2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b

General

Target

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
Size

5.5MB
MD5

fd0235dbf65da4cbb0e21e36e7178478
SHA1

1b73fed28199ecbfd44dc3b0b44f46a4d75446ec
SHA256

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b
SHA512

48f5902cb8b644c7c43b8f3238df09609d29dc099fac3b2660bdee8fcda92ffbcd79ff943ad7e2d9d507223f64e407edf1c10989a248115fdb4af673b3a06dd0
SSDEEP

98304:r27fshsa5Ca0yng29cEIDG708qbl/1NPyfesbrf0F9g/dZTw/Np/qUk:r2DsheMgyIDGQD5yWgrMFmof/qv

Score

8^/10

discovery persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112
Loads dropped DLL 5 IoCs

Processes:

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exerundll32.exerundll32.exe

pid process

528 2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
2268 rundll32.exe
5024 rundll32.exe
5024 rundll32.exe
5024 rundll32.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Program Files directory 1 IoCs

Processes:

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe

description ioc process

File created C:\Program Files (x86)\DeltaFix\DeltaFix.dll 2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe

description	ioc	process
File created	C:\Program Files (x86)\DeltaFix\DeltaFix.dll	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe

Modifies data under HKEY_USERS 53 IoCs

Processes:

rundll32.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\7367429f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\f1f24e29 = "Vl/l/C/////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\e8f9dcc7 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\0c230bcb = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\27ddcf6f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\c6c5dd44 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\38583bc3 = "Ml/2/CF/M//g/CZ////%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\0e93c3f3 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\7f69fa1f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\8b9e4cbc = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\bbf88800 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\37b7a6d8 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\d94388d2 = "GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000\3efeb33e = 00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\e46c271e = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\72758a5d = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\a1dcff5b = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\51d2f2ea = "Q/Au/Xl/c/Ay/DF/HPA2////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\fe94ce1e = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\0dc3ee96 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\1c311243 = "GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\c24899a6 = "Vx/g/CD/Mx////%%"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000\370856c7 = 00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\65114b36 = "VP/l////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\f6ad6fa6 = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\c5705860 = "Vx////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\f0bf0bde = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\f2c53c49 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\iiid = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\1520c6f1 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\2e22d94e = "///%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000\493c7345 = 6900300031002b0030003600620030006f003000310044003000360049003000700078003000530030003600490030007000780031004f003000300025002500000070006c00310065003000360062003000690030003100540030003700380030006a0078003100420030003600450030006e0055003100680030003200490030006e006c0031002b00300037007800300000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\d1abcdb6 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\414bc593 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\6185d035 = "Vx/2/Cx/V//l////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\060df2cd = "c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\2d71d5ab = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\587b5709 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\340d3099 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\a2e3b941 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\c99a5f5c = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\a0743acc = "N/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\3c09c42b = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\eae10f9d\48bd1aff = "V/////%%"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_fc67e7a0\00000000\a47da861 = 6f00300031004f0030003700780030006d00300030004b003000320045003000610055003100650030003700300030006d00300031002b0030003600340030006d006c0031006500300036004900300061006c00310054003000370038003000700055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100650030003700300030006d003000310065003000370038003000700078003000530030003600450030006d006c00310042003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b00300032004500300061005500310057003000360074003000690030003100410030003700380030007000780031002b0030003200490030006e00550031004d00300036006d003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031005900300036006800300071006c0031004d0030003600340030006d006c0031004a0030003700620030007100780031004100300036007400300061006c00310054003000370038003000700055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100410030003600340030007100550031004f0030003600450030006d006c0031004a00300036006d0030006e00550031005400300036007800300061006c003100670030003600450030006e0078003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100410030003600340030007100550031004f0030003600450030006d006c0031004a00300036006d0030006e00550031005400300036007800300061006c00310054003000370038003000700055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100570030003600450030006f0030003100530030003700620030006e0078003100440030003700780030006f00300031004e0030003600590030006a0078003000530030003600620030006e00550031005a003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100570030003600450030006f0030003100530030003700620030006e0078003100440030003700780030006f00300031004e0030003600590030006a0078003000530030003600450030006d006c00310042003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031005a0030003600340030006a00300031004400300036004f0030006900780031004e0030003700740030006f00550031004e0030003600590030006a0078003000530030003600620030006e00550031005a003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031005a0030003600340030006a00300031004400300036004f0030006900780031005a0030003600340030006e0030003100590030003200490030006e006c0031002b003000370078003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000000000	rundll32.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exerundll32.exe

pid	process
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
5024	rundll32.exe
5024	rundll32.exe
5024	rundll32.exe
5024	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exerundll32.exe

description	pid	process	target process
PID 528 wrote to memory of 2268	528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe	rundll32.exe
PID 528 wrote to memory of 2268	528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe	rundll32.exe
PID 528 wrote to memory of 2268	528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe	rundll32.exe
PID 2036 wrote to memory of 5024	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 5024	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 5024	2036	rundll32.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
"C:\Users\Admin\AppData\Local\Temp\2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:528

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv -install
2⤵
- Loads dropped DLL
PID:2268

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv
1⤵
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:5024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DeltaFix\DeltaFix.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
C:\Program Files (x86)\DeltaFix\DeltaFix.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
C:\Program Files (x86)\DeltaFix\DeltaFix.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
C:\Program Files (x86)\DeltaFix\DeltaFix.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
C:\Users\Admin\AppData\Local\Temp\tf00294823.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
\??\c:\Program Files (x86)\DeltaFix\DeltaFix.dll
Filesize
3.8MB

MD5
1cde1640c14a2bebd0f8d07ff8e896b9

SHA1
f7df9a5bb0252adc559028b9df52828d4cfc8d7c

SHA256
06e650220a038725325468e5ac3fa0047e942c9db410b45d06b508b8df76e759

SHA512
ab97df18e7b834b94ac1312aa973f3059825179ec9ba3abc8b02cf885932bd254943fb314039c0a0527e08abb513cb15b8de2bf09bba26465d927d098e56c077

Download Submit
memory/528-135-0x0000000003080000-0x0000000003549000-memory.dmp

Filesize
4.8MB

Download
memory/528-141-0x0000000003580000-0x00000000038E0000-memory.dmp

Filesize
3.4MB

Download
memory/2268-146-0x0000000000000000-mapping.dmp

Download
memory/2268-149-0x0000000002040000-0x00000000023A0000-memory.dmp

Filesize
3.4MB

Download
memory/5024-154-0x0000000000000000-mapping.dmp

Download
memory/5024-156-0x00000000013E0000-0x0000000001740000-memory.dmp

Filesize
3.4MB

Download

pid	process
528	2b1b6424036722f483bed3422b944d6af169141330067229f12fcf63f2a2f45b.exe
2268	rundll32.exe
5024	rundll32.exe
5024	rundll32.exe
5024	rundll32.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads