af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe
Size

2.3MB
MD5

27b084dc2e874a7ff072d28fad723d45
SHA1

2f819f7c7df7920d4fd80fa2693e40f0975f2f7a
SHA256

af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3
SHA512

66d98d8087704b30394b71466d85dc2bfdd3d8892cc804cd4805d1e74021c2128cc33610bac8a85db38c86dfd0bf9c96a4bce14e95d4f25af3b43fd6433cb809
SSDEEP

49152:ufTyz9fIhn3+1uhQsvhI+T7u+yJlu6lt/4CP82llNFER1:hfIh4UjvhJ+JluEGpR1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2732	rundll32.exe
2732	rundll32.exe
2732	rundll32.exe
2732	rundll32.exe
2792	rundll32.exe
2792	rundll32.exe
2792	rundll32.exe
2792	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2076	1732	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	28
PID 1732 wrote to memory of 2076	1732	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	28
PID 1732 wrote to memory of 2076	1732	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	28
PID 1732 wrote to memory of 2076	1732	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	28
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2076 wrote to memory of 2668	2076	cmd.exe	30
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2668 wrote to memory of 2732	2668	control.exe	31
PID 2732 wrote to memory of 2640	2732	rundll32.exe	32
PID 2732 wrote to memory of 2640	2732	rundll32.exe	32
PID 2732 wrote to memory of 2640	2732	rundll32.exe	32
PID 2732 wrote to memory of 2640	2732	rundll32.exe	32
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33
PID 2640 wrote to memory of 2792	2640	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe
"C:\Users\Admin\AppData\Local\Temp\af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\GS0.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\control.exe
    contRoL "C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.Tr"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.Tr"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.Tr"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.Tr"
        6⤵
        Loads dropped DLL
        
        PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.Tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\gS0.cmd

Filesize
27B

MD5
c281eff865614d1c1e400e3d36d35bad

SHA1
be6ed30bfdb084e467b95a16e752b8ade70f370c

SHA256
179795c08b545bc74ecfa132dee470bd45e4e2e2f8562b85809e60885209e212

SHA512
8594afa5a5175b84d9f54c00fffabd4b6c18a600bf4cd7ea5da5f6982bf84d9fb99b0d0be030972369615d71506377d931553b825b5a63259779dd826f5dcacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4C63B546\gS0.cmd

Filesize
27B

MD5
c281eff865614d1c1e400e3d36d35bad

SHA1
be6ed30bfdb084e467b95a16e752b8ade70f370c

SHA256
179795c08b545bc74ecfa132dee470bd45e4e2e2f8562b85809e60885209e212

SHA512
8594afa5a5175b84d9f54c00fffabd4b6c18a600bf4cd7ea5da5f6982bf84d9fb99b0d0be030972369615d71506377d931553b825b5a63259779dd826f5dcacf

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zS4C63B546\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
memory/2732-23-0x0000000002830000-0x000000000293D000-memory.dmp

Filesize
1.1MB

Download
memory/2732-16-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/2732-20-0x0000000002830000-0x000000000293D000-memory.dmp

Filesize
1.1MB

Download
memory/2732-19-0x0000000002700000-0x0000000002827000-memory.dmp

Filesize
1.2MB

Download
memory/2732-17-0x0000000010000000-0x0000000010254000-memory.dmp

Filesize
2.3MB

Download
memory/2732-36-0x0000000002830000-0x000000000293D000-memory.dmp

Filesize
1.1MB

Download
memory/2792-30-0x00000000025B0000-0x00000000026D7000-memory.dmp

Filesize
1.2MB

Download
memory/2792-31-0x00000000026E0000-0x00000000027ED000-memory.dmp

Filesize
1.1MB

Download
memory/2792-34-0x00000000026E0000-0x00000000027ED000-memory.dmp

Filesize
1.1MB

Download
memory/2792-35-0x00000000026E0000-0x00000000027ED000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads