Analysis

  • max time kernel
    132s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    22/03/2022, 11:32

General

  • Target

    readme2.dll

  • Size

    654KB

  • MD5

    f762a352d68d6a4b5de6e1dfb97f695c

  • SHA1

    ae71e05af13607ec1339bb4e5c3dff70b93b822d

  • SHA256

    d6bbd7322d650172dc416d232a8965a35d18051d29634116df4f8cb175dd660d

  • SHA512

    d3129b92317e2bde49da4a191d079c657eabd6051fc55b28bf782a96aa65bd1dea17a40999c9931b5e5e62db6e9016afb4e1b2a0bda06455c0054d2b59541eb2

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:2592
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\readme2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\readme2.dll,#1
      2⤵
        PID:5016

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads