aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e

Analysis

max time kernel
124s
max time network
130s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
14-10-2023 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe
Size

2.3MB
MD5

587316f1fde90bff5dcd12335d5c737e
SHA1

5d9a03526e5791dcf4343a54422c814d56ba4cea
SHA256

aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e
SHA512

8834a0e7a3787a09a17b084a8eb3294ccf9ed3ad404ec6d2ec0177d86c6980b4c4ddf8886b74791628473abb82afec4ff7857ca23adf510524f91cfa687631b2
SSDEEP

49152:Wf17YIDY9Uw8G7LzJtqXjnTUrjSw2K86xm8eurGU3fEyrgh8cx:WDDY9hPVyjnTUCwr8PfXiEOGD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4080	rundll32.exe
696	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 2948	4352	aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe	69
PID 4352 wrote to memory of 2948	4352	aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe	69
PID 4352 wrote to memory of 2948	4352	aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe	69
PID 2948 wrote to memory of 2724	2948	cmd.exe	71
PID 2948 wrote to memory of 2724	2948	cmd.exe	71
PID 2948 wrote to memory of 2724	2948	cmd.exe	71
PID 2724 wrote to memory of 4080	2724	control.exe	72
PID 2724 wrote to memory of 4080	2724	control.exe	72
PID 2724 wrote to memory of 4080	2724	control.exe	72
PID 4080 wrote to memory of 2056	4080	rundll32.exe	73
PID 4080 wrote to memory of 2056	4080	rundll32.exe	73
PID 2056 wrote to memory of 696	2056	RunDll32.exe	74
PID 2056 wrote to memory of 696	2056	RunDll32.exe	74
PID 2056 wrote to memory of 696	2056	RunDll32.exe	74

C:\Users\Admin\AppData\Local\Temp\aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe
"C:\Users\Admin\AppData\Local\Temp\aa206904e902124a1f904a63638aabad1ad9f8f80d3ebca40add7de7309ed77e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\GqW~SPN.BAt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Windows\SysWOW64\control.exe
    conTRoL "C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\YsL~o.mN"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\YsL~o.mN"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4080
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\YsL~o.mN"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2056
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\YsL~o.mN"
        6⤵
        Loads dropped DLL
        
        PID:696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\Gqw~Spn.bat

Filesize
25B

MD5
04c94e282582e36689a8fe1cc9d7faa9

SHA1
9d3e9e1039e869b627fffacb5752d9e7ab26d4c8

SHA256
a638df40b3be1546be83a0eb415f1f8c7d8e3a5ebb7c7fa851519b873be52306

SHA512
c2b4cd04ab8a288cd5c230f5286e7a705b7244ec77e6550b44f5691747657d7dff29f13fea515cfef3cd258e490a9ed3bea9ada99dda9fcd6baed8187be10e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS001A1BE7\YsL~o.mN

Filesize
2.3MB

MD5
352764b75e378d1c37722ece76de8eb1

SHA1
fedf3a668c9222f98270c04024a10028cb8afce9

SHA256
073c45bf2865871e8c1152da7fb36aa4ea3e8968abfe84eeb79edf590a754757

SHA512
67ec85e83251955e1fd13529adfab070c91da50d98d229ffe1c154a8250016f0886024c9fd22ea0b45d95fbff6ad50a22a4ba0da2244ed722db34b97a7f55254

Download Submit
\Users\Admin\AppData\Local\Temp\7zS001A1BE7\ysL~o.mN

Filesize
2.3MB

MD5
352764b75e378d1c37722ece76de8eb1

SHA1
fedf3a668c9222f98270c04024a10028cb8afce9

SHA256
073c45bf2865871e8c1152da7fb36aa4ea3e8968abfe84eeb79edf590a754757

SHA512
67ec85e83251955e1fd13529adfab070c91da50d98d229ffe1c154a8250016f0886024c9fd22ea0b45d95fbff6ad50a22a4ba0da2244ed722db34b97a7f55254

Download Submit
\Users\Admin\AppData\Local\Temp\7zS001A1BE7\ysL~o.mN

Filesize
2.3MB

MD5
352764b75e378d1c37722ece76de8eb1

SHA1
fedf3a668c9222f98270c04024a10028cb8afce9

SHA256
073c45bf2865871e8c1152da7fb36aa4ea3e8968abfe84eeb79edf590a754757

SHA512
67ec85e83251955e1fd13529adfab070c91da50d98d229ffe1c154a8250016f0886024c9fd22ea0b45d95fbff6ad50a22a4ba0da2244ed722db34b97a7f55254

Download Submit
memory/696-26-0x0000000004C00000-0x0000000004CF7000-memory.dmp

Filesize
988KB

Download
memory/696-25-0x0000000004C00000-0x0000000004CF7000-memory.dmp

Filesize
988KB

Download
memory/696-22-0x0000000004C00000-0x0000000004CF7000-memory.dmp

Filesize
988KB

Download
memory/696-21-0x0000000004AF0000-0x0000000004BFF000-memory.dmp

Filesize
1.1MB

Download
memory/696-18-0x00000000029B0000-0x00000000029B6000-memory.dmp

Filesize
24KB

Download
memory/4080-8-0x0000000002BC0000-0x0000000002BC6000-memory.dmp

Filesize
24KB

Download
memory/4080-16-0x0000000004E60000-0x0000000004F57000-memory.dmp

Filesize
988KB

Download
memory/4080-15-0x0000000004E60000-0x0000000004F57000-memory.dmp

Filesize
988KB

Download
memory/4080-12-0x0000000004E60000-0x0000000004F57000-memory.dmp

Filesize
988KB

Download
memory/4080-11-0x0000000004D50000-0x0000000004E5F000-memory.dmp

Filesize
1.1MB

Download
memory/4080-9-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads