Overview

overview

10

Static

static

haveSimpleAnd.dll

windows7_x64

10

haveSimpleAnd.dll

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    229s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    21-07-2021 20:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    haveSimpleAnd.dll

  • Size

    454KB

  • MD5

    fdd1d81128f8fe9022d3cd6ae0f08bf1

  • SHA1

    25f03defe490c9cc8455a0216e626217ca19abe5

  • SHA256

    1e26ec8397bdc7b7b6ffb3169dbeb7f16ce8bd2d80398ccb0edcbd7b189d639e

  • SHA512

    c3186b17f5b49b1c1d9ce102c227aa384e1a829f0e8bd682977a9bbad6b32e148b99f98f965a0608cf5d37914d8ac76d1308c3ca3c2fded7af48575bf69d70f1

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1200
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\haveSimpleAnd.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:360
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:988
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\haveSimpleAnd.dll"
        1⤵
          PID:1100

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          MD5

          2902de11e30dcc620b184e3bb0f0c1cb

          SHA1

          5d11d14a2558801a2688dc2d6dfad39ac294f222

          SHA256

          e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

          SHA512

          efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          MD5

          2dfac8f6169946d76f73652d04b82c2b

          SHA1

          612cdfd7496b7e8da44ba8223abb62fa02ea41ec

          SHA256

          41cd12e5bf2e6b602850afb8c39967b5de96986ac1497c3299e3a00d83883dc2

          SHA512

          3b077aca24d632c81ce6f5f21864fe78e55b08f07b5a8242969996f7ab2556118726dc6de25eff74e9eb5596fd6e8355eb3c7bf80afdf02efc10eafcea186914

          Download Submit

        • memory/360-60-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/360-61-0x0000000001EE0000-0x000000000218A000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/988-62-0x000000013FF00000-0x0000000140145000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/988-63-0x00000001401177D8-mapping.dmp

          Download

        • memory/988-64-0x000000013FF00000-0x0000000140145000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/1100-66-0x0000000001F10000-0x00000000021BA000-memory.dmp

          Filesize

          2.7MB

          Download