Overview

overview

5

Static

static

IMG1211.dll

windows7-x64

5

IMG1211.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    124s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/11/2022, 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG1211.dll

  • Size

    1023KB

  • MD5

    b3c29186618199b5d6b85d7fd12a23f6

  • SHA1

    429880937b6b379c41290378d67894d45590027c

  • SHA256

    868eb72051987b281ca0fdba4d93b51a00596c8af170d3d2dc8b3c6d3f695681

  • SHA512

    7b34b41f8e8f12857a6299f693f34718e886d514f27a79b4713f473a060c2cb34215993c33cd8e94bdc6c026c8aebbfab2efb89ff677bfce6a154b2f2a25ce10

  • SSDEEP

    24576:c7F9ZBWkwuvvX7dGiBFceJgTcwvr1vCQrCCUi:2Vp6TTcwv5vCQ2di

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\IMG1211.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\IMG1211.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\system32\svchost.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:968
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/pt_BR/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1500
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1448

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccbc5d365b8ade78f010b62affe0bb83

    SHA1

    8ec87a2eda77f2b6b7e6c021b4f097878769bb47

    SHA256

    43b127ccc1083f203f3b3b0c86008bf39cefc5ff3a76f5c9a5f3786376520d07

    SHA512

    6b5e00e8b083d781fd69e974c54937c8e3d0a26e2c60e27bfeccb7062c861932759d1db3c2c5df56c20b14a9206f308a24b8076889105c556b45d0847406782c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\image.gif
    Filesize

    1KB

    MD5

    dbdaa836d37b27a4f899cb5dc77f0a7c

    SHA1

    5496ddd79be367248e25f675130bbd0e70dd9970

    SHA256

    5df347c2997fa8c7ccac1f1362c767d041d988f752ee52dc70d67a89234d16e3

    SHA512

    12b9fa8e42950930d65f812169c0e58d6b862273aec10e5a24c656ffbba7f079fa78a2fce5b350845abc558ec86162e1c9b6bceb4c37c3312d6f8d88d4ef79f1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3Z4AMHD1.txt
    Filesize

    600B

    MD5

    0bc7c64c80329fcefe769a118738c573

    SHA1

    043fbf5adc8c22ad16d733188235f74565ce9fef

    SHA256

    b2dbcd8ee1e5f926c1ddd11abfac9fc555ed5b188709078608b85669407e94e6

    SHA512

    8e1ea407e654787a25531584adf65fbb6daaf07973d214150776abfa864bc861e59bda87ec5663e8528a7a458f0b986d29693e8ba5312146322fcec6087b48f1

    Download Submit

  • memory/968-62-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/968-60-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/968-64-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/968-65-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/968-58-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/968-56-0x000000003C040000-0x000000003C09F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

    Filesize

    8KB

    Download