Overview

overview

10

Static

static

18183b756c...9b.dll

windows7_x64

10

18183b756c...9b.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    151s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18183b756caf26a960e906479ee989da217e49b69ecf564624368194137f1f9b.dll

  • Size

    1.1MB

  • MD5

    886b43a327447cece77a27f03eea3c94

  • SHA1

    0c459a4196f6fd0d7bf68ad339f75ce081a374f3

  • SHA256

    18183b756caf26a960e906479ee989da217e49b69ecf564624368194137f1f9b

  • SHA512

    a59d269f9a1d66e63e1b4ffcbf89767a73032011820bf0bf3a911505efd8b04bf4c47d2640a9858a95ab05fdb6922939e0b9806e23d281fdd241593d978cf30d

Score
8/10
evasionpersistencetrojan

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18183b756caf26a960e906479ee989da217e49b69ecf564624368194137f1f9b.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3580
  • C:\Windows\system32\Utilman.exe
    C:\Windows\system32\Utilman.exe
    1⤵
      PID:4520
    • C:\Users\Admin\AppData\Local\HyCzn\Utilman.exe
      C:\Users\Admin\AppData\Local\HyCzn\Utilman.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4608
    • C:\Windows\system32\SystemPropertiesHardware.exe
      C:\Windows\system32\SystemPropertiesHardware.exe
      1⤵
        PID:3744
      • C:\Users\Admin\AppData\Local\EMDrY\SystemPropertiesHardware.exe
        C:\Users\Admin\AppData\Local\EMDrY\SystemPropertiesHardware.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:3812
      • C:\Windows\system32\RecoveryDrive.exe
        C:\Windows\system32\RecoveryDrive.exe
        1⤵
          PID:3684
        • C:\Users\Admin\AppData\Local\95A\RecoveryDrive.exe
          C:\Users\Admin\AppData\Local\95A\RecoveryDrive.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:4996

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        1
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\95A\ReAgent.dll
          Filesize

          1.1MB

          MD5

          0d05e8a9d7343dfa33ad150abb962358

          SHA1

          32f09efd9bf81da7927349d620e73ad5fcf05387

          SHA256

          9075628c4404f7fc4d5f29de2de591e5746163a7242a1e44def2f031fcfb69f7

          SHA512

          7a3b38dba8539b862edfdbb5e756f5ef1ce6ec005c3c91f877aa414c0185a2f67d3dd88188af2e82665da581133bc2fed3f5c3a109de290f3f5a65e1233a4937

          Download Submit
        • C:\Users\Admin\AppData\Local\95A\ReAgent.dll
          Filesize

          1.1MB

          MD5

          0d05e8a9d7343dfa33ad150abb962358

          SHA1

          32f09efd9bf81da7927349d620e73ad5fcf05387

          SHA256

          9075628c4404f7fc4d5f29de2de591e5746163a7242a1e44def2f031fcfb69f7

          SHA512

          7a3b38dba8539b862edfdbb5e756f5ef1ce6ec005c3c91f877aa414c0185a2f67d3dd88188af2e82665da581133bc2fed3f5c3a109de290f3f5a65e1233a4937

          Download Submit
        • C:\Users\Admin\AppData\Local\95A\RecoveryDrive.exe
          Filesize

          911KB

          MD5

          b9b3dc6f2eb89e41ff27400952602c74

          SHA1

          24ae07e0db3ace0809d08bbd039db3a9d533e81b

          SHA256

          630518cb2e4636f889d12c98fb2e6be4e579c5eeb86f88695d3f7fff3f5515c4

          SHA512

          7906954b881f1051a0c7f098e096bc28eddcc48643b8bf3134dd57b8c18d8beba4f9a0ac5d348de2f9b8ea607c3e9cb0e61d91e4f3ba1fefb02839f928e3e3fe

          Download Submit
        • C:\Users\Admin\AppData\Local\EMDrY\SYSDM.CPL
          Filesize

          1.1MB

          MD5

          0ec4a3f810eaad827dfba8a15442ac55

          SHA1

          eaf43f3ca19a995c23f5cf84f3009a621883674e

          SHA256

          a42b0e2b9c6ad351c7569769f58953b538de81d72752f53822956f5628c5353a

          SHA512

          bdd7e2c10c51f62d8161acefee708de7e50853635414fd531d7cfeaead0d56667ecd71c56d68346154ad4089671b498a98f9b5d634cee30eb62392b0d7676927

          Download Submit
        • C:\Users\Admin\AppData\Local\EMDrY\SYSDM.CPL
          Filesize

          1.1MB

          MD5

          0ec4a3f810eaad827dfba8a15442ac55

          SHA1

          eaf43f3ca19a995c23f5cf84f3009a621883674e

          SHA256

          a42b0e2b9c6ad351c7569769f58953b538de81d72752f53822956f5628c5353a

          SHA512

          bdd7e2c10c51f62d8161acefee708de7e50853635414fd531d7cfeaead0d56667ecd71c56d68346154ad4089671b498a98f9b5d634cee30eb62392b0d7676927

          Download Submit
        • C:\Users\Admin\AppData\Local\EMDrY\SystemPropertiesHardware.exe
          Filesize

          82KB

          MD5

          bf5bc0d70a936890d38d2510ee07a2cd

          SHA1

          69d5971fd264d8128f5633db9003afef5fad8f10

          SHA256

          c8ebd920399ebcf3ab72bd325b71a6b4c6119dfecea03f25059a920c4d32acc7

          SHA512

          0e129044777cbbf5ea995715159c50773c1818fc5e8faa5c827fd631b44c086b34dfdcbe174b105891ccc3882cc63a8664d189fb6a631d8f589de4e01a862f51

          Download Submit
        • C:\Users\Admin\AppData\Local\HyCzn\OLEACC.dll
          Filesize

          1.1MB

          MD5

          8ad47fa2d28344ca0d619d28555c2edd

          SHA1

          708f517c974bc90393e768b0b2720443c3f5a0fb

          SHA256

          270f5eb3ff091efca5e3aa5aaa8c2b7f21e34e3abf3b1113109280f33a94e333

          SHA512

          b80ef6c5fff21969fca68b65c9da75746b29e8619c757bb5858885a89ecf053691fdc3f50ca0379a0c1ab7fd646faecabb01f779b7403ba911151315cc8b2fe5

          Download Submit
        • C:\Users\Admin\AppData\Local\HyCzn\OLEACC.dll
          Filesize

          1.1MB

          MD5

          8ad47fa2d28344ca0d619d28555c2edd

          SHA1

          708f517c974bc90393e768b0b2720443c3f5a0fb

          SHA256

          270f5eb3ff091efca5e3aa5aaa8c2b7f21e34e3abf3b1113109280f33a94e333

          SHA512

          b80ef6c5fff21969fca68b65c9da75746b29e8619c757bb5858885a89ecf053691fdc3f50ca0379a0c1ab7fd646faecabb01f779b7403ba911151315cc8b2fe5

          Download Submit
        • C:\Users\Admin\AppData\Local\HyCzn\Utilman.exe
          Filesize

          123KB

          MD5

          a117edc0e74ab4770acf7f7e86e573f7

          SHA1

          5ceffb1a5e05e52aafcbc2d44e1e8445440706f3

          SHA256

          b5bc4fce58403ea554691db678e6c8c448310fe59990990f0e37cd4357567d37

          SHA512

          72883f794ff585fe7e86e818d4d8c54fa9781cab6c3fac6f6956f58a016a91f676e70d14691cbe054ae7b7469c6b4783152fbb694e92b940d9e3595fe3f41d97

          Download Submit
        • memory/2896-136-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-135-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-138-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-142-0x00007FFEE34D0000-0x00007FFEE34E0000-memory.dmp
          Filesize

          64KB

          Download
        • memory/2896-132-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-140-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-139-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-137-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-133-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-130-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-141-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-131-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/2896-134-0x0000000140000000-0x0000000140126000-memory.dmp
          Filesize

          1.1MB

          Download
        • memory/3812-147-0x0000000000000000-mapping.dmp
          Download
        • memory/4608-143-0x0000000000000000-mapping.dmp
          Download
        • memory/4996-151-0x0000000000000000-mapping.dmp
          Download