Overview

overview

10

Static

static

5F9F8AC1F7...D_.doc

windows7_x64

4

5F9F8AC1F7...D_.doc

windows10-2004_x64

1

6B97B3CD2F...et.exe

windows7_x64

1

6B97B3CD2F...et.exe

windows10-2004_x64

1

901FA02FFD...ar.dll

windows7_x64

1

901FA02FFD...ar.dll

windows10-2004_x64

1

C116CD0832..._2.exe

windows7_x64

10

C116CD0832..._2.exe

windows10-2004_x64

10

PlugX_3C74...20.dll

windows7_x64

10

PlugX_3C74...20.dll

windows10-2004_x64

10

originalfi...ae.rtf

windows7_x64

4

originalfi...ae.rtf

windows10-2004_x64

1

Analysis

  • max time kernel
    128s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-05-2022 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll

  • Size

    41KB

  • MD5

    901fa02ffd43de5b2d7c8c6b8c2f6a43

  • SHA1

    8bb71adf1c418061510c40240852c3cd61fb214c

  • SHA256

    3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679

  • SHA512

    6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#1
      2⤵
        PID:3636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads