ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe
Size

2.3MB
MD5

4bea8eb30890c1c6e1215b3d7675d0bb
SHA1

eb3438ff4922d3d7028080816feea955fb5b7e9d
SHA256

ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8
SHA512

c8ce13eb3fa69d5238e7a320875ba0bf33f08caf243fdf47758c808fa09209b00a7fba0ae7b410130c20b842067282ccb72badcc8d55de5fd1d2d73a92badc08
SSDEEP

49152:WfxvfTCz0aj6tJJahO0kE/pCNgkvx+FrcNyUeUR9sGeH6byNRyy:WxCzLqTmO0vQXYFcIUeo9JbyGy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4792	rundll32.exe
3004	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 4084	1068	ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe	88
PID 1068 wrote to memory of 4084	1068	ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe	88
PID 1068 wrote to memory of 4084	1068	ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe	88
PID 4084 wrote to memory of 4036	4084	cmd.exe	91
PID 4084 wrote to memory of 4036	4084	cmd.exe	91
PID 4084 wrote to memory of 4036	4084	cmd.exe	91
PID 4036 wrote to memory of 4792	4036	control.exe	93
PID 4036 wrote to memory of 4792	4036	control.exe	93
PID 4036 wrote to memory of 4792	4036	control.exe	93
PID 4792 wrote to memory of 1316	4792	rundll32.exe	96
PID 4792 wrote to memory of 1316	4792	rundll32.exe	96
PID 1316 wrote to memory of 3004	1316	RunDll32.exe	97
PID 1316 wrote to memory of 3004	1316	RunDll32.exe	97
PID 1316 wrote to memory of 3004	1316	RunDll32.exe	97

C:\Users\Admin\AppData\Local\Temp\ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe
"C:\Users\Admin\AppData\Local\Temp\ae5be0cc894253e8436c68f3e8fe33aadeb59cd6612677b147c128bf811bb4c8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\IDZRd.CMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Windows\SysWOW64\control.exe
    CONtROL "C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.Vy"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4036
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.Vy"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4792
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.Vy"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1316
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.Vy"
        6⤵
        Loads dropped DLL
        
        PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.Vy

Filesize
2.4MB

MD5
98e340399be959db013427608aebc6e4

SHA1
c7804646b6b1ce1c50d540d76c4abfc8e59e4489

SHA256
896faa87da193fe0717995bc2b7b14a0314d21a5d1f196dcfacf8c925c20c081

SHA512
ebc1ef7835865904d92b3ba5425de9cc4b05faea8f970c15fe1230035f309762352fb9d91f8a11c9c1b7a5680e10794f9cb90cc97e4ab8bbfd500fa57b68bfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.vy

Filesize
2.4MB

MD5
98e340399be959db013427608aebc6e4

SHA1
c7804646b6b1ce1c50d540d76c4abfc8e59e4489

SHA256
896faa87da193fe0717995bc2b7b14a0314d21a5d1f196dcfacf8c925c20c081

SHA512
ebc1ef7835865904d92b3ba5425de9cc4b05faea8f970c15fe1230035f309762352fb9d91f8a11c9c1b7a5680e10794f9cb90cc97e4ab8bbfd500fa57b68bfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\L.vy

Filesize
2.4MB

MD5
98e340399be959db013427608aebc6e4

SHA1
c7804646b6b1ce1c50d540d76c4abfc8e59e4489

SHA256
896faa87da193fe0717995bc2b7b14a0314d21a5d1f196dcfacf8c925c20c081

SHA512
ebc1ef7835865904d92b3ba5425de9cc4b05faea8f970c15fe1230035f309762352fb9d91f8a11c9c1b7a5680e10794f9cb90cc97e4ab8bbfd500fa57b68bfbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC249BDE7\iDZrd.cmd

Filesize
21B

MD5
8816634854e3f7d49d7a7ca5c71c55ea

SHA1
b944644f74fc87a232e47c79b781672c0657bf0a

SHA256
581710500d323c5dcd53a283a7b3e19996dd5da3564fbd131a7e7fc9cfb4d866

SHA512
d6e1ca5d765afd2acdeec90c0a77c7e14ac68dbf9c38c9e644bd35dc2ccb2f1f3fc86cf9de88c7d89a639836da4ec87a4be0b5d7257cafb75360411f393d531e

Download Submit
memory/3004-26-0x00000000030C0000-0x00000000031B3000-memory.dmp

Filesize
972KB

Download
memory/3004-25-0x00000000030C0000-0x00000000031B3000-memory.dmp

Filesize
972KB

Download
memory/3004-23-0x00000000030C0000-0x00000000031B3000-memory.dmp

Filesize
972KB

Download
memory/3004-21-0x0000000002FA0000-0x00000000030AE000-memory.dmp

Filesize
1.1MB

Download
memory/3004-18-0x0000000002E50000-0x0000000002E56000-memory.dmp

Filesize
24KB

Download
memory/4792-8-0x0000000002590000-0x0000000002596000-memory.dmp

Filesize
24KB

Download
memory/4792-16-0x0000000002B70000-0x0000000002C63000-memory.dmp

Filesize
972KB

Download
memory/4792-15-0x0000000002B70000-0x0000000002C63000-memory.dmp

Filesize
972KB

Download
memory/4792-12-0x0000000002B70000-0x0000000002C63000-memory.dmp

Filesize
972KB

Download
memory/4792-13-0x0000000002B70000-0x0000000002C63000-memory.dmp

Filesize
972KB

Download
memory/4792-11-0x0000000002A60000-0x0000000002B6E000-memory.dmp

Filesize
1.1MB

Download
memory/4792-9-0x0000000010000000-0x000000001026E000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads