28086f10cb70478dd19efe123ba06114c4e96e5df0a1f8ca8b8f7866f3bc249d

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98fa5f46a39de04045ce9c3264427a29.exe
Size

81KB
MD5

98fa5f46a39de04045ce9c3264427a29
SHA1

65353dab0b28124bd221b90d81e92e96a2516fc1
SHA256

28086f10cb70478dd19efe123ba06114c4e96e5df0a1f8ca8b8f7866f3bc249d
SHA512

6b2938f0a39d5feb4b93e6e4256f9f1088de926b7320edb2e9e9861959fab1bc644eaa4735f109c78745ba4aa9d62ba0eb6c8edb5056f7ccf4e389626444f4ec
SSDEEP

1536:vJxde7rjpCZk0Q2tDf36onloX/F15l7vMRP+gLBqYVL:vJxE7rjpCO0VRxlot15xvM8gLBjL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1872	rundll32.exe
3588	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32.exe.tmp	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1872	2232	98fa5f46a39de04045ce9c3264427a29.exe	83
PID 2232 wrote to memory of 1872	2232	98fa5f46a39de04045ce9c3264427a29.exe	83
PID 2232 wrote to memory of 1872	2232	98fa5f46a39de04045ce9c3264427a29.exe	83
PID 1872 wrote to memory of 3588	1872	rundll32.exe	84
PID 1872 wrote to memory of 3588	1872	rundll32.exe	84
PID 1872 wrote to memory of 3588	1872	rundll32.exe	84

C:\Users\Admin\AppData\Local\Temp\98fa5f46a39de04045ce9c3264427a29.exe
"C:\Users\Admin\AppData\Local\Temp\98fa5f46a39de04045ce9c3264427a29.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\98fa5f46a39de04045ce9c3264427a29.exe.tmp,X50
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1872
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe.tmp,X50
    3⤵
    - Loads dropped DLL
    PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\98fa5f46a39de04045ce9c3264427a29.exe.tmp

Filesize
81KB

MD5
9b385f7b953cc578b39fef4069e697e3

SHA1
ba005cb7d15c10007579c99b69387542cea223bf

SHA256
e3b5bc4bf1afba92e0d9728640dfa8b2e16abf27430c8e0217c79afda741d4b9

SHA512
9aa1828b70c6408d54f77dc1b69b8efbf998c7a850009fb051dd2a6ab9b5c00fddf62330df79d245e1941865169aa3f32798f24014196e3585446187427069f7

Download Submit
C:\Windows\SysWOW64\rundll32.exe.tmp

Filesize
60KB

MD5
437c5321fcf709576aed95b2fb8deaed

SHA1
4e004ecaf5296c41df151b0ac3e0f33d25d17eae

SHA256
0c90a5aa5dff6e20a04ac39b180af71238863c83b2128d5e16553ebfd66856e9

SHA512
12757375ecae4dba240f2d819596b13741e905cb6ee9a0f7e9f1b4da526afe6902df2657e217c0de0fd2b15bcf3f7f6a13e97434844916a860a080b2616598c6

Download Submit
memory/1872-9-0x0000000000970000-0x000000000097F000-memory.dmp

Filesize
60KB

Download
memory/1872-12-0x0000000000980000-0x0000000000997000-memory.dmp

Filesize
92KB

Download
memory/1872-10-0x00000000009B0000-0x00000000009BF000-memory.dmp

Filesize
60KB

Download
memory/1872-13-0x00000000009B0000-0x00000000009BF000-memory.dmp

Filesize
60KB

Download
memory/1872-15-0x0000000000970000-0x000000000097F000-memory.dmp

Filesize
60KB

Download
memory/2232-0-0x0000000002050000-0x000000000205F000-memory.dmp

Filesize
60KB

Download
memory/2232-2-0x0000000002060000-0x0000000002077000-memory.dmp

Filesize
92KB

Download
memory/2232-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-4-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2232-6-0x0000000002060000-0x0000000002077000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads