daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2

Analysis

max time kernel
172s
max time network
248s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
23/10/2023, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe
Size

2.2MB
MD5

6ef3fe94170197af18ca9acd9c0ad4c5
SHA1

52d0c285354241cc18425f3edd6c8aa99c82248f
SHA256

daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2
SHA512

e9b4e63764816948ec659ea135fb960bc8c63625c53f02008a1e4bee071d844599981dd9986d680a6e9713d14f96ac7dde14641521a41a17c6f92cad4d37e42c
SSDEEP

49152:WfBYI1X33/19NAVCzO8hrblEDVgPTTvSNf37+35:W/9TAVl8hrigPTzSkp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
804	rundll32.exe
1588	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 772	1516	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	70
PID 1516 wrote to memory of 772	1516	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	70
PID 1516 wrote to memory of 772	1516	daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe	70
PID 772 wrote to memory of 1068	772	cmd.exe	72
PID 772 wrote to memory of 1068	772	cmd.exe	72
PID 772 wrote to memory of 1068	772	cmd.exe	72
PID 1068 wrote to memory of 804	1068	control.exe	73
PID 1068 wrote to memory of 804	1068	control.exe	73
PID 1068 wrote to memory of 804	1068	control.exe	73
PID 804 wrote to memory of 3232	804	rundll32.exe	74
PID 804 wrote to memory of 3232	804	rundll32.exe	74
PID 3232 wrote to memory of 1588	3232	RunDll32.exe	75
PID 3232 wrote to memory of 1588	3232	RunDll32.exe	75
PID 3232 wrote to memory of 1588	3232	RunDll32.exe	75

C:\Users\Admin\AppData\Local\Temp\daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe
"C:\Users\Admin\AppData\Local\Temp\daa0d349da57f2cedfaed679cd8a56e938003b26b007c965d74058e8f76b26b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\DV93~Q.cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Windows\SysWOW64\control.exe
    CoNTRol.EXE "C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1068
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:804
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3232
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD"
        6⤵
        Loads dropped DLL
        
        PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\Dv93~q.cmd

Filesize
28B

MD5
a538c6aa3704d576f6f7a8871071384d

SHA1
7d7780f9e4c6cf8ec72257e65c07048f4a468a21

SHA256
72fb33fad81cbda9d343cc52bc1141dd45617d5e262ba1dc6350e28b51787b21

SHA512
a9893236a0f852e073c661dafdae03237b927929342ce8138064d1eda9081f7bbcdb9055641db0003983d7ecb3d8ac134db31b2812b465506476fabba4bc319f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSCE5E74A7\V.BD

Filesize
2.1MB

MD5
2b27dc303d7fc40b6d61e3660c71ee19

SHA1
12f1dac05a03c41ff0bc1ea6e5485d77050414fa

SHA256
43c2b74ad3980ab7756202be62f988203583a4bd4c70f132aca85c12152933b9

SHA512
2b0e4f6d892b48b347d315ffd0bed9fa3ba7093c8170e451e12bce4a016096bdffb42a506b50d9dbfdc8bd8e356d0b944c995b1a20a5353454e15c3911b8e8a9

Download Submit
memory/804-17-0x00000000052F0000-0x00000000053E4000-memory.dmp

Filesize
976KB

Download
memory/804-12-0x00000000051E0000-0x00000000052ED000-memory.dmp

Filesize
1.1MB

Download
memory/804-13-0x00000000052F0000-0x00000000053E4000-memory.dmp

Filesize
976KB

Download
memory/804-15-0x0000000010000000-0x0000000010226000-memory.dmp

Filesize
2.1MB

Download
memory/804-8-0x0000000003050000-0x0000000003056000-memory.dmp

Filesize
24KB

Download
memory/804-18-0x00000000052F0000-0x00000000053E4000-memory.dmp

Filesize
976KB

Download
memory/804-9-0x0000000010000000-0x0000000010226000-memory.dmp

Filesize
2.1MB

Download
memory/1588-21-0x0000000002E00000-0x0000000002E06000-memory.dmp

Filesize
24KB

Download
memory/1588-25-0x0000000004FC0000-0x00000000050CD000-memory.dmp

Filesize
1.1MB

Download
memory/1588-26-0x00000000050D0000-0x00000000051C4000-memory.dmp

Filesize
976KB

Download
memory/1588-29-0x00000000050D0000-0x00000000051C4000-memory.dmp

Filesize
976KB

Download
memory/1588-30-0x00000000050D0000-0x00000000051C4000-memory.dmp

Filesize
976KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads