Overview

overview

10

Static

static

bdd3f0e846...cd.dll

windows7-x64

10

bdd3f0e846...cd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 18:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdd3f0e846f4c3aa1531049ad6c833e1ad5afae1c869063410ea927061f599cd.dll

  • Size

    236KB

  • MD5

    e4c2d1e7df0e33ee1996bf1efd8fba0b

  • SHA1

    2f2af265b0802113318a09f4b792e28f217aa90a

  • SHA256

    bdd3f0e846f4c3aa1531049ad6c833e1ad5afae1c869063410ea927061f599cd

  • SHA512

    d58d53000d5f7dd9387dce329ca2729ee3f7108b5916de97e2c43375a3641971907cdb00ffa09a10b6bf0ac53c8a583e763cc42cfb2455b588774dfce31db662

  • SSDEEP

    3072:3F24fliN+7XlmZKxbLYH1rhAwHL5K2W5QVgxwkFy:3F24flic7X8ZibLYHFhAkKZYgny

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdd3f0e846f4c3aa1531049ad6c833e1ad5afae1c869063410ea927061f599cd.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdd3f0e846f4c3aa1531049ad6c833e1ad5afae1c869063410ea927061f599cd.dll,#1
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3284

Network

    No results found
  • 93.184.221.240:80
    260 B
     5
  • 95.101.78.106:80
    322 B
     7
  • 95.101.78.106:80
    322 B
     7
  • 51.116.253.168:443
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\yhzrcrmwa.dll
    Filesize

    478KB

    MD5

    e99416267b61f52fa5ab994019efd359

    SHA1

    86d31eae707db7fe51d2556394fcf0e8e9f6b0fd

    SHA256

    768c286674371564b5e6095edb56e0a4231f341be895da69cfccca5160029774

    SHA512

    0a1c7579a9c787c2c1bef35f0660e72e74b42824e14ebea63b87ed25ddaf107e3746567bb431cab41a2f6719fad2c22d96e0715a1fe085d75805d7d66f7f05ae

    Download Submit

  • memory/3284-134-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3284-135-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.