Overview

overview

10

Static

static

1597b0f644...19.dll

windows7_x64

10

1597b0f644...19.dll

windows10-2004_x64

1

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1597b0f644a89509472cae64a63c79aaf545c9712cde453849e79178a4be1519.dll

  • Size

    246KB

  • MD5

    83c7f534ec89eaf9250d1c0c79d3fa3b

  • SHA1

    7a0441ca08d44d8597804c3c2682950f98ef708d

  • SHA256

    1597b0f644a89509472cae64a63c79aaf545c9712cde453849e79178a4be1519

  • SHA512

    927f6e8af8ce15908e35d7612b6b63d1010f767a5bf22adee33d0cb21c66baa95d6ebf34b3f24b9aecaddf6a543e42409d7563d702bb54353bcebf0fe5246b73

Score
10/10
ta505

Malware Config

Signatures

  • TA505

    Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    ta505
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1597b0f644a89509472cae64a63c79aaf545c9712cde453849e79178a4be1519.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1684-55-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1684-54-0x0000000000110000-0x0000000000113000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1684-56-0x0000000075130000-0x0000000075184000-memory.dmp

    Filesize

    336KB

    Download