Overview

overview

8

Static

static

5d294b7854...c8.dll

windows7-x64

8

5d294b7854...c8.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d294b785461c6306f9e887ca3b19a74241c678f6293cdaeb69e14e5462ae7c8.dll

  • Size

    223KB

  • MD5

    8106b4eab4124095787382be0f45511a

  • SHA1

    0af1e646789dfe640974c7788084e642e62bf7e8

  • SHA256

    5d294b785461c6306f9e887ca3b19a74241c678f6293cdaeb69e14e5462ae7c8

  • SHA512

    24fc7ae4c3197373e7ca5069021b5ce316ccaaa0ca14eb2bd87cfc3ce9ddcb6edf74f507b58c7ccd163f99960e879ea4900c12b3f4ac062503211d45d704fab6

  • SSDEEP

    3072:NzeJnVbXhlttc//////NplpuuT+zeJa5EMVC7:B4VbXLttc//////NfT2FC7

Score
8/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d294b785461c6306f9e887ca3b19a74241c678f6293cdaeb69e14e5462ae7c8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d294b785461c6306f9e887ca3b19a74241c678f6293cdaeb69e14e5462ae7c8.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Users\Admin\AppData\Local\Temp\indecxw.BBC
        indecxw.BBC
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1504

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\indecxw.BBC
    Filesize

    208KB

    MD5

    ce704de5222df927a03026a966fc84c4

    SHA1

    39cd6a135712bbb280ac7a3c83c76b29b88ed876

    SHA256

    2b894cc3412b2666334e5b6a7a1db987957bae19f5343a03639b50f591e21376

    SHA512

    c3a0ceae68e1dbf692aa19eb9557a58c3579c60b9489e12094d240e11a88da5a30ce1ee8d7597eb76a069fcfd7f279b9214c88223239729160fc46a7dee176e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\indecxw.BBC
    Filesize

    208KB

    MD5

    ce704de5222df927a03026a966fc84c4

    SHA1

    39cd6a135712bbb280ac7a3c83c76b29b88ed876

    SHA256

    2b894cc3412b2666334e5b6a7a1db987957bae19f5343a03639b50f591e21376

    SHA512

    c3a0ceae68e1dbf692aa19eb9557a58c3579c60b9489e12094d240e11a88da5a30ce1ee8d7597eb76a069fcfd7f279b9214c88223239729160fc46a7dee176e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\indecxw.BBC
    Filesize

    208KB

    MD5

    ce704de5222df927a03026a966fc84c4

    SHA1

    39cd6a135712bbb280ac7a3c83c76b29b88ed876

    SHA256

    2b894cc3412b2666334e5b6a7a1db987957bae19f5343a03639b50f591e21376

    SHA512

    c3a0ceae68e1dbf692aa19eb9557a58c3579c60b9489e12094d240e11a88da5a30ce1ee8d7597eb76a069fcfd7f279b9214c88223239729160fc46a7dee176e3

    Download Submit

  • memory/1120-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1120-55-0x0000000075891000-0x0000000075893000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1504-58-0x0000000000000000-mapping.dmp

    Download