Overview

overview

10

Static

static

6a3d27d8cf...dd.dll

windows7_x64

10

6a3d27d8cf...dd.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    153s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    19-04-2022 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a3d27d8cfaa5e942d3c5eefa9181ef2edfedeae70d1dca0eaad53138fa56add.dll

  • Size

    1.2MB

  • MD5

    f15fa93fc3fc644f39f866875f3a69b7

  • SHA1

    6a5c36ae6673e150502f07fd23677fc76033fa06

  • SHA256

    6a3d27d8cfaa5e942d3c5eefa9181ef2edfedeae70d1dca0eaad53138fa56add

  • SHA512

    ab2f22a9496b2e51f387498b5d8933912221c4e7a5fd141ac5b0b964832c7565291e2db7db13cc06782c2c36f0144d265bb2ede24308eafd1e21bc283bad8d90

Score
8/10
evasionpersistencetrojan

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a3d27d8cfaa5e942d3c5eefa9181ef2edfedeae70d1dca0eaad53138fa56add.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:3260
  • C:\Windows\system32\GamePanel.exe
    C:\Windows\system32\GamePanel.exe
    1⤵
      PID:1104
    • C:\Users\Admin\AppData\Local\cjG\GamePanel.exe
      C:\Users\Admin\AppData\Local\cjG\GamePanel.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      PID:4536
    • C:\Windows\system32\BitLockerWizard.exe
      C:\Windows\system32\BitLockerWizard.exe
      1⤵
        PID:2840
      • C:\Users\Admin\AppData\Local\iecoR\BitLockerWizard.exe
        C:\Users\Admin\AppData\Local\iecoR\BitLockerWizard.exe
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:4488
      • C:\Windows\system32\CloudNotifications.exe
        C:\Windows\system32\CloudNotifications.exe
        1⤵
          PID:3224
        • C:\Users\Admin\AppData\Local\garAdRgM\CloudNotifications.exe
          C:\Users\Admin\AppData\Local\garAdRgM\CloudNotifications.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1660

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        1
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\cjG\GamePanel.exe
          Filesize

          1.2MB

          MD5

          266f6a62c16f6a889218800762b137be

          SHA1

          31b9bd85a37bf0cbb38a1c30147b83671458fa72

          SHA256

          71f8f11f26f3a7c1498373f20f0f4cc960513d0383fe24906eeb1bc9678beecd

          SHA512

          b21d9b0656ab6bd3b158922722a332f07096ddd4215c802776c5807c9cf6ece40082dd986ea6867bdc8d22878ce035a5c8dfcc26cfae94aeee059701b6bf1e68

          Download Submit
        • C:\Users\Admin\AppData\Local\cjG\dwmapi.dll
          Filesize

          1.2MB

          MD5

          45b3cc16bf04867f9c3dd3286cfcced8

          SHA1

          c2eb1e5f650ae756610c2fceef9b79cade024a39

          SHA256

          5038fc075ec43bf121563750bce0b7ab433a75948727afb73594e845f9160069

          SHA512

          8b9e732a2d886eadefae77ed0765cde8de018ffdfc093534304dab2e533dcec378d22ebba976cd443598213d9b9b60bd9af4bdd66919330190bac1e87812e7ea

          Download Submit
        • C:\Users\Admin\AppData\Local\cjG\dwmapi.dll
          Filesize

          1.2MB

          MD5

          45b3cc16bf04867f9c3dd3286cfcced8

          SHA1

          c2eb1e5f650ae756610c2fceef9b79cade024a39

          SHA256

          5038fc075ec43bf121563750bce0b7ab433a75948727afb73594e845f9160069

          SHA512

          8b9e732a2d886eadefae77ed0765cde8de018ffdfc093534304dab2e533dcec378d22ebba976cd443598213d9b9b60bd9af4bdd66919330190bac1e87812e7ea

          Download Submit
        • C:\Users\Admin\AppData\Local\garAdRgM\CloudNotifications.exe
          Filesize

          59KB

          MD5

          b50dca49bc77046b6f480db6444c3d06

          SHA1

          cc9b38240b0335b1763badcceac37aa9ce547f9e

          SHA256

          96e7e1a3f0f4f6fc6bda3527ab8a739d6dfcab8e534aa7a02b023daebb3c0775

          SHA512

          2a0504ca336e86b92b2f5eff1c458ebd9df36c496331a7247ef0bb8b82eabd86ade7559ddb47ca4169e8365a97e80e5f1d3c1fc330364dea2450608bd692b1d3

          Download Submit
        • C:\Users\Admin\AppData\Local\garAdRgM\UxTheme.dll
          Filesize

          1.2MB

          MD5

          9a7b067ef27759b8fbe358400908cab8

          SHA1

          ea604f335583acbb7b1db905093a40a99d79637a

          SHA256

          d0a8326bb9f59a624391597f3fff1eb3977d1b7c388d0cf9ae1bf1d519c8e50f

          SHA512

          7febb2f9cd324df178f18d38360f74e63a473a3c2646de3fce503ecd29ce56a7fdb8194ec36a57cb03b25f1f164c92e5a2debd89d0c71efbb5aa07e29b9d04d3

          Download Submit
        • C:\Users\Admin\AppData\Local\garAdRgM\UxTheme.dll
          Filesize

          1.2MB

          MD5

          9a7b067ef27759b8fbe358400908cab8

          SHA1

          ea604f335583acbb7b1db905093a40a99d79637a

          SHA256

          d0a8326bb9f59a624391597f3fff1eb3977d1b7c388d0cf9ae1bf1d519c8e50f

          SHA512

          7febb2f9cd324df178f18d38360f74e63a473a3c2646de3fce503ecd29ce56a7fdb8194ec36a57cb03b25f1f164c92e5a2debd89d0c71efbb5aa07e29b9d04d3

          Download Submit
        • C:\Users\Admin\AppData\Local\iecoR\BitLockerWizard.exe
          Filesize

          100KB

          MD5

          6d30c96f29f64b34bc98e4c81d9b0ee8

          SHA1

          4a3adc355f02b9c69bdbe391bfb01469dee15cf0

          SHA256

          7758227642702e645af5e84d1c0e5690e07687c8209072a2c5f79379299edf74

          SHA512

          25471b0ac7156d9ee9d12181020039bf551ba3efe252b656030c12d93b8db2648a18bdf762740f2a5cd8e43640e4bd4e8742310dea15823fc76b9e1c126876b8

          Download Submit
        • C:\Users\Admin\AppData\Local\iecoR\FVEWIZ.dll
          Filesize

          1.2MB

          MD5

          80746882892c623884fdccb3ee94c80c

          SHA1

          60a04490618452999acc1ae39c86666c3b73860c

          SHA256

          675452f5765b4307821510d371d03b79add4a5f5fb0fdee441fc0df957cc853c

          SHA512

          5ef038515b61b8e3e19cfd604ce99e0e01a6516b4a837904c23b59ff0d9651d24225b7a614c7979def2280530c243c0811abe57c770a6c5b7443361409b1a256

          Download Submit
        • C:\Users\Admin\AppData\Local\iecoR\FVEWIZ.dll
          Filesize

          1.2MB

          MD5

          80746882892c623884fdccb3ee94c80c

          SHA1

          60a04490618452999acc1ae39c86666c3b73860c

          SHA256

          675452f5765b4307821510d371d03b79add4a5f5fb0fdee441fc0df957cc853c

          SHA512

          5ef038515b61b8e3e19cfd604ce99e0e01a6516b4a837904c23b59ff0d9651d24225b7a614c7979def2280530c243c0811abe57c770a6c5b7443361409b1a256

          Download Submit
        • memory/1660-182-0x0000023CEEE40000-0x0000023CEEE47000-memory.dmp
          Filesize

          28KB

          Download
        • memory/1660-174-0x0000000000000000-mapping.dmp
          Download
        • memory/2092-155-0x00007FFBF29D0000-0x00007FFBF29E0000-memory.dmp
          Filesize

          64KB

          Download
        • memory/2092-140-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-154-0x0000000000750000-0x0000000000757000-memory.dmp
          Filesize

          28KB

          Download
        • memory/2092-136-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-135-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-144-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-139-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-143-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-138-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-137-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-145-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-142-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/2092-141-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/3260-130-0x0000000140000000-0x000000014013C000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/3260-134-0x000001352C1B0000-0x000001352C1B7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/4488-165-0x0000000000000000-mapping.dmp
          Download
        • memory/4488-173-0x00000208F3BD0000-0x00000208F3BD7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/4536-164-0x000001B1089A0000-0x000001B1089A7000-memory.dmp
          Filesize

          28KB

          Download
        • memory/4536-160-0x0000000140000000-0x000000014013D000-memory.dmp
          Filesize

          1.2MB

          Download
        • memory/4536-156-0x0000000000000000-mapping.dmp
          Download