Overview

overview

8

Static

static

8dd5052860...5d.dll

windows7-x64

8

8dd5052860...5d.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    127s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 17:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8dd5052860d570d22ae465f352319474ba55c2b7691f1916f4ac2d8585ff975d.dll

  • Size

    136KB

  • MD5

    593ab2703a3ac7af149f39d455cac5a0

  • SHA1

    4a4f705c2e07993d79588f5e70c73a6b93444d21

  • SHA256

    8dd5052860d570d22ae465f352319474ba55c2b7691f1916f4ac2d8585ff975d

  • SHA512

    a10a8c35a7eb46740988c65bd2e062f984be1d76c95d3b3d55b21e764ab6d455c5fc019ec975ac600a24dde25d3c4d149eed5ae37c3969ded0f6ac77b8047e0b

  • SSDEEP

    3072:0Aq7W3G6o54gD5umoWXPos7lcECU+pDsLnA9z5rrxrZv:zvWegBrsJBxR

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd5052860d570d22ae465f352319474ba55c2b7691f1916f4ac2d8585ff975d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd5052860d570d22ae465f352319474ba55c2b7691f1916f4ac2d8585ff975d.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4116
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1528
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2332
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:5072

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f525b778e6901e8c416e2920e4e3dc0b

    SHA1

    917ce8ae6d64bdd4dd438488176253022c57a083

    SHA256

    c9eee793aa4aa79f35d393f9f1d863483aaf4004dea6ac19bda868e92a71f8bd

    SHA512

    f6f47a4935c09769b8df316e1b459c7b153ed26ac409d4bf2ce62a1635dba4eaf7ce77de5ce83100d6f3ce7aadffed7591fb7cee7ac10a0c081a2d3c613f1ad8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    865b09448521703b2257c699a073d448

    SHA1

    a48f80378aedf72dd07cb55218b4aaac7b0736c0

    SHA256

    8c98232f42d35e4cb07b3dd8bff5636fa9fe7b928431a313af6be9b0ddd98965

    SHA512

    8180fb5558a146826cf09ded52b9bafc065fcd965f5e78b2c06cb6602022bd144f1bf412e39623312b928deada8e164ed3f1bf5175776a07c11070e100647857

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • C:\Windows\SysWOW64\rundll32mgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/1528-141-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1528-138-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1528-140-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1528-143-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1528-142-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1528-144-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4116-139-0x0000000002000000-0x0000000002027000-memory.dmp

    Filesize

    156KB

    Download