Overview

overview

6

Static

static

Anexo - 88...84.dll

windows7-x64

5

Anexo - 88...84.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anexo - 884910003984.dll

  • Size

    1004KB

  • MD5

    c76d0f70d6bca4d82ffd570530d7d6b4

  • SHA1

    74e70da6952c6c0fede84114d5a1fe483811b633

  • SHA256

    95b4e1cd0e79fe99235aed4be1746b7685b1de71b28f0f23794527909c0f22eb

  • SHA512

    4b974cc165437479e32b56ffd1159783dd701a1b2395c1181b28770241e3b435955a7341f29ea284cd8e3a45a4d1220828ac5a884d2b7e3ae4a084034f171fd7

  • SSDEEP

    24576:SRZvpR6IGilzTRdOy5xeEFuTMwvx1vCQrCje:ObL0rTMwvfvCQ2q

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anexo - 884910003984.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Anexo - 884910003984.dll",#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1560
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\system32\svchost.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:604
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/pt_BR/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:780
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5efd36e97df5e2cee98586705d6d7603

    SHA1

    05f746c875b2d23c976ad7d33aa01de342a029f4

    SHA256

    50b481254b481b96631baad459299b40a097d0bac6b3bc32b185b7fc5fd75a5c

    SHA512

    2167e7cfd4e49b4df93780915bc53a6450fa4b192d6c43e94198d11e1065f0a08b535497010ef10f9ac83a050446f2f6977150bb95630ae632ab22884dd564ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\image.gif
    Filesize

    1KB

    MD5

    98d402a74b4d9377b565e8a5ee954cba

    SHA1

    f2b794ab97738fe4bbbf426bb9162af9e6e18091

    SHA256

    e28d4e6788e15b9591c58e897d485b4caa27905e3abbad80ae26ee75e1fc6baa

    SHA512

    a172010136eaa953a0b58a742fd2f9c48a621b85f4eeddf7114317ece84f6d434dd3fa11f55c91c9376dc0967d71e1f00b4f25957fd9a2a1b1cb96528449853d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2PC3XCS0.txt
    Filesize

    601B

    MD5

    7ede3d974f9bbc0f402128208d55fc0a

    SHA1

    4c21f03c9262848f7dd974709b634435a1f92ffe

    SHA256

    55a654f45bcfe3cd4f054a6619def1ebf1b3601979607ad75d2dcd544e066c43

    SHA512

    c103ed1270e60a0bbd77d7fec45ea70eb153b1b964c92fa599799910121407d92dd42df6ea8aefc35d516f748cdfa2881f5e6007472eb621a7a09b3678758ffe

    Download Submit

  • memory/604-61-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-60-0x000000003C082744-mapping.dmp

    Download

  • memory/604-63-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-59-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-65-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-66-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-67-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/604-57-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1560-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1560-56-0x0000000000820000-0x0000000000925000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1560-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

    Filesize

    8KB

    Download