651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577

Analysis

max time kernel
187s
max time network
256s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
30/10/2023, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe
Size

2.5MB
MD5

1b1e3a12f077b7194d33979a5d04ef34
SHA1

e818c56b43804212a133f832c10860a64f6a1309
SHA256

651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577
SHA512

d518e213f9a6154dbf5d89815e6c6a97be59596906789ec60208d007e6323440c2c4d944dbc8d541a68d9ceef230544bbab6bce41452eb8ea90882acb89c0940
SSDEEP

49152:WflP4OYbIl7LVJWzd81ITc12QmJfZ6xCriWWaYfDfaCcb/:WtP4Pkl7XWzdxTQ2QmmcinaZCq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4880	rundll32.exe
4540	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2616	2336	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	71
PID 2336 wrote to memory of 2616	2336	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	71
PID 2336 wrote to memory of 2616	2336	651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe	71
PID 2616 wrote to memory of 1012	2616	cmd.exe	73
PID 2616 wrote to memory of 1012	2616	cmd.exe	73
PID 2616 wrote to memory of 1012	2616	cmd.exe	73
PID 1012 wrote to memory of 4880	1012	control.exe	74
PID 1012 wrote to memory of 4880	1012	control.exe	74
PID 1012 wrote to memory of 4880	1012	control.exe	74
PID 4880 wrote to memory of 4404	4880	rundll32.exe	75
PID 4880 wrote to memory of 4404	4880	rundll32.exe	75
PID 4404 wrote to memory of 4540	4404	RunDll32.exe	76
PID 4404 wrote to memory of 4540	4404	RunDll32.exe	76
PID 4404 wrote to memory of 4540	4404	RunDll32.exe	76

C:\Users\Admin\AppData\Local\Temp\651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe
"C:\Users\Admin\AppData\Local\Temp\651dec69c5dd7b4f2690e0fdad0f15a2ec2ae110c58cee604035a2ec92b0c577.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\CD.cMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Windows\SysWOW64\control.exe
    CONtrOL "C:\Users\Admin\AppData\Local\Temp\7zS029357C7\T.L"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1012
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS029357C7\T.L"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS029357C7\T.L"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4404
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS029357C7\T.L"
        6⤵
        Loads dropped DLL
        
        PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS029357C7\CD.cmd

Filesize
26B

MD5
36d733b1b4ff51a7fe415d7c52aed298

SHA1
2d229fec74eabe60e5bdbd4d807f2ee08d0e4468

SHA256
60fae660e454ccc245efd365f2acf6f7d25fb7026472b2d9c8b1ebf3fe124f83

SHA512
4e5dee03caedc4b1508e667f41b75911e660d9a408a8d555c3720262160e13eed9824de3bc0a9a3a331a3764f337fe5e8c23a1f172e0afdf1cbec93482bd66dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS029357C7\T.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS029357C7\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
\Users\Admin\AppData\Local\Temp\7zS029357C7\t.L

Filesize
2.5MB

MD5
54b846a0a506a83f364fe5aee3dd919d

SHA1
72517d9194bcb9d31099448290447fa3027a6858

SHA256
3734ef0938e6a5723b765e9de6a0c27bf595d5fd5694b72df7b835d8af6b99f7

SHA512
4724696d8f738ecab2cb8949010f84cb403b6defee9dfd7e9a85ccf18860f3f610c7dc31f37e0bc9138f908e2ddfd529fbb5c900b9c01aace20a9923bf1dd690

Download Submit
memory/4540-32-0x00000000048E0000-0x00000000049EA000-memory.dmp

Filesize
1.0MB

Download
memory/4540-31-0x00000000048E0000-0x00000000049EA000-memory.dmp

Filesize
1.0MB

Download
memory/4540-28-0x00000000048E0000-0x00000000049EA000-memory.dmp

Filesize
1.0MB

Download
memory/4540-27-0x00000000047B0000-0x00000000048D6000-memory.dmp

Filesize
1.1MB

Download
memory/4540-21-0x0000000000AF0000-0x0000000000AF6000-memory.dmp

Filesize
24KB

Download
memory/4880-8-0x0000000002FD0000-0x0000000002FD6000-memory.dmp

Filesize
24KB

Download
memory/4880-19-0x0000000005150000-0x000000000525A000-memory.dmp

Filesize
1.0MB

Download
memory/4880-18-0x0000000005150000-0x000000000525A000-memory.dmp

Filesize
1.0MB

Download
memory/4880-15-0x0000000005150000-0x000000000525A000-memory.dmp

Filesize
1.0MB

Download
memory/4880-14-0x0000000005020000-0x0000000005146000-memory.dmp

Filesize
1.1MB

Download
memory/4880-9-0x0000000010000000-0x000000001027F000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads