Overview

overview

10

Static

static

b037fc5681...a0.dll

windows7_x64

10

b037fc5681...a0.dll

windows10_x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    23-12-2020 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b037fc5681d3d59f4ed0c7cd2a5d05ed8df3aaa0.dll

  • Size

    233KB

  • MD5

    68cf96f4bc91628e22e1526d9728990b

  • SHA1

    a1e1063ec8c3667e86e1afab81cb6bbea84485b3

  • SHA256

    790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c

  • SHA512

    ca6bb734df8bf35a2f3346ff5ad954ecc058a719b0eabf90d8c323b80ed6b8659cef5b5f51f65b149c48435bc396920549a72471b0cde1d70a02bf59dbf37b24

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 131 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b037fc5681d3d59f4ed0c7cd2a5d05ed8df3aaa0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b037fc5681d3d59f4ed0c7cd2a5d05ed8df3aaa0.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:4760
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:676
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2232
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3556 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4000
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4500
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4612 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4608
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2224
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4856 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:724
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3424 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    953f2125a88eced630fa3f95e287b02f

    SHA1

    441e0e319ee73efd0621095d74e75b6a16239c48

    SHA256

    251e9ca5f4e6580fe9014e843ac3e054aa45d6a8e7cef4f5c7512fc31fc354fa

    SHA512

    b685e7d725dc2bf210c906b744445f1ad59a54a4ee251825f39b12522d98f02be49f4bce3fa1832bb7e08f8e118bfc1ed7c1bd76cb054b24223eb863103c0050

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    1b1f99cb1f17d8422e1d8dfc8dc553f0

    SHA1

    2a3db8f52890c70e811a0f40c06da3587c204575

    SHA256

    a2669d59ebc3a1b91535b567fa6e970748aacf8b333c235b4470adaa2857b653

    SHA512

    0c09f115ab0167c78805448d94f69796e8e91545592dcb5d707cd9a1b6f1d76199e3597bca00e61574f1fa7a8333123340c8f5be392176108b7a937fa9b4baeb

    Download Submit
  • memory/676-4-0x0000000000000000-mapping.dmp
    Download
  • memory/724-12-0x0000000000000000-mapping.dmp
    Download
  • memory/2224-11-0x0000000000000000-mapping.dmp
    Download
  • memory/2232-5-0x0000000000000000-mapping.dmp
    Download
  • memory/3992-13-0x0000000000000000-mapping.dmp
    Download
  • memory/4000-8-0x0000000000000000-mapping.dmp
    Download
  • memory/4500-9-0x0000000000000000-mapping.dmp
    Download
  • memory/4608-10-0x0000000000000000-mapping.dmp
    Download
  • memory/4760-2-0x0000000000000000-mapping.dmp
    Download
  • memory/4760-3-0x00000000027B0000-0x00000000027C2000-memory.dmp
    Filesize

    72KB

    Download