Overview

overview

10

Static

static

1

dusmapi7bf.exe

windows7_x64

7

dusmapi7bf.exe

windows10_x64

10

Resubmissions

09-01-2021 06:25

210109-x11fbv57ln 10

16-10-2020 02:45

201016-1g8jrbkdln 7

Analysis

  • max time kernel
    81s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-01-2021 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dusmapi7bf.exe

  • Size

    201KB

  • MD5

    235730a5bbd6d3c5cef4bf0c949b74e8

  • SHA1

    e0edbe75a0fdbaff4c4467b5b2a37a281687b0b7

  • SHA256

    80b65c87c2af3d8e0fba7ae3901491fb0421a20ce8c33a94e578ba2a8e0fe9c4

  • SHA512

    3dc31d2c0eae9be0040cd8bb128c6f21c089f37ecbaf0ea613e4045dceb9886538b0301b1950e091b973807facb92d96586e470ed7a36c158f49082b6a48621d

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe
    "C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe
      "C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe"
      2⤵
        PID:1572

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\nssA239.tmp\System.dll
      MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

      SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

      SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

      SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

      Download Submit
    • memory/1572-3-0x0000000000400000-0x0000000000428000-memory.dmp
      Filesize

      160KB

      Download
    • memory/1572-4-0x0000000000416A80-mapping.dmp
      Download
    • memory/1572-5-0x0000000000400000-0x0000000000428000-memory.dmp
      Filesize

      160KB

      Download