Analysis
-
max time kernel
118s -
max time network
175s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 01:38
Static task
static1
Behavioral task
behavioral1
Sample
8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32.dll
Resource
win10-en-20211208
General
-
Target
8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32.dll
-
Size
164KB
-
MD5
76a006d8c40c2a1eca3d5465edaeec52
-
SHA1
0b9ea08762a974f87948afa8ef85596ee03f8b97
-
SHA256
8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32
-
SHA512
985da96f2641e192f1c0f0080e9e69096ab1af24f0ef6e71dd0a10fa3b5a7c3b61c66ef0631ed04a5c98b0cd270fb3b696f2f6c3997449e1bcec33f0722b8e64
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
rundll32.exedescription ioc process File opened (read-only) \??\H: rundll32.exe File opened (read-only) \??\O: rundll32.exe File opened (read-only) \??\R: rundll32.exe File opened (read-only) \??\W: rundll32.exe File opened (read-only) \??\F: rundll32.exe File opened (read-only) \??\G: rundll32.exe File opened (read-only) \??\I: rundll32.exe File opened (read-only) \??\M: rundll32.exe File opened (read-only) \??\Y: rundll32.exe File opened (read-only) \??\Z: rundll32.exe File opened (read-only) \??\B: rundll32.exe File opened (read-only) \??\E: rundll32.exe File opened (read-only) \??\L: rundll32.exe File opened (read-only) \??\T: rundll32.exe File opened (read-only) \??\U: rundll32.exe File opened (read-only) \??\V: rundll32.exe File opened (read-only) \??\X: rundll32.exe File opened (read-only) \??\A: rundll32.exe File opened (read-only) \??\K: rundll32.exe File opened (read-only) \??\P: rundll32.exe File opened (read-only) \??\Q: rundll32.exe File opened (read-only) \??\S: rundll32.exe File opened (read-only) \??\J: rundll32.exe File opened (read-only) \??\N: rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 480 rundll32.exe 480 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2636 wrote to memory of 480 2636 rundll32.exe rundll32.exe PID 2636 wrote to memory of 480 2636 rundll32.exe rundll32.exe PID 2636 wrote to memory of 480 2636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a7676a1c973d53626bc8e877861cb2a4b7021369097b0f83b11f0569748ab32.dll,#12⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses