Overview

overview

7

Static

static

c8e538372a...09.dll

windows7-x64

7

c8e538372a...09.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    231s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2022, 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8e538372a9aa871d09439049e5cebccae1ee3f71ef6d4dcfa7a0b2444677909.dll

  • Size

    20KB

  • MD5

    5bfa770c1228435d76dbf247c3f6bf4f

  • SHA1

    7ae0bb9b6b0215ea430a5f87cb38e03cb9ba12ec

  • SHA256

    c8e538372a9aa871d09439049e5cebccae1ee3f71ef6d4dcfa7a0b2444677909

  • SHA512

    868f18d8b07171c967eb25aa017408c1acd255b95d923bd29bf2c006c812ca99abab24d7b35b54488719deb55d371eb83a0033253ffa6d582351b62922599f90

  • SSDEEP

    384:zSG/2Jp+C6QhtmruxCcdIL+0XplBCAu8UaWHuqaTlX0wG:zfYh2oCtpXPBx2OqaewG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8e538372a9aa871d09439049e5cebccae1ee3f71ef6d4dcfa7a0b2444677909.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8e538372a9aa871d09439049e5cebccae1ee3f71ef6d4dcfa7a0b2444677909.dll,#1
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A364.tmp
    Filesize

    20KB

    MD5

    8c099310f065ba9d7bbecc7fbe53073b

    SHA1

    0b633d66ce6d415f88f6f13c3f83b56a7ba43651

    SHA256

    2da79d4e73af4230428bd10ba3c6cb2322f1fbd1635038c1ec25a56b9f410619

    SHA512

    2cf6d65763602d825debbbeb6ecb355495a4beed83b2038d6d227ad59c87b59a4e23f4df6ada38f84f1b665d6739998639fdd98e038df1171e76774d50098a26

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\A364.tmp
    Filesize

    20KB

    MD5

    8c099310f065ba9d7bbecc7fbe53073b

    SHA1

    0b633d66ce6d415f88f6f13c3f83b56a7ba43651

    SHA256

    2da79d4e73af4230428bd10ba3c6cb2322f1fbd1635038c1ec25a56b9f410619

    SHA512

    2cf6d65763602d825debbbeb6ecb355495a4beed83b2038d6d227ad59c87b59a4e23f4df6ada38f84f1b665d6739998639fdd98e038df1171e76774d50098a26

    Download Submit

  • memory/840-135-0x00000000001E1000-0x00000000001E3000-memory.dmp

    Filesize

    8KB

    Download