12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9

Analysis

max time kernel
130s
max time network
137s
platform
windows7_x64
resource
win7
submitted
08-07-2020 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll
Size

143KB
MD5

7c806cf272e18891b99f3bd41f53527e
SHA1

b48de6a13d8b45f9887b4341b08240038d728294
SHA256

12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9
SHA512

0adc983cec97fcecd9af2ca71de2d62a0bfa06f60b3a412b0e7dac35117b2976498b3f38ef5eb803c7a7750d1ee834a221a8098550332335947497bc4223e9ba

Score

8^/10

persistence

Malware Config

Signatures

Adds Run entry to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\JUSCHEDopt46t = "C:\\Windows\\SysWOW64\\rundll32.exe"	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24
PID 1164 wrote to memory of 1328	1164	rundll32.exe	24

Blacklisted process makes network request 1 IoCs

flow	pid	Process
7	1328	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll,#1
  2⤵
  - Adds Run entry to start application
  - Blacklisted process makes network request
  PID:1328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads