b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1

General

Target

b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe
Size

2.3MB
MD5

8903fbdd0570c31aee24c79ac2f1355d
SHA1

af81f83b7c45ad17bc36d0cd3ae869689a2d9efd
SHA256

b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1
SHA512

3d05466971f2dca9a78d2615b560e642d244659beefb780a597e0045c72d0eec48b681d6f12eb3ee07e43ccbcbfc55172bdaaa6a71757f6dd7f98afaf574e470
SSDEEP

49152:mcB+gN8LK5qIbk6nudlDZnZMOrdMh/NRGEqVWU+Qvqxm8:mDKXuzYidMhLY+Qvqxm8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3212	rundll32.exe
1284	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 3432	3204	b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe	70
PID 3204 wrote to memory of 3432	3204	b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe	70
PID 3204 wrote to memory of 3432	3204	b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe	70
PID 3432 wrote to memory of 1912	3432	cmd.exe	72
PID 3432 wrote to memory of 1912	3432	cmd.exe	72
PID 3432 wrote to memory of 1912	3432	cmd.exe	72
PID 1912 wrote to memory of 3212	1912	control.exe	73
PID 1912 wrote to memory of 3212	1912	control.exe	73
PID 1912 wrote to memory of 3212	1912	control.exe	73
PID 3212 wrote to memory of 3480	3212	rundll32.exe	74
PID 3212 wrote to memory of 3480	3212	rundll32.exe	74
PID 3480 wrote to memory of 1284	3480	RunDll32.exe	75
PID 3480 wrote to memory of 1284	3480	RunDll32.exe	75
PID 3480 wrote to memory of 1284	3480	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe
"C:\Users\Admin\AppData\Local\Temp\b702e3366e0587bf6e5e4bc5f9292179a4f22506b841f19d3e48d085f5caa7b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\FK4u.CMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Windows\SysWOW64\control.exe
    conTrOL "C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OUW"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OUW"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3212
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OUW"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3480
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OUW"
        6⤵
        Loads dropped DLL
        
        PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\Fk4u.cmd

Filesize
26B

MD5
58c7b73acf9395528f5aefcce8c17e06

SHA1
ad448ccceedddcba23c2a634da6eaf67d0eb2fd2

SHA256
f052ca088f8ac5add873e9e1226ad549afd381edd1d9ee658606d3d8b1f48991

SHA512
2cbd1395b94154420a4c0221edacaf64b142ac0c79e8012a41ec04558a211a345e1cea02872cd685f2db50027d8eb481bcfbc5747e75ff3debe9eaf0408d84ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OUW

Filesize
2.3MB

MD5
735f53bff44ab6f223fc06a87d8a0ff1

SHA1
f9d55f0881dcb6c34ed58a354647573199b01d5f

SHA256
bdb3fe32149afaae745ce894ae20b6caf471977717df8449ffcefcf47c9e19c6

SHA512
8cb3ad0277f875ff44e18e6f0e2dc3e0b83f5f0a0e224e1e753eb17e2ecc1cedc362275d84ab05c942e91052e4c942e44458f99813adbfea3bfc371436a6f6bf

Download Submit
\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OuW

Filesize
2.3MB

MD5
735f53bff44ab6f223fc06a87d8a0ff1

SHA1
f9d55f0881dcb6c34ed58a354647573199b01d5f

SHA256
bdb3fe32149afaae745ce894ae20b6caf471977717df8449ffcefcf47c9e19c6

SHA512
8cb3ad0277f875ff44e18e6f0e2dc3e0b83f5f0a0e224e1e753eb17e2ecc1cedc362275d84ab05c942e91052e4c942e44458f99813adbfea3bfc371436a6f6bf

Download Submit
\Users\Admin\AppData\Local\Temp\7zS48C57BB7\R1.OuW

Filesize
2.3MB

MD5
735f53bff44ab6f223fc06a87d8a0ff1

SHA1
f9d55f0881dcb6c34ed58a354647573199b01d5f

SHA256
bdb3fe32149afaae745ce894ae20b6caf471977717df8449ffcefcf47c9e19c6

SHA512
8cb3ad0277f875ff44e18e6f0e2dc3e0b83f5f0a0e224e1e753eb17e2ecc1cedc362275d84ab05c942e91052e4c942e44458f99813adbfea3bfc371436a6f6bf

Download Submit
memory/1284-32-0x00000000047D0000-0x00000000048C6000-memory.dmp

Filesize
984KB

Download
memory/1284-31-0x00000000047D0000-0x00000000048C6000-memory.dmp

Filesize
984KB

Download
memory/1284-28-0x00000000047D0000-0x00000000048C6000-memory.dmp

Filesize
984KB

Download
memory/1284-26-0x00000000046B0000-0x00000000047C1000-memory.dmp

Filesize
1.1MB

Download
memory/1284-21-0x0000000000300000-0x0000000000306000-memory.dmp

Filesize
24KB

Download
memory/3212-9-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/3212-19-0x0000000004DD0000-0x0000000004EC6000-memory.dmp

Filesize
984KB

Download
memory/3212-18-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/3212-17-0x0000000004DD0000-0x0000000004EC6000-memory.dmp

Filesize
984KB

Download
memory/3212-14-0x0000000004DD0000-0x0000000004EC6000-memory.dmp

Filesize
984KB

Download
memory/3212-13-0x0000000004CA0000-0x0000000004DB1000-memory.dmp

Filesize
1.1MB

Download
memory/3212-8-0x0000000002F00000-0x0000000002F06000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads