3f380b5b27d29ccddb0f0ec83bdbdd24cb29f38aa726c0917253617e30370f1e

Analysis

max time kernel
2s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18a4d6ad51c1a5c8ea77d3fcb4a20122.exe
Size

15KB
MD5

18a4d6ad51c1a5c8ea77d3fcb4a20122
SHA1

1aaf93d3be2d1480166d07ad93c9131ec092ea7b
SHA256

3f380b5b27d29ccddb0f0ec83bdbdd24cb29f38aa726c0917253617e30370f1e
SHA512

0ff9f232e0314443354c3a7ec410882e670994eb6e5e7719cfa14e1657adc173c5b5a27bf64439e44803a42362b2b81b4c5157eaeb292593da422a7d9db38727
SSDEEP

384:IR76Fphp0toLQt3ta9CaumpgIsC/uk+Vw2xmg9MDRTqDHDjjDj4DjjDjK:FP70tDy8auUfsghEwm1GwH4HK

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe
File opened for modification	C:\Windows\SysWOW64\spmybapi.sys	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe
File opened for modification	C:\Windows\SysWOW64\mpmydapi.dll	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe
File created	C:\Windows\SysWOW64\mpmydapi.dll	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2648	2156	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe	18
PID 2156 wrote to memory of 2648	2156	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe	18
PID 2156 wrote to memory of 2648	2156	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe	18
PID 2156 wrote to memory of 2648	2156	18a4d6ad51c1a5c8ea77d3fcb4a20122.exe	18

C:\Users\Admin\AppData\Local\Temp\18a4d6ad51c1a5c8ea77d3fcb4a20122.exe
"C:\Users\Admin\AppData\Local\Temp\18a4d6ad51c1a5c8ea77d3fcb4a20122.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259432876.bat
  2⤵
  PID:2648
- C:\Windows\SysWOW64\simyaapi.exe
  C:\Windows\system32\simyaapi.exe
  2⤵
  PID:1952
- - C:\Windows\SysWOW64\simyaapi.exe
    C:\Windows\system32\simyaapi.exe
    3⤵
    PID:1712
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259463982.bat
      4⤵
      PID:3276
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433344.bat
    3⤵
    PID:552
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259464622.bat
    3⤵
    PID:1964
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259463936.bat
  2⤵
  PID:3328

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433406.bat
1⤵
PID:1436

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259434717.bat
1⤵
PID:1080

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:2064
- C:\Windows\SysWOW64\simyaapi.exe
  C:\Windows\system32\simyaapi.exe
  2⤵
  PID:2552
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259522280.bat
    3⤵
    PID:1916
- - C:\Windows\SysWOW64\simyaapi.exe
    C:\Windows\system32\simyaapi.exe
    3⤵
    PID:1852
  - - C:\Windows\SysWOW64\simyaapi.exe
      C:\Windows\system32\simyaapi.exe
      4⤵
      PID:2176
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259526289.bat
        5⤵
        
        PID:1392
    - - C:\Windows\SysWOW64\simyaapi.exe
        
        C:\Windows\system32\simyaapi.exe
        5⤵
        
        PID:6056
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259531952.bat
        6⤵
        
        PID:6120
      - C:\Windows\SysWOW64\simyaapi.exe
        
        C:\Windows\system32\simyaapi.exe
        6⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259536554.bat
        7⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\simyaapi.exe
        
        C:\Windows\system32\simyaapi.exe
        7⤵
        
        PID:608
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259523544.bat
      4⤵
      PID:892
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259556585.bat
      4⤵
      PID:3476
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259554416.bat
    3⤵
    PID:3200
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259552856.bat
  2⤵
  PID:5952

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433859.bat
1⤵
PID:3148

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:3208
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259473498.bat
  2⤵
  PID:672

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433718.bat
1⤵
PID:3264

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:3104
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259464840.bat
  2⤵
  PID:292

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433625.bat
1⤵
PID:3340

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:3396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259471346.bat
  2⤵
  PID:3656

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433547.bat
1⤵
PID:3436

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:3484
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259473280.bat
  2⤵
  PID:2412

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433469.bat
1⤵
PID:3528

C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
1⤵
PID:3588
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259464045.bat
  2⤵
  PID:3252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DFD259432876.bat

Filesize
121B

MD5
09517fc62284f33e877a276463580bd1

SHA1
0b14fe1db4493818f9de0bf2a56ee5370b8d479a

SHA256
6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238

SHA512
1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD259463936.bat

Filesize
197B

MD5
2363f0d3dea074ce6fc192bad817a56b

SHA1
d5b713dd3ff43a78420598706e0393d2e7d7e7ea

SHA256
f045c3d4aa64490237a527ef0e188f90b4294ae16cd32cbf60202f8d58217fe3

SHA512
fdb226ac4b756575969c672cee7c16a1e0a9a437dc1d69e77ce890a719707e3efb3cb4ffa42faac7bc8c269454c9ca2eda0df5f913ac7128accd22a7e5c1f445

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD259463982.bat

Filesize
121B

MD5
5acada48d37f71a3351c954a4bae360e

SHA1
e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1

SHA256
b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133

SHA512
5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0

Download Submit
C:\Windows\SysWOW64\mpmydapi.dll

Filesize
523KB

MD5
0254c36f56a344fef69a9cdbbe961f10

SHA1
22b66ca86cac853d86d47f9ccb500128b3908e36

SHA256
03fa65f46304e1fbd9966ab216d9d5a47ec85dcc88d941c94ac3ee4f86cd821f

SHA512
3ad48195db62971256527afd49bee932f1fe4899f2cf586a2fa1f28be8e868eab4cfcd49c9dbd555d368f6d8195eca7d1ba7df3511672fc1a5464e353b02b508

Download Submit
C:\Windows\SysWOW64\mpmydapi.dll

Filesize
523KB

MD5
0ed8769b57f2d15b7068453007c58454

SHA1
4d9905d9f4515e33c16b0d4669097e870d4af75f

SHA256
9547bcd2079422209c94a785e57c1e219eee819196cf0329e599b297bf296389

SHA512
698362813973fb4d1643d3355f6b7fa9e10787dc934d911ec95f0c45d19510ae08dd06423b7578cb2525c7690978849f1a21f60edabd95898b8bc9e7302c5887

Download Submit
C:\Windows\SysWOW64\mpmydapi.dll

Filesize
145KB

MD5
7789919a9c07bb9cafa74d4e5039f342

SHA1
d39ebf6f8b5ff012c931df8fd7fb9a05df2d9206

SHA256
6bda5612ffcc5a3823bcaadee289eaf41e4a402d53f61ffe61def0b6dc445448

SHA512
ddc84a5e4af59ba4fae6da9a9ddf8a45b4c8aa1fe6ed224b1edc3eaa9b959fddfa2e172382e638257a8bff7cae9a973daf71c2511e9b3f481b00190a742876b0

Download Submit
C:\Windows\SysWOW64\simyaapi.exe

Filesize
1KB

MD5
f18437e8746babbf5b773226ba65540e

SHA1
9d86af51963d2b8c295c0402ad1d6c131a805e40

SHA256
12d26668942ba31c0ccaeab86227c24907a287a05e822aeb1126f60c4c8d998c

SHA512
be7295a169f60d9ad4c022f5a643d66060685ae73f5430d86a35f2290693256028e6e8cbec6bf3a736e7c7c595904b6ff9a202e2f8da94d9fb5e7d51801f3ff3

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
1KB

MD5
815642347f18a0d20b33e4f84622e896

SHA1
1b68c3a20728a71775c761c45242d1df8dc7e4a1

SHA256
e81b0472556bb96c0d1ea8b913e432c9c499b6c2a14137c512dfd79fbbae2b7f

SHA512
ba2fa602c55466f988f8030c32c6a2747068dd469da448c7fa9b7c69fa474b9d640d929034243b480471552eba1dc072d6baa9c5b9f44aa179860406ab0cf9e7

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
1KB

MD5
ae5cf5341750c9973eb10b4b4af312a2

SHA1
e86509dbd33c2a5f0bf6ed20777c6a99ca6aabf2

SHA256
c05285717f1ddf74e60873eb7f65bcb16dce311d98c9c84110e41a68cd676b3f

SHA512
05852922af80b859e80b0d7011c20c39e7688f24289eadc45ef1cf009f6c487c00dccc01bc56854ccbf392543c32cef8a1950b21773580327dff712efb57cbda

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
2KB

MD5
d064afc0f6c5ec6d7c88e85478a93f28

SHA1
449dd1e6d2cc2f3683cb545ef35c022d59e63d0b

SHA256
3a144152a0e3734f8a52309a65fcc78511435050a5f760afacd23063df9de48c

SHA512
c97c8c424077cf0eeff2753383ab054a9b1c74586d10664a60e5fcb73334f73907d514aae987390c353ff13c1df1b63ff9d338706d306a0e9a02e2d9ad509861

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
2KB

MD5
252295e2bedfc34294431b4725e52864

SHA1
28a9d288d91be6c939a5c1a1fe3412bdb6b0add4

SHA256
7764ee8e1ca3ae986f20f8a562148c9ef1ab45b1bffd453aaff87e72b31ce443

SHA512
c274e05f051518d5d193361ab80851f9fa254743deb45314930d4e88b60f7ad1ebc6b9a20627cbca6a5db0dce805fff01b94190bec491fd3c93bda0a6236fb2e

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
3KB

MD5
108b25490d78452881c2c5e776e7016b

SHA1
0952d1dbff262250fd0571a2d96507f4d976ba39

SHA256
5d7dcf693161bd177e1a28cd22a2c32b5eb6a8dec7bcbeba813c343dc7d034ca

SHA512
d120dbe6a654f4df54882e3025006e2eed4b5f7ccb7acc3d8e91c78946f492dd443b7256d606c02b062ca711eb18d4d04158887a3babb6a9edf61a04527d84d5

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
3KB

MD5
8353a7aebdd23d42c77de232596479f6

SHA1
521c057d1ff81b5554984cc0fe587d195a11095e

SHA256
916584ba4f1f16790449c38f6c17b18a9b30d3cbb06fd4b6ae5ad6647f214c73

SHA512
9d0fdb3dc1afd5b8cf468f6415de3fded03e995ce0127ac1de370963a574b14bdaa65d22662cac765572ca58026c2477a83e282afb46545d007e364cc25dc701

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
4KB

MD5
76fecc4b8e40e53c519349f94f28f6a3

SHA1
7db1e55fd4f62512f9f08fc64e57c2e1a780cb99

SHA256
518e7c98cdb9abd27fae704f24f59d8baa8753af4f76446e63c49730ed5d53a9

SHA512
9791a8af0ae07c45c6005071c3a2058142c8a6584cf0e320e557724ae7ab308653168dd9302899cecc453e7d6f58bafcf53e9ddf6fe274fcac994439854e949d

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
4KB

MD5
6bbe6444fa330af12c3335f7595edbb5

SHA1
bdb560633b3d7e05b01ba21da3999258dbbfc806

SHA256
d9059f0f11dfc5c508fff4ad668db5a350a9612c45ead7d4fd67f43d19c0b418

SHA512
fdf20a38bd969fc7bb5ac313782756f02ff880157a20da1523c3adf6f8b47cf9cbc2bc496ef0cdf1b848d75df3637861cd8f379b8c382f29a7697cc1c6c8ae81

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
5KB

MD5
7a1f988e7cb949c277526de5e4caf0ba

SHA1
48256f7006ccdc497db61e454bf1fb8590836cb2

SHA256
ecf36b5492a3278455cf91334100a9ad148453ea9ffff93be046b32c4c9f79df

SHA512
8c3aa73f312a56d60f56ad7f3e3052773272f95ff09510c676dd4b313772122b53558f5618597a9c01496eab9a44c3e2ca584564111050376787b475ddf17d38

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
5KB

MD5
351c88f9db2ccc9efb65431a67c3aeb1

SHA1
227b201c5a85f041a150b1d1dc44e79f496e901c

SHA256
833f83b884236211969686f3f2c514e9ba307a33d176bfeccbe1c1d7af7993f8

SHA512
55e00eec9f6c1024488614338de9e05a77cb68d92ce21bb4dee357b8a3aac2431ae41522cc7307a66ba3589952c2f390d76d570ff2003b52823ff5f97cdf13f9

Download Submit
C:\Windows\SysWOW64\spmybapi.sys

Filesize
6KB

MD5
157bf290de7768243d13a9fef997f9b0

SHA1
636f7e678762cab5fe1a6aca75983d4db0b3e072

SHA256
4e4187cbbfe14f1e803f09f5595ee5c6bf44b4f58cc2720fec4f4080ef3a9ae4

SHA512
7bc8af82a942be0e4495fd57c22f3c75b287525276eeaebbf8cbe8251babee96e07d2c91d6c7032619b81704c06a4e5c38e4834ed2d2528e1a6482cd1314c4ed

Download Submit
\Windows\SysWOW64\simyaapi.exe

Filesize
2KB

MD5
ff5e452465ff43b54c6a48c127a8daf6

SHA1
588759c9e90c051d8dca5440210caeacfb85959a

SHA256
fb0e967dfcee74c0be60928bef3a420c547069dc7742b29132253266b819443c

SHA512
c25e0a94ae612f89e60b2ecc1fa7f5e1e6af40885cc32d3a13e67c87c1d15e5dc902458223be94362e83082c2de699578b82e7dc4f60818edf75da4e2e585f9e

Download Submit
\Windows\SysWOW64\simyaapi.exe

Filesize
15KB

MD5
18a4d6ad51c1a5c8ea77d3fcb4a20122

SHA1
1aaf93d3be2d1480166d07ad93c9131ec092ea7b

SHA256
3f380b5b27d29ccddb0f0ec83bdbdd24cb29f38aa726c0917253617e30370f1e

SHA512
0ff9f232e0314443354c3a7ec410882e670994eb6e5e7719cfa14e1657adc173c5b5a27bf64439e44803a42362b2b81b4c5157eaeb292593da422a7d9db38727

Download Submit
memory/1712-1068-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/1712-1604-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/1952-1598-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/1952-1053-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/1952-1050-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1952-1152-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/2064-2267-0x00000000003E0000-0x00000000003F9000-memory.dmp

Filesize
100KB

Download
memory/2156-1148-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/2156-1033-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/2156-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2156-1123-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2156-1025-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3104-1135-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3208-1599-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3208-1600-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3396-1612-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3396-1130-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3484-1611-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3484-1608-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3484-1100-0x0000000000260000-0x0000000000279000-memory.dmp

Filesize
100KB

Download
memory/3588-1607-0x0000000000220000-0x0000000000239000-memory.dmp

Filesize
100KB

Download
memory/3588-1084-0x0000000000220000-0x0000000000239000-memory.dmp

Filesize
100KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads