Overview

overview

4

Static

static

王云雷-...b1.dll

windows7-x64

1

王云雷-...b1.dll

windows10-2004-x64

1

王云雷-....docx

windows7-x64

4

王云雷-....docx

windows10-2004-x64

1

王云雷-....exe

windows7-x64

1

王云雷-....exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2022 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    王云雷-北京航空航天大学-安全研发岗位-个人简历PDF/zlib1.dll

  • Size

    86KB

  • MD5

    688369c0213be161e8b1280198dbe567

  • SHA1

    f2dfa6c7ac04c2785479d2827348bad823497e9b

  • SHA256

    d60a13933b003f4f3a8b69a90a09827baf68bbb72f42fdd453e75cd5cc17f107

  • SHA512

    ab72881ddc6919e2092ae12bd37433e9676e0ed517fd5471f5041c6ac6d09dcba671f819b7ba3405ae0575b2175669bbcb275fa0135947c0a92cf99d0e093ff4

  • SSDEEP

    1536:nkHE/4NDs/WEfIvI5/6GZlryfhUrrfvFEG66ZC8tsWxcd5UYhp/CzpZiC:kHEWI/WTI5yGZlChUrr66xA5U6/CzpZi

Score
1/10

Malware Config

Signatures

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\王云雷-北京航空航天大学-安全研发岗位-个人简历PDF\zlib1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\王云雷-北京航空航天大学-安全研发岗位-个人简历PDF\zlib1.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Windows\SysWOW64\tasklist.exe
        "C:\Windows\System32\tasklist.exe"
        3⤵
        • Enumerates processes with tasklist
        PID:1900

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1972-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1972-55-0x0000000075981000-0x0000000075983000-memory.dmp
    Filesize

    8KB

    Download