Overview

overview

10

Static

static

10

d6a0b7812b...ec.dll

windows7_x64

6

d6a0b7812b...ec.dll

windows10_x64

6

Analysis

  • max time kernel
    148s
  • max time network
    170s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec.dll

  • Size

    164KB

  • MD5

    c37804708ee284575f87bd0e365be9d9

  • SHA1

    7b8f73cd90e344db7a4697fb6731cd953b1dfe03

  • SHA256

    d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec

  • SHA512

    f2cca7e4bad7d683d47e5fc7fabb79024a8d5932b2b0206b11e66a2cae52d4e50626d3f0494cc3709885e1e40985295dee0eb02e7e44e7dfbb3b6fa7b30e4427

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:616
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6a0b7812b3ee8fbf81d40db94094facc25645689f4109e5d7983e8cb49990ec.dll,#1
      2⤵
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      PID:2800

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads