Overview

overview

10

Static

static

10

6e8a3ffffd...03.dll

windows7-x64

7

6e8a3ffffd...03.dll

windows10-2004-x64

7

Resubmissions

24-11-2022 15:36

221124-s2eyysgd71 10

24-11-2022 10:58

221124-m265jscg5y 7

Analysis

  • max time kernel
    152s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e8a3ffffd2f7a91f3f845b78dd90011feb80d30b4fe48cb174b629afa273403.dll

  • Size

    46KB

  • MD5

    6ab824fbb8b8b26fcb14b8791d2e2054

  • SHA1

    b001cdc9f6735555de8a3b843c4c7d867c197f28

  • SHA256

    6e8a3ffffd2f7a91f3f845b78dd90011feb80d30b4fe48cb174b629afa273403

  • SHA512

    b11ae2185430e269f05e5e0d38de543b730103fcca48a9bbd6518402d8eb9e215d5383e0eed960aca53a22e2959cbe3db67871846531ea1a1f98eb86c6e86ab8

  • SSDEEP

    768:7c6gRL3cF1mPUwO2wzkg6iDbU1sz9oDc0kT2w3SFKR7QlORzUmZ:7laL3cFHRRA+5CDcz31dRz3

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e8a3ffffd2f7a91f3f845b78dd90011feb80d30b4fe48cb174b629afa273403.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e8a3ffffd2f7a91f3f845b78dd90011feb80d30b4fe48cb174b629afa273403.dll,#1
      2⤵
        PID:3540

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3540-132-0x0000000000000000-mapping.dmp
      Download