Overview

overview

1

Static

static

eb2564a6f2...57.dll

windows7-x64

1

eb2564a6f2...57.dll

windows10-2004-x64

1

Resubmissions

27-10-2022 16:05

221027-tjtvtscger 10

24-10-2022 00:25

221024-aqx2aadegr 1

24-10-2022 00:25

221024-aqxqhsdec2 1

24-10-2022 00:24

221024-aqcqcadeb7 1

13-08-2022 01:18

220813-bn1j3abhdl 1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-10-2022 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57.dll

  • Size

    437KB

  • MD5

    360417f75090c962adb8021dbb478f67

  • SHA1

    5cd71ee15351c08ff35785774cc18dcaeca871c9

  • SHA256

    eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57

  • SHA512

    62088b203fe1eb61afbded8d64c0c00c682d421f73cbc688122c4e81a95924a648632c40ebf734d8693d5373c89bdbcf33ced5df115616dd96341414b4247390

  • SSDEEP

    12288:MNQGRYLUC/k+JwgIMinOCCdF4F9Bn/TomHe:MNQGRQUC/ZwMO1IFq9BnU

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eb2564a6f22dcec73dda3b6e4dc5fd37a4fa017f6b98b6dea5ac5b23a44b1f57.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system32\cmd.exe
      cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\4D28.tmp
      2⤵
        PID:1124
      • C:\Windows\system32\cmd.exe
        cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\4D28.tmp
        2⤵
          PID:2024

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4D28.tmp
        Filesize

        3KB

        MD5

        0b938e260fe32da9c8fa2d1bc0da18d1

        SHA1

        94970f3bc1227b02a474ab733f76f1a610a54a5c

        SHA256

        ca4813786ac2ef66c676c088415bc639bf815bfe4ef5b11fc8bb320a2d63c94d

        SHA512

        56d0e802d9e00df6687d76c2c4cb38429e3a5a695b2bddc2d33e5ec4cc8e08ed2054827cddc7a4df3d8d45649233687b3e0daaba5b7b7ac42b707d3c2c70ac37

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4D28.tmp
        Filesize

        3KB

        MD5

        0b938e260fe32da9c8fa2d1bc0da18d1

        SHA1

        94970f3bc1227b02a474ab733f76f1a610a54a5c

        SHA256

        ca4813786ac2ef66c676c088415bc639bf815bfe4ef5b11fc8bb320a2d63c94d

        SHA512

        56d0e802d9e00df6687d76c2c4cb38429e3a5a695b2bddc2d33e5ec4cc8e08ed2054827cddc7a4df3d8d45649233687b3e0daaba5b7b7ac42b707d3c2c70ac37

        Download Submit

      • memory/1124-60-0x0000000000000000-mapping.dmp

        Download

      • memory/1736-54-0x000007FEFB9B1000-0x000007FEFB9B3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1736-55-0x0000000180000000-0x0000000180012000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2024-61-0x0000000000000000-mapping.dmp

        Download