HHgrYTtSkFk56FtbwYeueJKtws1X0ruU:Wh5uHA4k4NeJKtwsZ0r3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
112	rundll32.exe
3064	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4248	4492	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe	86
PID 4492 wrote to memory of 4248	4492	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe	86
PID 4492 wrote to memory of 4248	4492	5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe	86
PID 4248 wrote to memory of 1128	4248	cmd.exe	88
PID 4248 wrote to memory of 1128	4248	cmd.exe	88
PID 4248 wrote to memory of 1128	4248	cmd.exe	88
PID 1128 wrote to memory of 112	1128	control.exe	89
PID 1128 wrote to memory of 112	1128	control.exe	89
PID 1128 wrote to memory of 112	1128	control.exe	89
PID 112 wrote to memory of 2244	112	rundll32.exe	90
PID 112 wrote to memory of 2244	112	rundll32.exe	90
PID 2244 wrote to memory of 3064	2244	RunDll32.exe	91
PID 2244 wrote to memory of 3064	2244	RunDll32.exe	91
PID 2244 wrote to memory of 3064	2244	RunDll32.exe	91

C:\Users\Admin\AppData\Local\Temp\5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe
"C:\Users\Admin\AppData\Local\Temp\5d4111d129f9502329b4da06459f6bfbc4c55a9bd033d8cd4566cb4018887162.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\X0QfU.Bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Windows\SysWOW64\control.exe
    CoNtrOl "C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zQzUVS1.ZJV"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zQzUVS1.ZJV"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:112
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zQzUVS1.ZJV"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2244
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zQzUVS1.ZJV"
        6⤵
        Loads dropped DLL
        
        PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\x0qfU.bat

Filesize
32B

MD5
5fab49e4ab64338acdf391018ef98f14

SHA1
67ec59276392ee371a0a72df2fba853217b577c4

SHA256
211f4e55008449ec51fabe8cf32cf8f872417f95f2fda5afd7a769300ebf0402

SHA512
cd5466ea848f9c87f5ffdd9fffa2e93a32d74d35a7ad10222db8a601f1597a792b8c462ec7b7083ae14216614b2efbc48feaaa40b82cd7973955a9a5913b6a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zQzUVS1.ZJV

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC81DCC57\zqzuVS1.Zjv

Filesize
2.3MB

MD5
bb54dfc57eaf3b1740f829b9a93d7c77

SHA1
637369659b61a0f4a7353b8484ee16cabccff77d

SHA256
a67395e5a5032bebb11f7c723b6030dcd603028d2f52858646e6dc1784e39162

SHA512
122fca1b2ec3e1ad0d83c3a838f2bee272cf60bbbafd493a41d456bebe648bf862d049add27435c18d41471f27adf231cc6807d58f265667ab15355bd894baa6

Download Submit
memory/112-8-0x0000000000C50000-0x0000000000C56000-memory.dmp

Filesize
24KB

Download
memory/112-11-0x0000000002AE0000-0x0000000002BF9000-memory.dmp

Filesize
1.1MB

Download
memory/112-12-0x0000000002C00000-0x0000000002CFC000-memory.dmp

Filesize
1008KB

Download
memory/112-15-0x0000000002C00000-0x0000000002CFC000-memory.dmp

Filesize
1008KB

Download
memory/112-16-0x0000000002C00000-0x0000000002CFC000-memory.dmp

Filesize
1008KB

Download
memory/112-9-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/3064-18-0x0000000002C00000-0x0000000002C06000-memory.dmp

Filesize
24KB

Download
memory/3064-21-0x0000000003420000-0x0000000003539000-memory.dmp

Filesize
1.1MB

Download
memory/3064-22-0x0000000003540000-0x000000000363C000-memory.dmp

Filesize
1008KB

Download
memory/3064-25-0x0000000003540000-0x000000000363C000-memory.dmp

Filesize
1008KB

Download
memory/3064-26-0x0000000003540000-0x000000000363C000-memory.dmp

Filesize
1008KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads