Overview

overview

10

Static

static

10

f6d14701e7...72.dll

windows7-x64

7

f6d14701e7...72.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    57s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 10:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6d14701e7c568254151e153f7763672.dll

  • Size

    126KB

  • MD5

    f6d14701e7c568254151e153f7763672

  • SHA1

    4501ffb7284f29cca51b06deba0262b8d33f93f6

  • SHA256

    e246c844a272e80f2819e754e79a394e0fc964ad583ae90110dc38a01100b44d

  • SHA512

    62c1d6cbe6531a6b5d2a9fcdddd91cc3971dd81f1f5208e88c02d97d066e1b04665122817acb228894937279c49ac627bdb3c42cb32e130e39201f3108cde8f2

  • SSDEEP

    3072:Yx7pOYzBekF3tiINwyP7XSSJds3zhrjPcnqULv429:Yx7ZNhF3vwyOztPc3L

Score
7/10
collectionspywarestealer

Malware Config

Signatures

  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6d14701e7c568254151e153f7763672.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6d14701e7c568254151e153f7763672.dll,#1
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      • outlook_win_path
      PID:752
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 456
        3⤵
        • Program crash
        PID:1116

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/752-54-0x0000000000000000-mapping.dmp
    Download
  • memory/752-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1116-56-0x0000000000000000-mapping.dmp
    Download