4bea7b8007b02ad6474d9ec9931db7064de134da59fee19ab1f7a1f3a0a2f2c4

Analysis

max time kernel
111s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cuDNN.exe
Size

429.0MB
MD5

5cf72477715230b56b700955b1542418
SHA1

1da9c975b286c2d06861bb3fcd32a125a0ec287b
SHA256

4bea7b8007b02ad6474d9ec9931db7064de134da59fee19ab1f7a1f3a0a2f2c4
SHA512

f41f54ca41f2e4a97ca6b214b1d80085337468fc26db0df242b7b8a7dd73923b183dc2bd240c104edc747ee400a61ce2b729d826ff0dd0d6b8398dbbf8c6615a
SSDEEP

12582912:sR1+kTyB1y8Vj2dVeMp7mc+3boEsV6BpV3KDTpUseB:sukGB1y8Vq6AiPLa6PV6aB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	cuDNN.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 1136	4856	cuDNN.exe	90
PID 4856 wrote to memory of 1136	4856	cuDNN.exe	90
PID 4856 wrote to memory of 1136	4856	cuDNN.exe	90
PID 1136 wrote to memory of 1628	1136	cmd.exe	93
PID 1136 wrote to memory of 1628	1136	cmd.exe	93
PID 1136 wrote to memory of 1628	1136	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\cuDNN.exe
"C:\Users\Admin\AppData\Local\Temp\cuDNN.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\installer.cmd" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1136
- - C:\Windows\SysWOW64\cscript.exe
    cscript error.vbs
    3⤵
    PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cudnn\CU19ED~1.DLL

Filesize
85.5MB

MD5
dca568dfa5cafa755c3bb372e2a4b7c1

SHA1
be42eab87d9c953074863c171943b7a7438598f8

SHA256
55ea486a56eead8818ad1460074d5b344a53f6fb3da8a34b8828c2025be73ad3

SHA512
761eb173f5a54fb16a78dd46ca20d0897df604db22dd2a8d681e2de0ee5954c36716b1b9544565b76b22e1c6cce8358f28ea9ad6217328981efca6a9bc5d713b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CU76A7~1.DLL

Filesize
67.4MB

MD5
b9a012f1e4ff772a90814fb57a10d555

SHA1
0eddbbcfa3e6a265147d8ab5c5db9502f5056f91

SHA256
f0d1912d9e4bfa7a1130c32d191b900a006c59c5644b8c34fdae6b0d6754f579

SHA512
ef4ba1241bf2190970287aaf8c95fe3856972248a03582a5a11f24c3fdc42b7e961fba5c094723cc547a6728b4697b824bc0697d2fbc327963c59091dcb549eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CUDNN6~1.DLL

Filesize
281KB

MD5
141178fc929ccb169da1ab66fadd6953

SHA1
e0835701ba6ac71bfb77a471186d183c6d6f3b75

SHA256
c6d737574fce438410356d5c50f527122af0fbeb24247d358f60da44c5c8b6a8

SHA512
68a6ce5b21e747c8276762dc4a65ad72dbf6ff5e7c290fde266f1951124ba594ce3237d2a3206d60264222dd56df20f02fa2b86c0374a58179e64688b9c2e7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CUDNN_~1.DLL

Filesize
119.6MB

MD5
2ac3cfb85e6bef43cc9a364e6f4c28a6

SHA1
c2c9de6c051ccc0aff9b27cda040eb3eda05ff58

SHA256
2ff4ecbd45a36fd7c4317c1418f29352d9354424a1eeaa789c472b4026ffd79a

SHA512
df6ee8c0d647c4739d78ae82086e551e1f23d1822add6ecdfb5ae72f7cf25d95eb798c96f2acc41222580139293834ef65b761ef43c0c73ab924c4ae5e7c40a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CUDNN_~2.DLL

Filesize
113.0MB

MD5
85d773fe81f0679b38bb74d98f1f71bd

SHA1
b45890a911a64cd89d137382528597b5be30e525

SHA256
1309b31c7a08a3a3d793e32c812c7ac9d31b2d39f55cbb97aef578792b9921da

SHA512
1bf4f62f4be28e4655beb84a6b076a18d51d2190a31851d5027f64f7e02f8a4b8557a87ab129330062e95d99b1085845b4f9a1170db6a13cbde36f59d00cce70

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CUDNN_~3.DLL

Filesize
432.6MB

MD5
1b45de0f31a29991bbe5dd193b598338

SHA1
b1d7b0d559c85f1a7f3a8624773fb0a9910f30c6

SHA256
874d1d706283df61e65d23304f989f634abd8f7c08e7bf57aa64755c0381a277

SHA512
9d4ed4946057404c8a8feba9f3cc881be92014edf6e35818eccb1b32cc2ea13b57ae75533d55d69de3727f735b8b89d2814cf56c94d8d7da13eab6007072219e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cudnn\CUDNN_~4.DLL

Filesize
93.1MB

MD5
c5a48cf7de939847b4d17d9792ba720d

SHA1
cced9d834ab55b0f8d08ffa109f13d526b6973d6

SHA256
068aee9ca446917984e3961216413f1478c78b4cac3bd8b52340e0ba88f8139b

SHA512
9d71a890f142592e714f01f6375cf4c57e732c142addf6fc2a32480191c9571ab6769f0e9b57b1611401e6c34abf0be6b7eab036157d4a6ce3a1ff4dade82752

Download Submit
C:\Users\Admin\AppData\Local\Temp\error.vbs

Filesize
72B

MD5
2766cb7ab4bc3c9980ee68ac98a3c734

SHA1
b73f52921728ac563370fefedca074e2ebb600d5

SHA256
6007a64fba5f8af4af8ca699548255e378dbee1076023d5f3090ade74c119a6b

SHA512
aea4500d8a14cbf24affbfbbf18a3c4b629b453c45ae1e4bfcd9777563dcff27401dd2c245f04783de201514865f3a4bdffa1f8b40f9334a1ee1b57dd4533d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\installer.cmd

Filesize
308B

MD5
c3269f2d626685e0b3b5e2028eac639b

SHA1
58b479ed73e440adc21d967f8eeb8babe53bc690

SHA256
7e2cd195eff2742ec3aea5031d7455b8c6124bab9feb60f6764aa4730beb650a

SHA512
d7e2d70004a08be19dc1eb32ff0373d40cf4769c40d81a5ef601f9ef99847728418abbe3af112fea14be916c572b60ddc5a2975cee92ebab1da95db2ffd799c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\success.vbs

Filesize
54B

MD5
ec6965725d1ec2ebcded4c59a69cb602

SHA1
4abc0f0e08395538622620dc3eee36a8baf3f248

SHA256
feab598efd4f532a8ba0b2ea6f9b9e3c5479464bf86c454a01a314cd23516245

SHA512
4c2879fdc0eee2e49428a68be2afbc383646de809186c4eec228463f8bf89ff14d771d4fd6d81cf60328193a25876c9ae4983de8ecabdca3e0ad4dc8d5c4dabc

Download Submit