1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe
Size

1.8MB
MD5

1b4d62c3268d304edfd34001c1d05f0c
SHA1

87692cd9618c3b5a2265ead9c508d1f8a0b8c896
SHA256

1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6
SHA512

bc4151d59e999d69ffc06ff7e9978c999346eddfaeb895272015c9c41763648f9e08e19a8d814cd928585582f879444d06748549298ef33f3c622d1062631c4d
SSDEEP

49152:UJGi9vXbCsvr5BaAGbM0USznqoaGKHD82ygpM4cet6LZx:UIi9Oer5BaxQQqof+DqVtet6L/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2720	rundll32.exe
2720	rundll32.exe
2720	rundll32.exe
2720	rundll32.exe
2788	rundll32.exe
2788	rundll32.exe
2788	rundll32.exe
2788	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 1072	2592	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	28
PID 2592 wrote to memory of 1072	2592	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	28
PID 2592 wrote to memory of 1072	2592	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	28
PID 2592 wrote to memory of 1072	2592	1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe	28
PID 1072 wrote to memory of 2640	1072	cmd.exe	30
PID 1072 wrote to memory of 2640	1072	cmd.exe	30
PID 1072 wrote to memory of 2640	1072	cmd.exe	30
PID 1072 wrote to memory of 2640	1072	cmd.exe	30
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2640 wrote to memory of 2720	2640	control.exe	31
PID 2720 wrote to memory of 2548	2720	rundll32.exe	32
PID 2720 wrote to memory of 2548	2720	rundll32.exe	32
PID 2720 wrote to memory of 2548	2720	rundll32.exe	32
PID 2720 wrote to memory of 2548	2720	rundll32.exe	32
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33
PID 2548 wrote to memory of 2788	2548	RunDll32.exe	33

C:\Users\Admin\AppData\Local\Temp\1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe
"C:\Users\Admin\AppData\Local\Temp\1c91e4e440ef309efd0573055520cfdc8bb10f4cae85532aa30e89ccef17aeb6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\D~LeWK.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Windows\SysWOW64\control.exe
    cONtrol "C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9MZQXDE.~"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9MZQXDE.~"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9MZQXDE.~"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2548
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9MZQXDE.~"
        6⤵
        Loads dropped DLL
        
        PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\D~leWK.bat

Filesize
28B

MD5
3484354f1a65032f6a6186bae61fad9d

SHA1
f2f929103fa1d071368cdfa73cd56552bfc10972

SHA256
0bbcaa5f8eb8ccd4f8348b0f618d7a7cd2356a39cfdab7d6169d893881a96bd2

SHA512
bd9637d3d4ebb283161d21bdbd1b2d48269c0b4867cb906e4dbc06f7aa3e607918c7171fde584f7c94751d8a308c33047baa8c87b42493789603b3122d33b095

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\D~leWK.bat

Filesize
28B

MD5
3484354f1a65032f6a6186bae61fad9d

SHA1
f2f929103fa1d071368cdfa73cd56552bfc10972

SHA256
0bbcaa5f8eb8ccd4f8348b0f618d7a7cd2356a39cfdab7d6169d893881a96bd2

SHA512
bd9637d3d4ebb283161d21bdbd1b2d48269c0b4867cb906e4dbc06f7aa3e607918c7171fde584f7c94751d8a308c33047baa8c87b42493789603b3122d33b095

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9MZQXDE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS02A02CA6\X9mZqXdE.~

Filesize
1.8MB

MD5
d2fcc3a771c27bfebc35e75e84d95ad6

SHA1
f86d3282be2609bf3dc5b7ddf46e9d85f9a01aeb

SHA256
3e230516149cef1d9c3b53e6fa2b2769616d37013d8d90b7c6f14bace55cf612

SHA512
f520aea6f9daf19cfcceec48cf102bf9f2dd46599d60d8c15051c76da49af52cdc3839d8e9833341ad80e0e75404cf703aa09345c4fc400dab3b18a0d9d5fabc

Download Submit
memory/2720-21-0x00000000025C0000-0x00000000026C2000-memory.dmp

Filesize
1.0MB

Download
memory/2720-24-0x00000000025C0000-0x00000000026C2000-memory.dmp

Filesize
1.0MB

Download
memory/2720-25-0x00000000025C0000-0x00000000026C2000-memory.dmp

Filesize
1.0MB

Download
memory/2720-20-0x00000000024A0000-0x00000000025BC000-memory.dmp

Filesize
1.1MB

Download
memory/2720-17-0x0000000010000000-0x00000000101C4000-memory.dmp

Filesize
1.8MB

Download
memory/2720-16-0x00000000003A0000-0x00000000003A6000-memory.dmp

Filesize
24KB

Download
memory/2788-30-0x0000000000220000-0x0000000000226000-memory.dmp

Filesize
24KB

Download
memory/2788-33-0x0000000002590000-0x00000000026AC000-memory.dmp

Filesize
1.1MB

Download
memory/2788-34-0x00000000026B0000-0x00000000027B2000-memory.dmp

Filesize
1.0MB

Download
memory/2788-37-0x00000000026B0000-0x00000000027B2000-memory.dmp

Filesize
1.0MB

Download
memory/2788-38-0x00000000026B0000-0x00000000027B2000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads