2c8249b71e4e027717794e5ab0a27a8ce3ae3732e8de32a0d8e1b9acf2c73412

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d09d484d7ccdad1c341eda09fe69026.exe
Size

247KB
MD5

6d09d484d7ccdad1c341eda09fe69026
SHA1

2ff7f3dec3de4edf9dc3a3453fdae689cc0ced01
SHA256

2c8249b71e4e027717794e5ab0a27a8ce3ae3732e8de32a0d8e1b9acf2c73412
SHA512

7b7c5d74fc1710f3bd8f888488337c51964bd9e6020c73ad12d7527d8d84174621b366eab899dc7deb8e385def5d3ee53f8af0099a3adc3727d756f6065c987c
SSDEEP

6144:nORGrsbX9LaO7KNGuTmEVmeM3E6Ygf4f+G:nOKea7LYP42

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2392	maxfilimg.exe

Loads dropped DLL 6 IoCs

pid	Process
2884	6d09d484d7ccdad1c341eda09fe69026.exe
2780	rundll32.exe
2780	rundll32.exe
2780	rundll32.exe
2780	rundll32.exe
2780	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2392	2884	6d09d484d7ccdad1c341eda09fe69026.exe	28
PID 2884 wrote to memory of 2392	2884	6d09d484d7ccdad1c341eda09fe69026.exe	28
PID 2884 wrote to memory of 2392	2884	6d09d484d7ccdad1c341eda09fe69026.exe	28
PID 2884 wrote to memory of 2392	2884	6d09d484d7ccdad1c341eda09fe69026.exe	28
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29
PID 2392 wrote to memory of 2780	2392	maxfilimg.exe	29

C:\Users\Admin\AppData\Local\Temp\6d09d484d7ccdad1c341eda09fe69026.exe
"C:\Users\Admin\AppData\Local\Temp\6d09d484d7ccdad1c341eda09fe69026.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Roaming\maxfilimg\maxfilimg.exe
  C:\Users\Admin\AppData\Roaming\maxfilimg\maxfilimg.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Roaming\MAXFIL~1\MAXFIL~1.DLL 000
    3⤵
    - Loads dropped DLL
    PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MAXFIL~1\MAXFIL~1.DLL

Filesize
231KB

MD5
2c1df802c7e5babf835748b4184beea0

SHA1
422ef2500d614c11cc7bd666532dee6fa025301e

SHA256
fea3141b38fda4d0704bdabd76656087296efa04dba9c64ea3a7f4e41c9cc872

SHA512
3e6724391ecb89a98ef230ef313dfea951e3ccc16e77855f73f97afc486823ced10d9f337f3b3cd24145ea47ef31fab2ebdcbacab0761fbad5b5e66086dc243e

Download Submit
\Users\Admin\AppData\Roaming\MAXFIL~1\efopai.dll

Filesize
160KB

MD5
069b89e63681a1391e8f49d50867f049

SHA1
ec2787676bb27215992cd3dbc39ba5ed6d41026b

SHA256
756e1c0fd8e00159da74d7e482797b0dd0fc6371b5c38e398c3ffac6614b0c18

SHA512
0a9c8bf199bcf5a31b644350f89388547fa5c1a43d88aec8411a17ca7ce33ea86349803bc3c504df595b49a5c44f548febe7102965dcad5f0396ea209c2bdd6d

Download Submit
\Users\Admin\AppData\Roaming\maxfilimg\maxfilimg.exe

Filesize
247KB

MD5
6d09d484d7ccdad1c341eda09fe69026

SHA1
2ff7f3dec3de4edf9dc3a3453fdae689cc0ced01

SHA256
2c8249b71e4e027717794e5ab0a27a8ce3ae3732e8de32a0d8e1b9acf2c73412

SHA512
7b7c5d74fc1710f3bd8f888488337c51964bd9e6020c73ad12d7527d8d84174621b366eab899dc7deb8e385def5d3ee53f8af0099a3adc3727d756f6065c987c

Download Submit
memory/2392-11-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2392-10-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2780-21-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-29-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2780-20-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-34-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2780-18-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-16-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-27-0x0000000000100000-0x000000000012A000-memory.dmp

Filesize
168KB

Download
memory/2780-33-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-32-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2780-30-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/2780-31-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2884-1-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2884-6-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2884-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads