Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    24-01-2022 00:51

General

  • Target

    e08e62a60edb3d83e8ead3b53fa9ca53d44f6df7496db81d6f977df589444194.dll

  • Size

    164KB

  • MD5

    72b9dc09e641937ab99042a4f148ea95

  • SHA1

    aa88d64c62f7c605633cd0cd17f191b87f86ecb4

  • SHA256

    e08e62a60edb3d83e8ead3b53fa9ca53d44f6df7496db81d6f977df589444194

  • SHA512

    41e0b5370e506d49dcb3b1bc5799879cf13864528d325f906353a4501a165f5af145e1be450c1631dd3ceab7f8c417618bdaf75582d86979b90990753f27e148

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e08e62a60edb3d83e8ead3b53fa9ca53d44f6df7496db81d6f977df589444194.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e08e62a60edb3d83e8ead3b53fa9ca53d44f6df7496db81d6f977df589444194.dll,#1
      2⤵
      • Enumerates connected drives
      PID:1692

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-54-0x00000000754B1000-0x00000000754B3000-memory.dmp
    Filesize

    8KB