37738bea145d099c26e209fcdfd6ac0ed805f5c05fbd8ec0e9370ffda0346419

General

Target

BNB3A6Z7APWN48Y8BIV1KLP0U4H5ZF7I2AVUE.dll
Size

9.7MB
MD5

1cef96e373cd8641b51a5a48b35fd9d5
SHA1

ac31b4426799cb5755f76ad13b0d999bc0299cce
SHA256

eb075068d9f815936687ef1fddc320bcdfb68842e13d98faccaef555cb7500ce
SHA512

6e4858ef15806ecb325981571bfe3fc3edaae738623257684439ae627268d8abd8105aae6705fc65a4117d03498ca2708eaade405ce7b9b89a6904eff70d26ed

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1936	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1152	1936	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1936	rundll32.exe
1936	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 2012 wrote to memory of 1936	2012	rundll32.exe	28
PID 1936 wrote to memory of 1152	1936	rundll32.exe	29
PID 1936 wrote to memory of 1152	1936	rundll32.exe	29
PID 1936 wrote to memory of 1152	1936	rundll32.exe	29
PID 1936 wrote to memory of 1152	1936	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BNB3A6Z7APWN48Y8BIV1KLP0U4H5ZF7I2AVUE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BNB3A6Z7APWN48Y8BIV1KLP0U4H5ZF7I2AVUE.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 300
    3⤵
    - Program crash
    PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-73-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1936-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1936-75-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1936-80-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1936-78-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1936-63-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1936-65-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1936-68-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1936-70-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1936-58-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1936-60-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1936-56-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1936-83-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1936-85-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1936-86-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1936-88-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1936-90-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1936-91-0x000000005B6E0000-0x000000005C122000-memory.dmp

Filesize
10.3MB

Download
memory/1936-55-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/1936-93-0x000000005B6E0000-0x000000005C122000-memory.dmp

Filesize
10.3MB

Download

Analysis

Sharing