Overview

overview

10

Static

static

sorvpng.dll

windows7_x64

10

sorvpng.dll

windows10_x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-12-2020 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sorvpng.dll

  • Size

    599KB

  • MD5

    4b4b4f795f03dd4bd84759cf7da0eae9

  • SHA1

    40b9fd52a1db33bac2a9ef12ddee3439d7e2d3f8

  • SHA256

    0e5cda7dd0ed8c3ce20b1019f5895deb2b780039d4ed3e32cb7d383bf237ca33

  • SHA512

    178a8065b7306cbd9e4586e0079e614f9131e5364aefa778af7d8974c839e36ea5419fd3f0362a9757a5fee97c4fc1363e32d1c3a30f11148ca1cb141ea14265

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 99 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\sorvpng.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\sorvpng.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:4708
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4092
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4092 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1868
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:512
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:512 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:896
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1728
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2608
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4316
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\44B788DE399AB1AE5EC9790303CA67AC
    MD5

    d2f8bef41d726a813a663016cc71d266

    SHA1

    c0f83268fbc3690e6c277760cb26f07819b096bd

    SHA256

    59a93ca668f037a8c1f00982beeca5684e3187f22fdc9d9edb6c4db36ff782ba

    SHA512

    0472ab952a063fffc9c9540248b56ec8c81d0684804b9d4f97376ea9fab742691594aa8e0c98c8fd4d3aced4527453ac763acadef2057e3c8304a69c92feee04

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    MD5

    a3937e7c96f6a6758d9d47b31ec2f631

    SHA1

    a6ddca987506ade6cff0c3fb14358c3f2e663de2

    SHA256

    39a093299e6413d6bb7f6daa0f69e95231e9feadab80737db6647ea98ab5d893

    SHA512

    56ab7a51045d426425df6858d2aaca07a9432f97bfe330e7fc7f39ebfffccf1daa62a1b012a6b5ef45271c5005a8768e3ce3c62df834670cd36159872112e208

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\44B788DE399AB1AE5EC9790303CA67AC
    MD5

    99a7b35cd2b4f3d0b2223053da14e2f1

    SHA1

    7a272d6d1f9e412930d429d7c529d9a05745f5d9

    SHA256

    55f3fa489afcbd0ce884cff7b0e43d028339c3967661c7c71da6f7715dd59128

    SHA512

    6e5442f25e33041c32ad66c128d677ae1f9ff0931d6d91c233b095a751d4d6d0743c3bd82d4c2540305431b59a432c073962649b2dfb2a7b79879537992c0053

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    MD5

    ed65f8a664b8014c2f527fa23a40b074

    SHA1

    44263fcb9bafe5122489f07944ac47a010a05cc3

    SHA256

    632aa63d8ae54855e81d1f6ef7143f0ef4171af2078ba6aeb224e275c24fd632

    SHA512

    1148f9641d961e3ccd230c2bc0f8c346ad8f4923b1db3782cd03afd210a2ee13b6564ad457913c7127911cfd7bd225acac8c310035ca54c574a1140ba7224773

    Download Submit
  • memory/896-5-0x0000000000000000-mapping.dmp
    Download
  • memory/1296-13-0x0000000000000000-mapping.dmp
    Download
  • memory/1728-10-0x0000000000000000-mapping.dmp
    Download
  • memory/1868-4-0x0000000000000000-mapping.dmp
    Download
  • memory/2608-11-0x0000000000000000-mapping.dmp
    Download
  • memory/4316-12-0x0000000000000000-mapping.dmp
    Download
  • memory/4708-2-0x0000000000000000-mapping.dmp
    Download
  • memory/4708-3-0x00000000031E0000-0x00000000031F2000-memory.dmp
    Filesize

    72KB

    Download