Overview

overview

8

Static

static

db455a015a...75.dll

windows7-x64

8

db455a015a...75.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    94s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db455a015a1dad6687854e9439dfd94c74ae7687682fdc97530ca04422929175.dll

  • Size

    256KB

  • MD5

    4892c63783a601b914c180b8e62a4a17

  • SHA1

    7a665e9a7470431423918d16e4b31b2437d67753

  • SHA256

    db455a015a1dad6687854e9439dfd94c74ae7687682fdc97530ca04422929175

  • SHA512

    1e36a9a063f715466ddb5e3289e60c1aeb695d4f475ffbb1ce9cedc79a5e76182d1f2764042d5fbe088198110a58e80d85e823bcf6828d42320eae68ee61071f

  • SSDEEP

    3072:j0NbrbkYHUyP9eECVWfpIhbWoVnW6IioARoKO7JurqeBTg4vRP86TvOB5n+902av:YrkYHjIWeWcd71bynuACvIH

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\db455a015a1dad6687854e9439dfd94c74ae7687682fdc97530ca04422929175.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\db455a015a1dad6687854e9439dfd94c74ae7687682fdc97530ca04422929175.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4924
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:2344
        • C:\Program Files (x86)\Microsoft\WaterMark.exe
          "C:\Program Files (x86)\Microsoft\WaterMark.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:1780
          • C:\Windows\SysWOW64\svchost.exe
            C:\Windows\system32\svchost.exe
            5⤵
              PID:3136
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 204
                6⤵
                • Program crash
                PID:4428
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
              • Modifies Internet Explorer settings
              PID:4368
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:4036
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4036 CREDAT:17410 /prefetch:2
                6⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:2192
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 608
          3⤵
          • Program crash
          PID:536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4924 -ip 4924
      1⤵
        PID:1812
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3136 -ip 3136
        1⤵
          PID:1920

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\WaterMark.exe
          Filesize

          89KB

          MD5

          09c3d4561f7568136eba3497a70097e4

          SHA1

          ea5663c35fd4c4bc6abd708e3389d0a6e500e6fb

          SHA256

          b5d9a59d44b1f9178a9655a29bbed0e614ecbb64f9950dfb0f964046c225bd53

          SHA512

          3b1aee08f81495470471ed20cb00139fda41c94547c5077cd21384ad21c7b3c8a58849e813d4cfc6019171afb3dfeb2ddc270bf7de1d9c9a4242ae4b3b09288b

          Download Submit

        • C:\Program Files (x86)\Microsoft\WaterMark.exe
          Filesize

          89KB

          MD5

          09c3d4561f7568136eba3497a70097e4

          SHA1

          ea5663c35fd4c4bc6abd708e3389d0a6e500e6fb

          SHA256

          b5d9a59d44b1f9178a9655a29bbed0e614ecbb64f9950dfb0f964046c225bd53

          SHA512

          3b1aee08f81495470471ed20cb00139fda41c94547c5077cd21384ad21c7b3c8a58849e813d4cfc6019171afb3dfeb2ddc270bf7de1d9c9a4242ae4b3b09288b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          afc3e2584b32e1e7c23c33e9534089a5

          SHA1

          ea4e2266d010c300621d2287ea60fe3e9a9ee753

          SHA256

          61597f5f937da250a5ed7b4b82867bebc546a5a35c0029982a003b1e9cbd2e7e

          SHA512

          f0e0d20b15bc390292baf0d93d982315afc466ccd2d4e48152ed65af97aed573d5b9e65b2b50925cbcd2e736955dfec4f63de5739cdb1499eb2db5dfc3cc4fe6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          e869c9c82e2ccfabdec4d4a47995e582

          SHA1

          f2d6159ef0025b66e0e76aaa35c4f47aa90616f9

          SHA256

          24ada17f03263e2fe4d5bfdb4631b2f70a1fc9b58e701d0ca7c01fb23bf21f6f

          SHA512

          3dc464a24475561b7f7f0570033aa4618329e07ac01da3c1e56d2e631677b739925f96ddacfce146fc783137a9a0376c12a16fd2f3d6e659b525140a06d1ebdc

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          89KB

          MD5

          09c3d4561f7568136eba3497a70097e4

          SHA1

          ea5663c35fd4c4bc6abd708e3389d0a6e500e6fb

          SHA256

          b5d9a59d44b1f9178a9655a29bbed0e614ecbb64f9950dfb0f964046c225bd53

          SHA512

          3b1aee08f81495470471ed20cb00139fda41c94547c5077cd21384ad21c7b3c8a58849e813d4cfc6019171afb3dfeb2ddc270bf7de1d9c9a4242ae4b3b09288b

          Download Submit

        • C:\Windows\SysWOW64\rundll32mgr.exe
          Filesize

          89KB

          MD5

          09c3d4561f7568136eba3497a70097e4

          SHA1

          ea5663c35fd4c4bc6abd708e3389d0a6e500e6fb

          SHA256

          b5d9a59d44b1f9178a9655a29bbed0e614ecbb64f9950dfb0f964046c225bd53

          SHA512

          3b1aee08f81495470471ed20cb00139fda41c94547c5077cd21384ad21c7b3c8a58849e813d4cfc6019171afb3dfeb2ddc270bf7de1d9c9a4242ae4b3b09288b

          Download Submit

        • memory/1780-157-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-158-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-160-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1780-159-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-156-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-151-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-152-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-153-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1780-154-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2344-140-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2344-143-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2344-139-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/4924-155-0x0000000074B80000-0x0000000074BC5000-memory.dmp

          Filesize

          276KB

          Download

        • memory/4924-133-0x0000000074B80000-0x0000000074BC5000-memory.dmp

          Filesize

          276KB

          Download