426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e

Analysis

max time kernel
226s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe
Size

2.4MB
MD5

c8878fa4b621b15f3c31d177bc52cfd7
SHA1

58b1b378c7b5907f6c4662868290360aaee75958
SHA256

426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e
SHA512

f475d70b5222fbe96ed699aa33005bde6a5d0a735dfc6c6e25cea6b2df332d9be463f53b8a9be167705c1759bf8c8a98163ecb9f8dcf92677ac6bfe4db406df7
SSDEEP

49152:mcBPRIp1quPGLqiETBP6+1sc400Heh6v346NV80w4QPK/H1G4:m6eXqUr16Pc4dHe61NV80wo/U4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1012	rundll32.exe
1820	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 4816	1484	426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe	86
PID 1484 wrote to memory of 4816	1484	426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe	86
PID 1484 wrote to memory of 4816	1484	426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe	86
PID 4816 wrote to memory of 2280	4816	cmd.exe	89
PID 4816 wrote to memory of 2280	4816	cmd.exe	89
PID 4816 wrote to memory of 2280	4816	cmd.exe	89
PID 2280 wrote to memory of 1012	2280	control.exe	90
PID 2280 wrote to memory of 1012	2280	control.exe	90
PID 2280 wrote to memory of 1012	2280	control.exe	90
PID 1012 wrote to memory of 4424	1012	rundll32.exe	91
PID 1012 wrote to memory of 4424	1012	rundll32.exe	91
PID 4424 wrote to memory of 1820	4424	RunDll32.exe	92
PID 4424 wrote to memory of 1820	4424	RunDll32.exe	92
PID 4424 wrote to memory of 1820	4424	RunDll32.exe	92

C:\Users\Admin\AppData\Local\Temp\426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe
"C:\Users\Admin\AppData\Local\Temp\426d8628de8a1551ac8365ad626b9271a015bc6726fe1a3bc1f261c8daa5cb9e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\zM7D.bAt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4816
- - C:\Windows\SysWOW64\control.exe
    cOnTrOL "C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8AGbvOW.U3V"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8AGbvOW.U3V"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1012
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8AGbvOW.U3V"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4424
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8AGbvOW.U3V"
        6⤵
        Loads dropped DLL
        
        PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8AGbvOW.U3V

Filesize
2.3MB

MD5
97dfd75d9ff0bdcd5c72d2ca29da16da

SHA1
073ed73268c21deaec8d1de009a46da41866aefe

SHA256
b9a0ff6d457c1f89fca0684775e0680dd314ba9ba16a48504c9fb4334e68f6de

SHA512
9125e8b56c0b6607d5b48c1c73b8a5ccdba58f8e7ed91096740ec9329832b886f84b7889b9ff52acbcdae5623f0c4f0d1f95a081cb27a4ef7651c103602047f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8aGbvOw.U3v

Filesize
2.3MB

MD5
97dfd75d9ff0bdcd5c72d2ca29da16da

SHA1
073ed73268c21deaec8d1de009a46da41866aefe

SHA256
b9a0ff6d457c1f89fca0684775e0680dd314ba9ba16a48504c9fb4334e68f6de

SHA512
9125e8b56c0b6607d5b48c1c73b8a5ccdba58f8e7ed91096740ec9329832b886f84b7889b9ff52acbcdae5623f0c4f0d1f95a081cb27a4ef7651c103602047f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\8aGbvOw.U3v

Filesize
2.3MB

MD5
97dfd75d9ff0bdcd5c72d2ca29da16da

SHA1
073ed73268c21deaec8d1de009a46da41866aefe

SHA256
b9a0ff6d457c1f89fca0684775e0680dd314ba9ba16a48504c9fb4334e68f6de

SHA512
9125e8b56c0b6607d5b48c1c73b8a5ccdba58f8e7ed91096740ec9329832b886f84b7889b9ff52acbcdae5623f0c4f0d1f95a081cb27a4ef7651c103602047f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC5965F8\zm7D.bat

Filesize
30B

MD5
578727ee10ae7ffe7bb4f1a113f9c707

SHA1
c28b8de035e42e3de2185b682f09df0b828b49ff

SHA256
aae2d030d8ec77994779f20ab1080841e9d97a3264c844cf42d35e0573a87337

SHA512
6b5e8d1c459e101a1a34aeb8fe86db7ec39d9fdabca61d331494727a94048a6ae36f9e8b83e8ea21a2a2132323fe3812a41e88b70807b302835a0267dc4a8f4a

Download Submit
memory/1012-16-0x0000000002D00000-0x0000000002DF3000-memory.dmp

Filesize
972KB

Download
memory/1012-11-0x0000000002BF0000-0x0000000002CFE000-memory.dmp

Filesize
1.1MB

Download
memory/1012-12-0x0000000002D00000-0x0000000002DF3000-memory.dmp

Filesize
972KB

Download
memory/1012-15-0x0000000002D00000-0x0000000002DF3000-memory.dmp

Filesize
972KB

Download
memory/1012-8-0x0000000002520000-0x0000000002526000-memory.dmp

Filesize
24KB

Download
memory/1012-17-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/1012-9-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/1820-22-0x0000000002E60000-0x0000000002E66000-memory.dmp

Filesize
24KB

Download
memory/1820-26-0x00000000035D0000-0x00000000036DE000-memory.dmp

Filesize
1.1MB

Download
memory/1820-27-0x00000000036E0000-0x00000000037D3000-memory.dmp

Filesize
972KB

Download
memory/1820-30-0x00000000036E0000-0x00000000037D3000-memory.dmp

Filesize
972KB

Download
memory/1820-31-0x00000000036E0000-0x00000000037D3000-memory.dmp

Filesize
972KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads