af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3

Analysis

max time kernel
304s
max time network
328s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
12/10/2023, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe
Size

2.3MB
MD5

27b084dc2e874a7ff072d28fad723d45
SHA1

2f819f7c7df7920d4fd80fa2693e40f0975f2f7a
SHA256

af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3
SHA512

66d98d8087704b30394b71466d85dc2bfdd3d8892cc804cd4805d1e74021c2128cc33610bac8a85db38c86dfd0bf9c96a4bce14e95d4f25af3b43fd6433cb809
SSDEEP

49152:ufTyz9fIhn3+1uhQsvhI+T7u+yJlu6lt/4CP82llNFER1:hfIh4UjvhJ+JluEGpR1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4320	rundll32.exe
3604	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2132	2748	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	70
PID 2748 wrote to memory of 2132	2748	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	70
PID 2748 wrote to memory of 2132	2748	af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe	70
PID 2132 wrote to memory of 4300	2132	cmd.exe	72
PID 2132 wrote to memory of 4300	2132	cmd.exe	72
PID 2132 wrote to memory of 4300	2132	cmd.exe	72
PID 4300 wrote to memory of 4320	4300	control.exe	73
PID 4300 wrote to memory of 4320	4300	control.exe	73
PID 4300 wrote to memory of 4320	4300	control.exe	73
PID 4320 wrote to memory of 4756	4320	rundll32.exe	74
PID 4320 wrote to memory of 4756	4320	rundll32.exe	74
PID 4756 wrote to memory of 3604	4756	RunDll32.exe	75
PID 4756 wrote to memory of 3604	4756	RunDll32.exe	75
PID 4756 wrote to memory of 3604	4756	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe
"C:\Users\Admin\AppData\Local\Temp\af144f1cef7ee86db7c667712b47bee1466e1f637acd7fc921fb55ca07bd49c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\GS0.CMd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Windows\SysWOW64\control.exe
    contRoL "C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.Tr"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4300
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.Tr"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4320
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.Tr"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4756
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.Tr"
        6⤵
        Loads dropped DLL
        
        PID:3604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.Tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\gS0.cmd

Filesize
27B

MD5
c281eff865614d1c1e400e3d36d35bad

SHA1
be6ed30bfdb084e467b95a16e752b8ade70f370c

SHA256
179795c08b545bc74ecfa132dee470bd45e4e2e2f8562b85809e60885209e212

SHA512
8594afa5a5175b84d9f54c00fffabd4b6c18a600bf4cd7ea5da5f6982bf84d9fb99b0d0be030972369615d71506377d931553b825b5a63259779dd826f5dcacf

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCBAB7FE7\Q2BT5~.tr

Filesize
2.3MB

MD5
24e097b7c936ee0e9f6480d604738685

SHA1
5df7e3415946771a2fdadb1fac9520fcba220f54

SHA256
1966de58eca71ffea0c4054b5314a28e92e1ded5bbb82c060a18bb2e3088dac1

SHA512
f81303991d2d702747ef3941864a1fd833569bdd23145ed2fd940b3842e5f01111a6aec25043082c44ee575974581d45e446eb56373b424b3b54701da734e00e

Download Submit
memory/3604-26-0x0000000005530000-0x000000000563D000-memory.dmp

Filesize
1.1MB

Download
memory/3604-25-0x0000000005530000-0x000000000563D000-memory.dmp

Filesize
1.1MB

Download
memory/3604-22-0x0000000005530000-0x000000000563D000-memory.dmp

Filesize
1.1MB

Download
memory/3604-21-0x0000000005400000-0x0000000005527000-memory.dmp

Filesize
1.2MB

Download
memory/3604-18-0x00000000034F0000-0x00000000034F6000-memory.dmp

Filesize
24KB

Download
memory/4320-8-0x0000000005450000-0x0000000005456000-memory.dmp

Filesize
24KB

Download
memory/4320-16-0x00000000056F0000-0x00000000057FD000-memory.dmp

Filesize
1.1MB

Download
memory/4320-15-0x00000000056F0000-0x00000000057FD000-memory.dmp

Filesize
1.1MB

Download
memory/4320-12-0x00000000056F0000-0x00000000057FD000-memory.dmp

Filesize
1.1MB

Download
memory/4320-11-0x00000000055B0000-0x00000000056D7000-memory.dmp

Filesize
1.2MB

Download
memory/4320-9-0x0000000010000000-0x0000000010254000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads