cabec083fc700ecb1d151a96a9365d3233d75fda6c05209c1c21ce20cad2bf84

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43b5e003a42ec2ad1341101dc91e7579.exe
Size

164KB
MD5

43b5e003a42ec2ad1341101dc91e7579
SHA1

d86e6c1368396702170366d0e832be6bc289d2e6
SHA256

cabec083fc700ecb1d151a96a9365d3233d75fda6c05209c1c21ce20cad2bf84
SHA512

142e6f16f0f04fa54327d0b94eca82813cfa2a16629a3b5f663c94715643245cf980f92cdd8a8beb81c5f59d451be34e75398fd43cedf18a83d9a075590a4f2a
SSDEEP

1536:6axY5ZQswJ6voWnDNmuZ4crHH1JNmxpB5PzgoLYe:t6HQfJ6voWZ34cT1qfDzgose

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2264	2756	43b5e003a42ec2ad1341101dc91e7579.exe	29
PID 2756 wrote to memory of 2264	2756	43b5e003a42ec2ad1341101dc91e7579.exe	29
PID 2756 wrote to memory of 2264	2756	43b5e003a42ec2ad1341101dc91e7579.exe	29
PID 2756 wrote to memory of 2264	2756	43b5e003a42ec2ad1341101dc91e7579.exe	29
PID 2756 wrote to memory of 2312	2756	43b5e003a42ec2ad1341101dc91e7579.exe	30
PID 2756 wrote to memory of 2312	2756	43b5e003a42ec2ad1341101dc91e7579.exe	30
PID 2756 wrote to memory of 2312	2756	43b5e003a42ec2ad1341101dc91e7579.exe	30
PID 2756 wrote to memory of 2312	2756	43b5e003a42ec2ad1341101dc91e7579.exe	30
PID 2756 wrote to memory of 2724	2756	43b5e003a42ec2ad1341101dc91e7579.exe	31
PID 2756 wrote to memory of 2724	2756	43b5e003a42ec2ad1341101dc91e7579.exe	31
PID 2756 wrote to memory of 2724	2756	43b5e003a42ec2ad1341101dc91e7579.exe	31
PID 2756 wrote to memory of 2724	2756	43b5e003a42ec2ad1341101dc91e7579.exe	31
PID 2756 wrote to memory of 2688	2756	43b5e003a42ec2ad1341101dc91e7579.exe	32
PID 2756 wrote to memory of 2688	2756	43b5e003a42ec2ad1341101dc91e7579.exe	32
PID 2756 wrote to memory of 2688	2756	43b5e003a42ec2ad1341101dc91e7579.exe	32
PID 2756 wrote to memory of 2688	2756	43b5e003a42ec2ad1341101dc91e7579.exe	32
PID 2756 wrote to memory of 2728	2756	43b5e003a42ec2ad1341101dc91e7579.exe	33
PID 2756 wrote to memory of 2728	2756	43b5e003a42ec2ad1341101dc91e7579.exe	33
PID 2756 wrote to memory of 2728	2756	43b5e003a42ec2ad1341101dc91e7579.exe	33
PID 2756 wrote to memory of 2728	2756	43b5e003a42ec2ad1341101dc91e7579.exe	33
PID 2756 wrote to memory of 2836	2756	43b5e003a42ec2ad1341101dc91e7579.exe	34
PID 2756 wrote to memory of 2836	2756	43b5e003a42ec2ad1341101dc91e7579.exe	34
PID 2756 wrote to memory of 2836	2756	43b5e003a42ec2ad1341101dc91e7579.exe	34
PID 2756 wrote to memory of 2836	2756	43b5e003a42ec2ad1341101dc91e7579.exe	34
PID 2756 wrote to memory of 2840	2756	43b5e003a42ec2ad1341101dc91e7579.exe	36
PID 2756 wrote to memory of 2840	2756	43b5e003a42ec2ad1341101dc91e7579.exe	36
PID 2756 wrote to memory of 2840	2756	43b5e003a42ec2ad1341101dc91e7579.exe	36
PID 2756 wrote to memory of 2840	2756	43b5e003a42ec2ad1341101dc91e7579.exe	36
PID 2756 wrote to memory of 2868	2756	43b5e003a42ec2ad1341101dc91e7579.exe	35
PID 2756 wrote to memory of 2868	2756	43b5e003a42ec2ad1341101dc91e7579.exe	35
PID 2756 wrote to memory of 2868	2756	43b5e003a42ec2ad1341101dc91e7579.exe	35
PID 2756 wrote to memory of 2868	2756	43b5e003a42ec2ad1341101dc91e7579.exe	35
PID 2756 wrote to memory of 2936	2756	43b5e003a42ec2ad1341101dc91e7579.exe	37
PID 2756 wrote to memory of 2936	2756	43b5e003a42ec2ad1341101dc91e7579.exe	37
PID 2756 wrote to memory of 2936	2756	43b5e003a42ec2ad1341101dc91e7579.exe	37
PID 2756 wrote to memory of 2936	2756	43b5e003a42ec2ad1341101dc91e7579.exe	37
PID 2756 wrote to memory of 3032	2756	43b5e003a42ec2ad1341101dc91e7579.exe	38
PID 2756 wrote to memory of 3032	2756	43b5e003a42ec2ad1341101dc91e7579.exe	38
PID 2756 wrote to memory of 3032	2756	43b5e003a42ec2ad1341101dc91e7579.exe	38
PID 2756 wrote to memory of 3032	2756	43b5e003a42ec2ad1341101dc91e7579.exe	38
PID 2756 wrote to memory of 2732	2756	43b5e003a42ec2ad1341101dc91e7579.exe	39
PID 2756 wrote to memory of 2732	2756	43b5e003a42ec2ad1341101dc91e7579.exe	39
PID 2756 wrote to memory of 2732	2756	43b5e003a42ec2ad1341101dc91e7579.exe	39
PID 2756 wrote to memory of 2732	2756	43b5e003a42ec2ad1341101dc91e7579.exe	39
PID 2756 wrote to memory of 3024	2756	43b5e003a42ec2ad1341101dc91e7579.exe	40
PID 2756 wrote to memory of 3024	2756	43b5e003a42ec2ad1341101dc91e7579.exe	40
PID 2756 wrote to memory of 3024	2756	43b5e003a42ec2ad1341101dc91e7579.exe	40
PID 2756 wrote to memory of 3024	2756	43b5e003a42ec2ad1341101dc91e7579.exe	40
PID 2756 wrote to memory of 2584	2756	43b5e003a42ec2ad1341101dc91e7579.exe	41
PID 2756 wrote to memory of 2584	2756	43b5e003a42ec2ad1341101dc91e7579.exe	41
PID 2756 wrote to memory of 2584	2756	43b5e003a42ec2ad1341101dc91e7579.exe	41
PID 2756 wrote to memory of 2584	2756	43b5e003a42ec2ad1341101dc91e7579.exe	41
PID 2756 wrote to memory of 2308	2756	43b5e003a42ec2ad1341101dc91e7579.exe	42
PID 2756 wrote to memory of 2308	2756	43b5e003a42ec2ad1341101dc91e7579.exe	42
PID 2756 wrote to memory of 2308	2756	43b5e003a42ec2ad1341101dc91e7579.exe	42
PID 2756 wrote to memory of 2308	2756	43b5e003a42ec2ad1341101dc91e7579.exe	42
PID 2756 wrote to memory of 2704	2756	43b5e003a42ec2ad1341101dc91e7579.exe	43
PID 2756 wrote to memory of 2704	2756	43b5e003a42ec2ad1341101dc91e7579.exe	43
PID 2756 wrote to memory of 2704	2756	43b5e003a42ec2ad1341101dc91e7579.exe	43
PID 2756 wrote to memory of 2704	2756	43b5e003a42ec2ad1341101dc91e7579.exe	43
PID 2756 wrote to memory of 2696	2756	43b5e003a42ec2ad1341101dc91e7579.exe	44
PID 2756 wrote to memory of 2696	2756	43b5e003a42ec2ad1341101dc91e7579.exe	44
PID 2756 wrote to memory of 2696	2756	43b5e003a42ec2ad1341101dc91e7579.exe	44
PID 2756 wrote to memory of 2696	2756	43b5e003a42ec2ad1341101dc91e7579.exe	44

C:\Users\Admin\AppData\Local\Temp\43b5e003a42ec2ad1341101dc91e7579.exe
"C:\Users\Admin\AppData\Local\Temp\43b5e003a42ec2ad1341101dc91e7579.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\Explorer\
  2⤵
  PID:2264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\Burn\
  2⤵
  PID:2312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\1033\
  2⤵
  PID:2724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\GameExplorer\
  2⤵
  PID:2688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\WER\ReportArchive\
  2⤵
  PID:2728
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\WER\ReportQueue\
  2⤵
  PID:2836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\WER\ERC\TemplateCache\
  2⤵
  PID:2868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir "%userprofile%"\Appdata\Local\Microsoft\Windows\WER\ERC\ResponseCache\
  2⤵
  PID:2840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy svchost.exe "%userprofile%"\AppData\Local\Microsoft\Windows\
  2⤵
  PID:2936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy blat.dll "%userprofile%"\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\
  2⤵
  PID:2732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3024
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy blat.lib "%userprofile%"\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\
  2⤵
  PID:2584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy blat.exe "%userprofile%"\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\
  2⤵
  PID:2704
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c copy chdir.exe "%userprofile%"\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\
  2⤵
  PID:2740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c IF EXIST "%userprofile%\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\chdir.exe" reg add HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /V chdir.exe /t REG_SZ /d "%userprofile%\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\chdir.exe" /f
  2⤵
  PID:2612
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2596

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads