Overview

overview

10

Static

static

647230baf8...2e.dll

windows7_x64

10

647230baf8...2e.dll

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    14-12-2021 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    647230baf87469b45f90d441ec31b60acd021896a6d26a1cc223fc83d659812e.dll

  • Size

    522KB

  • MD5

    6db05064d40df7fcb691dc518ff16d8b

  • SHA1

    e677bc818dcf532b225bcf2105f5b7a234eebb1a

  • SHA256

    647230baf87469b45f90d441ec31b60acd021896a6d26a1cc223fc83d659812e

  • SHA512

    6882a358f8caf744970a062f7a23cbb5c2182f285f299634dd26dc4f2e41ff8a93fdb00aac7caa577fe3140107e7c788c98d6741b34c8d2472f7f0846d705056

Score
10/10
matanbuchusloader

Malware Config

Extracted

Family

matanbuchus

C2

https://belialq449663.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml

https://belialw869367.at/f5126584-3f68-4e0c-868a-dcb2455f8146/Y2xpbnRvbjQ1.xml

https://beliale232634.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

https://belialr878539.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

https://belialp632298.at/b0868b6b-7f2c-4ac6-ba54-ba9b13744d17/clinton45.xml

Signatures

  • Matanbuchus

    A loader sold as MaaS first seen in February 2021.

    loadermatanbuchus
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\647230baf87469b45f90d441ec31b60acd021896a6d26a1cc223fc83d659812e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\647230baf87469b45f90d441ec31b60acd021896a6d26a1cc223fc83d659812e.dll,#1
      2⤵
        PID:1804

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1804-54-0x0000000000000000-mapping.dmp

      Download

    • memory/1804-55-0x0000000075831000-0x0000000075833000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1804-56-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1804-58-0x00000000009D0000-0x00000000009EE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1804-57-0x00000000009D0000-0x00000000009EE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1804-59-0x00000000003D0000-0x00000000003EF000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1804-60-0x00000000009D0000-0x00000000009EE000-memory.dmp

      Filesize

      120KB

      Download