Overview

overview

7

Static

static

59af4ef321...ce.dll

windows7-x64

4

59af4ef321...ce.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59af4ef321cdb5782346f2edf76acbc42687090357f6fe3c20bb781c47e5b1ce.dll

  • Size

    8.9MB

  • MD5

    1c683ce3b97ea290c65b30d18752e9a4

  • SHA1

    70c1c7a92f10231d8011c4e81bc0c80cf8136844

  • SHA256

    59af4ef321cdb5782346f2edf76acbc42687090357f6fe3c20bb781c47e5b1ce

  • SHA512

    58245e3df8d174a4b298f58752d8757a0e333df6218db8e8fc08dfcba8da4d2074de6709057beb9e9fb7e5a2b6c29607a7006332ae34b4434568e51cf79550cd

  • SSDEEP

    3072:Oa01JAbL1FjvSqXN2d1GJTh0dRMLFnWV+qY2pH8cR6Xm/S3RBatLG9NOtDDDDDDJ:OaOib9c5RMpohpczXm/QRBvNa

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\59af4ef321cdb5782346f2edf76acbc42687090357f6fe3c20bb781c47e5b1ce.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\59af4ef321cdb5782346f2edf76acbc42687090357f6fe3c20bb781c47e5b1ce.dll,#1
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3504
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\FileName.jpg
    Filesize

    17.3MB

    MD5

    f8b6bb58849c9c4982d463a3a1d64381

    SHA1

    15f0330f92bad32c53be32c4591408ad6e4dfc67

    SHA256

    647b349a1d0be4b743c26d046261d2adbc5f7078b27ac823d684d746be1091bd

    SHA512

    1fdfcbe5caed92e1a0bfaf695877301a6c3dd05b49d8534470454bd460d72c96b987a2af63222f78422229b027b8a716dc42ea0e98ef55075ce942d98c8aeaf2

    Download Submit

  • \??\c:\windows\filename.jpg
    Filesize

    17.3MB

    MD5

    f8b6bb58849c9c4982d463a3a1d64381

    SHA1

    15f0330f92bad32c53be32c4591408ad6e4dfc67

    SHA256

    647b349a1d0be4b743c26d046261d2adbc5f7078b27ac823d684d746be1091bd

    SHA512

    1fdfcbe5caed92e1a0bfaf695877301a6c3dd05b49d8534470454bd460d72c96b987a2af63222f78422229b027b8a716dc42ea0e98ef55075ce942d98c8aeaf2

    Download Submit

  • memory/560-136-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/560-137-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/3504-133-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download