daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2

Analysis

max time kernel
52s
max time network
17s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe
Size

2.2MB
MD5

6ef3fe94170197af18ca9acd9c0ad4c5
SHA1

52d0c285354241cc18425f3edd6c8aa99c82248f
SHA256

daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2
SHA512

e9b4e63764816948ec659ea135fb960bc8c63625c53f02008a1e4bee071d844599981dd9986d680a6e9713d14f96ac7dde14641521a41a17c6f92cad4d37e42c
SSDEEP

49152:WfBYI1X33/19NAVCzO8hrblEDVgPTTvSNf37+35:W/9TAVl8hrigPTzSkp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2696	rundll32.exe
2696	rundll32.exe
2696	rundll32.exe
2696	rundll32.exe
2572	rundll32.exe
2572	rundll32.exe
2572	rundll32.exe
2572	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2640	2808	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	28
PID 2808 wrote to memory of 2640	2808	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	28
PID 2808 wrote to memory of 2640	2808	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	28
PID 2808 wrote to memory of 2640	2808	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	28
PID 2640 wrote to memory of 2712	2640	cmd.exe	30
PID 2640 wrote to memory of 2712	2640	cmd.exe	30
PID 2640 wrote to memory of 2712	2640	cmd.exe	30
PID 2640 wrote to memory of 2712	2640	cmd.exe	30
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2712 wrote to memory of 2696	2712	control.exe	31
PID 2696 wrote to memory of 2560	2696	rundll32.exe	34
PID 2696 wrote to memory of 2560	2696	rundll32.exe	34
PID 2696 wrote to memory of 2560	2696	rundll32.exe	34
PID 2696 wrote to memory of 2560	2696	rundll32.exe	34
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35
PID 2560 wrote to memory of 2572	2560	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe
"C:\Users\Admin\AppData\Local\Temp\daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\DV93~Q.cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Windows\SysWOW64\control.exe
    CoNTRol.EXE "C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2560
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD"
        6⤵
        Loads dropped DLL
        
        PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\Dv93~q.cmd

Filesize
28B

MD5
a538c6aa3704d576f6f7a8871071384d

SHA1
7d7780f9e4c6cf8ec72257e65c07048f4a468a21

SHA256
72fb33fad81cbda9d343cc52bc1141dd45617d5e262ba1dc6350e28b51787b21

SHA512
a9893236a0f852e073c661dafdae03237b927929342ce8138064d1eda9081f7bbcdb9055641db0003983d7ecb3d8ac134db31b2812b465506476fabba4bc319f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\Dv93~q.cmd

Filesize
28B

MD5
a538c6aa3704d576f6f7a8871071384d

SHA1
7d7780f9e4c6cf8ec72257e65c07048f4a468a21

SHA256
72fb33fad81cbda9d343cc52bc1141dd45617d5e262ba1dc6350e28b51787b21

SHA512
a9893236a0f852e073c661dafdae03237b927929342ce8138064d1eda9081f7bbcdb9055641db0003983d7ecb3d8ac134db31b2812b465506476fabba4bc319f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8FA5C146\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
memory/2572-31-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2696-17-0x0000000010000000-0x0000000010226000-memory.dmp

Filesize
2.1MB

Download
memory/2696-26-0x0000000002780000-0x0000000002874000-memory.dmp

Filesize
976KB

Download
memory/2696-25-0x0000000002780000-0x0000000002874000-memory.dmp

Filesize
976KB

Download
memory/2696-22-0x0000000002780000-0x0000000002874000-memory.dmp

Filesize
976KB

Download
memory/2696-21-0x0000000002670000-0x000000000277D000-memory.dmp

Filesize
1.1MB

Download
memory/2696-16-0x00000000000D0000-0x00000000000D6000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads