Overview

overview

10

Static

static

10

594f66d5c4...78.dll

windows7_x64

6

594f66d5c4...78.dll

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    24-01-2022 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    594f66d5c4b99a1c9be01492c397f0b9dffd90043f7dec6dea365ed3cb8ba578.dll

  • Size

    164KB

  • MD5

    ac93bcaa2cfb182d588b13af90e17254

  • SHA1

    650c0c4c18d69ea564d063182ff4e2f8b40e32fc

  • SHA256

    594f66d5c4b99a1c9be01492c397f0b9dffd90043f7dec6dea365ed3cb8ba578

  • SHA512

    ebc03ea09132c054241428799e19f11d3cfa3aeff5c5d8cf8b9533936c335e83ea96ba514c55905b45326def5389bc23a5a856041e8db808ed2c246682cc70fc

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\594f66d5c4b99a1c9be01492c397f0b9dffd90043f7dec6dea365ed3cb8ba578.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\594f66d5c4b99a1c9be01492c397f0b9dffd90043f7dec6dea365ed3cb8ba578.dll,#1
      2⤵
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      PID:1548

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1548-54-0x0000000076491000-0x0000000076493000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1548-56-0x0000000000160000-0x000000000016A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1548-57-0x0000000000170000-0x0000000000171000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1548-58-0x0000000000180000-0x0000000000181000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1548-59-0x0000000000190000-0x0000000000191000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1548-60-0x0000000002D20000-0x0000000002DBF000-memory.dmp
    Filesize

    636KB

    Download
  • memory/1548-61-0x0000000002DC0000-0x0000000002EED000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1548-62-0x00000000001F0000-0x000000000020F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1548-64-0x00000000001A0000-0x00000000001A6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1548-63-0x0000000003220000-0x0000000003329000-memory.dmp
    Filesize

    1.0MB

    Download