c4f263e387c25eaac2bd6cdf0ff83977d902ce78dcb7a37f95135220ed7e7b3c

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 23:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4f263e387c25eaac2bd6cdf0ff83977d902ce78dcb7a37f95135220ed7e7b3c.dll
Size

6KB
MD5

011cccfe54ad70b9a7a6c0cdcbaf0040
SHA1

eafcd809f244a14648a728b9cff04abee26495f9
SHA256

c4f263e387c25eaac2bd6cdf0ff83977d902ce78dcb7a37f95135220ed7e7b3c
SHA512

3d215f5ea40872f6eb64a9fc075ce9cd36d7c58b8be1728e25dc83dd907bfbf51c9fa7227bf2221c7a9fb55bf24986cdd633dd831f2b6cde88e78dbea8ea162e
SSDEEP

96:ZZvjzuTZExl5XLytPLu5AdKaEkpp7UoqvE4ry:4g5mtThQtup7tqE4

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28
PID 584 wrote to memory of 876	584	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f263e387c25eaac2bd6cdf0ff83977d902ce78dcb7a37f95135220ed7e7b3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f263e387c25eaac2bd6cdf0ff83977d902ce78dcb7a37f95135220ed7e7b3c.dll,#1
  2⤵
  PID:876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/876-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/876-56-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download
memory/876-57-0x00000000001E0000-0x00000000001F3000-memory.dmp

Filesize
76KB

Download
memory/876-58-0x00000000775C0000-0x0000000077740000-memory.dmp

Filesize
1.5MB

Download