4786703df819f10985833878ea00877aafdfcc58fab8472a211f1490eec30dcd

Analysis

max time kernel
147s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 21:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

99fca15f079b6b4d4bc07307f4fdb05c.exe
Size

55KB
MD5

99fca15f079b6b4d4bc07307f4fdb05c
SHA1

b73090608489f8823a8b486d79b3147202a9c1ac
SHA256

4786703df819f10985833878ea00877aafdfcc58fab8472a211f1490eec30dcd
SHA512

bdf5e678bc2f6f3829a047d48a7ac8a152f4ac6945499abafbec401f0a9f0b6bac755317ccecc17001ea4c0f08bfaabb42c35496321cae71ec4aa41e1acf78b5
SSDEEP

768:TzDvnx7vMkoIDFjYJZarQyI8fzGpNDctUapUNKMzsIpdfgo5bpqfc/pQlNoUHJvK:jvnlvkQhKwrB1fzG1apXi5cfYQleUHsz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
2316	mmdmm.exe
2744	mmdmm.exe
2840	mmdmm.exe
2504	mmdmm.exe
2432	mmdmm.exe
2556	mmdmm.exe
2104	mmdmm.exe
824	mmdmm.exe
2244	mmdmm.exe

Loads dropped DLL 18 IoCs

pid	Process
776	99fca15f079b6b4d4bc07307f4fdb05c.exe
776	99fca15f079b6b4d4bc07307f4fdb05c.exe
2316	mmdmm.exe
2316	mmdmm.exe
2744	mmdmm.exe
2744	mmdmm.exe
2840	mmdmm.exe
2840	mmdmm.exe
2504	mmdmm.exe
2504	mmdmm.exe
2432	mmdmm.exe
2432	mmdmm.exe
2556	mmdmm.exe
2556	mmdmm.exe
2104	mmdmm.exe
2104	mmdmm.exe
824	mmdmm.exe
824	mmdmm.exe

Drops file in System32 directory 20 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mmdmm.exe	99fca15f079b6b4d4bc07307f4fdb05c.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	99fca15f079b6b4d4bc07307f4fdb05c.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File created	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe
File opened for modification	C:\Windows\SysWOW64\mmdmm.exe	mmdmm.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 2316	776	99fca15f079b6b4d4bc07307f4fdb05c.exe	28
PID 776 wrote to memory of 2316	776	99fca15f079b6b4d4bc07307f4fdb05c.exe	28
PID 776 wrote to memory of 2316	776	99fca15f079b6b4d4bc07307f4fdb05c.exe	28
PID 776 wrote to memory of 2316	776	99fca15f079b6b4d4bc07307f4fdb05c.exe	28
PID 2316 wrote to memory of 2744	2316	mmdmm.exe	29
PID 2316 wrote to memory of 2744	2316	mmdmm.exe	29
PID 2316 wrote to memory of 2744	2316	mmdmm.exe	29
PID 2316 wrote to memory of 2744	2316	mmdmm.exe	29
PID 2744 wrote to memory of 2840	2744	mmdmm.exe	30
PID 2744 wrote to memory of 2840	2744	mmdmm.exe	30
PID 2744 wrote to memory of 2840	2744	mmdmm.exe	30
PID 2744 wrote to memory of 2840	2744	mmdmm.exe	30
PID 2840 wrote to memory of 2504	2840	mmdmm.exe	33
PID 2840 wrote to memory of 2504	2840	mmdmm.exe	33
PID 2840 wrote to memory of 2504	2840	mmdmm.exe	33
PID 2840 wrote to memory of 2504	2840	mmdmm.exe	33
PID 2504 wrote to memory of 2432	2504	mmdmm.exe	34
PID 2504 wrote to memory of 2432	2504	mmdmm.exe	34
PID 2504 wrote to memory of 2432	2504	mmdmm.exe	34
PID 2504 wrote to memory of 2432	2504	mmdmm.exe	34
PID 2432 wrote to memory of 2556	2432	mmdmm.exe	35
PID 2432 wrote to memory of 2556	2432	mmdmm.exe	35
PID 2432 wrote to memory of 2556	2432	mmdmm.exe	35
PID 2432 wrote to memory of 2556	2432	mmdmm.exe	35
PID 2556 wrote to memory of 2104	2556	mmdmm.exe	36
PID 2556 wrote to memory of 2104	2556	mmdmm.exe	36
PID 2556 wrote to memory of 2104	2556	mmdmm.exe	36
PID 2556 wrote to memory of 2104	2556	mmdmm.exe	36
PID 2104 wrote to memory of 824	2104	mmdmm.exe	37
PID 2104 wrote to memory of 824	2104	mmdmm.exe	37
PID 2104 wrote to memory of 824	2104	mmdmm.exe	37
PID 2104 wrote to memory of 824	2104	mmdmm.exe	37
PID 824 wrote to memory of 2244	824	mmdmm.exe	38
PID 824 wrote to memory of 2244	824	mmdmm.exe	38
PID 824 wrote to memory of 2244	824	mmdmm.exe	38
PID 824 wrote to memory of 2244	824	mmdmm.exe	38

C:\Users\Admin\AppData\Local\Temp\99fca15f079b6b4d4bc07307f4fdb05c.exe
"C:\Users\Admin\AppData\Local\Temp\99fca15f079b6b4d4bc07307f4fdb05c.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:776
- C:\Windows\SysWOW64\mmdmm.exe
  C:\Windows\system32\mmdmm.exe 476 "C:\Users\Admin\AppData\Local\Temp\99fca15f079b6b4d4bc07307f4fdb05c.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Windows\SysWOW64\mmdmm.exe
    C:\Windows\system32\mmdmm.exe 508 "C:\Windows\SysWOW64\mmdmm.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Windows\SysWOW64\mmdmm.exe
      C:\Windows\system32\mmdmm.exe 516 "C:\Windows\SysWOW64\mmdmm.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 512 "C:\Windows\SysWOW64\mmdmm.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2504
      - C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 528 "C:\Windows\SysWOW64\mmdmm.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 520 "C:\Windows\SysWOW64\mmdmm.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 536 "C:\Windows\SysWOW64\mmdmm.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2104
        
        C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 548 "C:\Windows\SysWOW64\mmdmm.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:824
        
        C:\Windows\SysWOW64\mmdmm.exe
        
        C:\Windows\system32\mmdmm.exe 524 "C:\Windows\SysWOW64\mmdmm.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\mmdmm.exe

Filesize
55KB

MD5
99fca15f079b6b4d4bc07307f4fdb05c

SHA1
b73090608489f8823a8b486d79b3147202a9c1ac

SHA256
4786703df819f10985833878ea00877aafdfcc58fab8472a211f1490eec30dcd

SHA512
bdf5e678bc2f6f3829a047d48a7ac8a152f4ac6945499abafbec401f0a9f0b6bac755317ccecc17001ea4c0f08bfaabb42c35496321cae71ec4aa41e1acf78b5

Download Submit
memory/776-11-0x0000000002420000-0x0000000002479000-memory.dmp

Filesize
356KB

Download
memory/776-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/776-13-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/824-59-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/824-57-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2104-51-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2104-53-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2244-65-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2244-63-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2316-15-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2316-12-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2432-44-0x0000000000670000-0x00000000006C9000-memory.dmp

Filesize
356KB

Download
memory/2432-38-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2432-40-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2504-37-0x00000000007C0000-0x0000000000819000-memory.dmp

Filesize
356KB

Download
memory/2504-33-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2504-31-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2556-45-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2556-47-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2744-21-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2744-19-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2840-27-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2840-25-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads