Overview

overview

3

Static

static

3

DisReg.exe

windows10_x64

1

DisReg.exe

windows10-2004_x64

1

lib/basichttp.dll

windows10_x64

1

lib/basichttp.dll

windows10-2004_x64

1

lib/elevated.dll

windows10_x64

1

lib/elevated.dll

windows10-2004_x64

1

lib/extens...ent.js

windows10_x64

1

lib/extens...ent.js

windows10-2004_x64

1

Resubmissions

11-04-2022 11:00

220411-m38d1ahaf9 3

11-04-2022 10:57

220411-m2k73sdhdq 3

Analysis

  • max time kernel
    56s
  • max time network
    59s
  • platform
    windows10_x64
  • resource
    win10-20220331-en
  • submitted
    11-04-2022 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/basichttp.dll

  • Size

    55KB

  • MD5

    52593febe8379ef288799a007c9e535c

  • SHA1

    a9cea1120dcc5df55cc809c358ca20f8b58d891d

  • SHA256

    9c4e033169ba17554d282f63375676b8a17e67685e0b7041fa331fbbe855ab74

  • SHA512

    703bf273a39ba48eb050442b61e1c4c7901e378508f0fb6e5c22312fa7fb7537750ec516348b6730de58c9f8103eebb3c59522df9e4de2f8976d11792f0b592a

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\basichttp.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\basichttp.dll,#1
      2⤵
        PID:2328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2328-113-0x0000000000000000-mapping.dmp
      Download