Overview

overview

10

Static

static

mecru.bin.dll

windows7_x64

10

mecru.bin.dll

windows10_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    07-07-2020 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mecru.bin.dll

  • Size

    464KB

  • MD5

    e7ea5e853bf24762f849a1edec3c09b3

  • SHA1

    9e963430622829059b704da4a1e26bb4b897164e

  • SHA256

    8426c1ef563077a8f6df9e1555ac65aeae3ade47ad829b4655aedfb18a5ceada

  • SHA512

    f595911f36b4ea6e105311ab1ea05844e56e2a8a49f79e72d554bfe38e824fe21c5bd75cfe820ecd31b2f9d6b1f963f64163528b685e281e5e7434726761c63f

Score
10/10
ratdonot_downloaderevasionspywaretrojan

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs
  • Blacklisted process makes network request 5 IoCs
  • Donot APT Downloader

    A downloader used by Donot APT group to download further modules.

    ratdonot_downloader
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\mecru.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\mecru.bin.dll,#1
      2⤵
      • Blacklisted process makes network request
      • Modifies system certificate store
      PID:1420

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1420-0-0x0000000000000000-mapping.dmp

    Download