Overview

overview

10

Static

static

10

076be2c09b...29.exe

windows11-21h2-x64

10

0fd2b5dba8...d1.exe

windows11-21h2-x64

10

131d6fb920...b1.exe

windows11-21h2-x64

10

1c133b9bb4...fd.exe

windows11-21h2-x64

10

30af8d3ec6...30.exe

windows11-21h2-x64

10

41c9d28653...f5.exe

windows11-21h2-x64

10

5a0daa24b5...1f.exe

windows11-21h2-x64

630efa1e2d...ad.exe

windows11-21h2-x64

10

651bc82076...73.exe

windows11-21h2-x64

677bea9e71...58.exe

windows11-21h2-x64

10

7afefba65e...bb.exe

windows11-21h2-x64

3

817c226e42...db.dll

windows11-21h2-x64

8

a925fc1289...42.exe

windows11-21h2-x64

7

b1c5fd5c0f...ae.exe

windows11-21h2-x64

10

f2923f695d...7d.msi

windows11-21h2-x64

10

f58d2071a2...e1.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    424s
  • max time network
    450s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-12-2023 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.dll

  • Size

    2.6MB

  • MD5

    fea3a5c2bafa878b95e7084b5a5cb192

  • SHA1

    bc2bd62464ab420e677753ada67f3bb345cf5080

  • SHA256

    817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db

  • SHA512

    00d281f0d02619afa27e29faa8cd80ef48a449628308baa31c239c4930a8f3c031dadbb95ba194c3b0e00dba95a33ddd6715991ba9ab4a2daf06b430915c513a

  • SSDEEP

    49152:sVSjcGsSEt3UQjAuD5Pa8G/5Dh+TNbtFs98e:sVYcwOJP67a

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5536
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:6084
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 2408
        3⤵
        • Program crash
        PID:4280
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6084 -ip 6084
    1⤵
      PID:1608

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/6084-0-0x0000000000DE0000-0x0000000000DE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/6084-1-0x0000000000400000-0x000000000072C000-memory.dmp
      Filesize

      3.2MB

      Download
    • memory/6084-16-0x0000000000400000-0x000000000072C000-memory.dmp
      Filesize

      3.2MB

      Download
    • memory/6084-21-0x0000000000400000-0x000000000072C000-memory.dmp
      Filesize

      3.2MB

      Download
    • memory/6084-22-0x0000000000DE0000-0x0000000000DE1000-memory.dmp
      Filesize

      4KB

      Download