Overview

overview

8

Static

static

7cb8f20100...b3.dll

windows7-x64

8

7cb8f20100...b3.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    39s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cb8f2010007aeb58669ae9d07c3daf2236094811e465a297c36ad6e8b6437b3.dll

  • Size

    247KB

  • MD5

    8ac218fb2468058800aff6680f9bad82

  • SHA1

    e32cacb4576becffc229fc3d61da52151668368a

  • SHA256

    7cb8f2010007aeb58669ae9d07c3daf2236094811e465a297c36ad6e8b6437b3

  • SHA512

    5e2e722cf8cf0b7b342b2faf4b42535c1e01771928e15b74befbf7f8764eb561606783c4a5b9a57038cc7d244b2d433107254108728d4c83149dd36869f72587

  • SSDEEP

    6144:Mse8rPLbShV71xut8g6MgddYULGt/5JNfG:jTPaj71xA89MSY5/53f

Score
8/10
persistencespywarestealer

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cb8f2010007aeb58669ae9d07c3daf2236094811e465a297c36ad6e8b6437b3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cb8f2010007aeb58669ae9d07c3daf2236094811e465a297c36ad6e8b6437b3.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Adds Run key to start application
      PID:5080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads