Analysis
-
max time kernel
249s -
max time network
314s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll
Resource
win7-20221111-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll
-
Size
545KB
-
MD5
848a91da2f8ddcd9dad773f7847a97f2
-
SHA1
20d7cbb48f2cc4fb6c3b7f13715a095ab20dbc6c
-
SHA256
5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde
-
SHA512
8955832f43331d5649aeccafd68b4ddba5f32e196298933dc7bdbc188a6bdf58e4f44c7fed2f12d351c1cecda51d96ac38a31723a9e4570307ec5d5738669b59
-
SSDEEP
12288:hDqWCJVf1SRn8M8E/MchvKohrWZF73OwxrZkXlS:haVkRn8MZ/nhv40ErelS
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde = "rundll32.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll,#1" rundll32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F09C260-70BD-11ED-90DE-EEBA1A0FFCD1} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375981237" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 908 iexplore.exe 908 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 908 iexplore.exe 908 iexplore.exe 1272 IEXPLORE.EXE 1272 IEXPLORE.EXE 668 rundll32.exe 908 iexplore.exe 908 iexplore.exe 1820 IEXPLORE.EXE 1820 IEXPLORE.EXE 668 rundll32.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 1500 wrote to memory of 668 1500 rundll32.exe 28 PID 908 wrote to memory of 1272 908 iexplore.exe 31 PID 908 wrote to memory of 1272 908 iexplore.exe 31 PID 908 wrote to memory of 1272 908 iexplore.exe 31 PID 908 wrote to memory of 1272 908 iexplore.exe 31 PID 908 wrote to memory of 1820 908 iexplore.exe 32 PID 908 wrote to memory of 1820 908 iexplore.exe 32 PID 908 wrote to memory of 1820 908 iexplore.exe 32 PID 908 wrote to memory of 1820 908 iexplore.exe 32
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9485e08e697e5cb22d09718ec72a830af23723a7f44133cd09794531d1efde.dll,#12⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:908 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1272
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:275461 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1820
-