Analysis
-
max time kernel
163s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-06-2022 12:01
Static task
static1
Behavioral task
behavioral1
Sample
108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4.dll
Resource
win10v2004-20220414-en
General
-
Target
108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4.dll
-
Size
164KB
-
MD5
a8ecff48f5be255470668c184fe0f073
-
SHA1
8e6050d4606203941be6b1381b03001feac27cd4
-
SHA256
108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4
-
SHA512
566f3317808e0775b141eade1d8393766d34c2e1c4feb2e4dc710b6c2e5db9d8036ef1b62aba0ae711937cfd4163752ea357c61c09511b08ae3a11c0c1e8bd77
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
rundll32.exedescription ioc process File opened (read-only) \??\J: rundll32.exe File opened (read-only) \??\K: rundll32.exe File opened (read-only) \??\O: rundll32.exe File opened (read-only) \??\P: rundll32.exe File opened (read-only) \??\V: rundll32.exe File opened (read-only) \??\B: rundll32.exe File opened (read-only) \??\F: rundll32.exe File opened (read-only) \??\R: rundll32.exe File opened (read-only) \??\W: rundll32.exe File opened (read-only) \??\X: rundll32.exe File opened (read-only) \??\Z: rundll32.exe File opened (read-only) \??\M: rundll32.exe File opened (read-only) \??\N: rundll32.exe File opened (read-only) \??\G: rundll32.exe File opened (read-only) \??\H: rundll32.exe File opened (read-only) \??\Q: rundll32.exe File opened (read-only) \??\S: rundll32.exe File opened (read-only) \??\U: rundll32.exe File opened (read-only) \??\Y: rundll32.exe File opened (read-only) \??\A: rundll32.exe File opened (read-only) \??\E: rundll32.exe File opened (read-only) \??\T: rundll32.exe File opened (read-only) \??\I: rundll32.exe File opened (read-only) \??\L: rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 60 rundll32.exe 60 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 60 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 60 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 60 864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\108c3497b34aa192577a3a0277d9e546a38a4e186ad912bc4804b0ab16695be4.dll,#12⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/60-130-0x0000000000000000-mapping.dmp