651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe
Size

2.5MB
MD5

1b1e3a12f077b7194d33979a5d04ef34
SHA1

e818c56b43804212a133f832c10860a64f6a1309
SHA256

651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577
SHA512

d518e213f9a6154dbf5d89815e6c6a97be59596906789ec60208d007e6323440c2c4d944dbc8d541a68d9ceef230544bbab6bce41452eb8ea90882acb89c0940
SSDEEP

49152:WflP4OYbIl7LVJWzd81ITc12QmJfZ6xCriWWaYfDfaCcb/:WtP4Pkl7XWzdxTQ2QmmcinaZCq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2728	rundll32.exe
2728	rundll32.exe
2728	rundll32.exe
2728	rundll32.exe
2604	rundll32.exe
2604	rundll32.exe
2604	rundll32.exe
2604	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2672	2472	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	28
PID 2472 wrote to memory of 2672	2472	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	28
PID 2472 wrote to memory of 2672	2472	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	28
PID 2472 wrote to memory of 2672	2472	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	28
PID 2672 wrote to memory of 2744	2672	cmd.exe	30
PID 2672 wrote to memory of 2744	2672	cmd.exe	30
PID 2672 wrote to memory of 2744	2672	cmd.exe	30
PID 2672 wrote to memory of 2744	2672	cmd.exe	30
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2744 wrote to memory of 2728	2744	control.exe	31
PID 2728 wrote to memory of 2592	2728	rundll32.exe	34
PID 2728 wrote to memory of 2592	2728	rundll32.exe	34
PID 2728 wrote to memory of 2592	2728	rundll32.exe	34
PID 2728 wrote to memory of 2592	2728	rundll32.exe	34
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35
PID 2592 wrote to memory of 2604	2592	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe
"C:\Users\Admin\AppData\Local\Temp\651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\CD.cMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Windows\SysWOW64\control.exe
    CONtrOL "C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\T.L"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\T.L"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\T.L"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\T.L"
        6⤵
        Loads dropped DLL
        
        PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\CD.cmd

Filesize
26B

MD5
36d733b1b4ff51a7fe415d7c52aed298

SHA1
2d229fec74eabe60e5bdbd4d807f2ee08d0e4468

SHA256
60fae660e454ccc245efd365f2acf6f7d25fb7026472b2d9c8b1ebf3fe124f83

SHA512
4e5dee03caedc4b1508e667f41b75911e660d9a408a8d555c3720262160e13eed9824de3bc0a9a3a331a3764f337fe5e8c23a1f172e0afdf1cbec93482bd66dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\CD.cmd

Filesize
26B

MD5
36d733b1b4ff51a7fe415d7c52aed298

SHA1
2d229fec74eabe60e5bdbd4d807f2ee08d0e4468

SHA256
60fae660e454ccc245efd365f2acf6f7d25fb7026472b2d9c8b1ebf3fe124f83

SHA512
4e5dee03caedc4b1508e667f41b75911e660d9a408a8d555c3720262160e13eed9824de3bc0a9a3a331a3764f337fe5e8c23a1f172e0afdf1cbec93482bd66dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A91F116\T.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A91F116\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
memory/2604-33-0x0000000000190000-0x0000000000196000-memory.dmp

Filesize
24KB

Download
memory/2604-39-0x0000000002690000-0x00000000027B6000-memory.dmp

Filesize
1.1MB

Download
memory/2604-40-0x00000000027C0000-0x00000000028CA000-memory.dmp

Filesize
1.0MB

Download
memory/2604-43-0x00000000027C0000-0x00000000028CA000-memory.dmp

Filesize
1.0MB

Download
memory/2604-44-0x00000000027C0000-0x00000000028CA000-memory.dmp

Filesize
1.0MB

Download
memory/2728-23-0x00000000027F0000-0x00000000028FA000-memory.dmp

Filesize
1.0MB

Download
memory/2728-26-0x00000000027F0000-0x00000000028FA000-memory.dmp

Filesize
1.0MB

Download
memory/2728-27-0x00000000027F0000-0x00000000028FA000-memory.dmp

Filesize
1.0MB

Download
memory/2728-22-0x00000000026C0000-0x00000000027E6000-memory.dmp

Filesize
1.1MB

Download
memory/2728-16-0x0000000010000000-0x000000001027F000-memory.dmp

Filesize
2.5MB

Download
memory/2728-17-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads