Overview

overview

10

Static

static

ByteSize.dll

windows10-2004-x64

1

DeviceId.dll

windows10-2004-x64

1

DotRas.dll

windows10-2004-x64

1

DryIoc.dll

windows10-2004-x64

1

Loader.exe

windows10-2004-x64

10

language/d...es.dll

windows10-2004-x64

1

language/d...es.dll

windows10-2004-x64

1

language/e...es.dll

windows10-2004-x64

1

language/e...es.dll

windows10-2004-x64

1

language/e...es.dll

windows10-2004-x64

1

language/f...es.dll

windows10-2004-x64

1

language/h...es.dll

windows10-2004-x64

1

language/i...es.dll

windows10-2004-x64

1

language/p...Id.dll

windows10-2004-x64

1

language/p...as.dll

windows10-2004-x64

1

language/p...oc.dll

windows10-2004-x64

1

language/p...es.dll

windows10-2004-x64

1

language/p...e3.dll

windows10-2004-x64

3

language/r...es.dll

windows10-2004-x64

1

language/r...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2022, 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    language/hi/IPVanish.resources.dll

  • Size

    4KB

  • MD5

    6a9da8718fe4b00fd8773008d28d9e0d

  • SHA1

    8fb495382b4ac5c8fdf3d64a87ff28dfce2cbd46

  • SHA256

    47eea4a61d6cd6afe2e45c058d005ad0ddb4289ca20fc9838371d76acf39db44

  • SHA512

    7825e1baf0a121c0f896e95fe0e9a9e7a302f7e709320c8f2b31711a3bf80e57cc48081ca43026447c0ba2c08090747b709948c83c59f2183b48d429217d54c6

  • SSDEEP

    48:6Tt3zQGsHHfSQIkHk+6yF7r7ANlhpW8lq8l1weJClQLxgsXVZ8DelXMJwPm+Wr:ct3rYLEdaHAvLFlm8Xzz+

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\language\hi\IPVanish.resources.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3132
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\language\hi\IPVanish.resources.dll,#1
      2⤵
        PID:3180

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads