Overview

overview

6

Static

static

79bd246795...19.dll

windows7-x64

6

79bd246795...19.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    179s
  • max time network
    184s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79bd24679509a1b7cb0bbc395a071602546165fdb42b1cbdfc7fd4e81eb81719.dll

  • Size

    375KB

  • MD5

    20b546a2a24c41374c28d513a943d743

  • SHA1

    54b84ca93687376abb53a51bfd1dac8d545a48f2

  • SHA256

    79bd24679509a1b7cb0bbc395a071602546165fdb42b1cbdfc7fd4e81eb81719

  • SHA512

    89465a08446eeb435b6eabd4f1510657a196884d5a9e6da9cb04e44dbc5085cbb6df52f78536c47833c68799e3b4d16e7c17bb1abd90c325a281a3f71cbb151c

  • SSDEEP

    6144:0cjdZ9l6L3hi/CrSUhiJS+f/alRUJA20eNbTsVg3DnLzuPX+XJ/tK6VOiyzJaVCf:0M0eC+AIS+f2UJH0Yig3DLzSX+Jt9NIP

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\79bd24679509a1b7cb0bbc395a071602546165fdb42b1cbdfc7fd4e81eb81719.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\79bd24679509a1b7cb0bbc395a071602546165fdb42b1cbdfc7fd4e81eb81719.dll,#1
      2⤵
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1648
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:275461 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:560

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XJ53YI3P.txt
    Filesize

    608B

    MD5

    ccc5f5f8812a1f598e58749da4c20fd7

    SHA1

    d29ed5256f472d63eed43e9d46dab1699309a199

    SHA256

    2c1b656f327f78544932bc2c5e63b1bcd7f27c9da221e4fcb1ca24c791715468

    SHA512

    08f7341708a4f75822e667ef437d468cdd1928dc98cd6945f268bda8fa4959f01d275befa67d7797a755fb51a630c8abd1ef5f661c479a7e6a85ac5994e970bc

    Download Submit

  • memory/1648-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1648-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1648-56-0x0000000000550000-0x00000000005B0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1648-60-0x0000000000280000-0x00000000002E6000-memory.dmp

    Filesize

    408KB

    Download