9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll
Size

27KB
MD5

e674fc01c9972650c301861415c18460
SHA1

5265a42d368b208f10b14efab1ef5cb02d44d230
SHA256

9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d
SHA512

d6f7c43da1b57f08d7683e50b71fa90a4996cf48f115dd4cfc479b9272370ec90e6bbeb94f8fed76050ea35dd0f56b3c3eb1cc5e95335542cbb3ace333a64ec7
SSDEEP

384:1/yASy0m2N4tlJQNPi20Q/IdPc8zuP/qQbDOJBpbmXwkIvuwHjCYe:S0lJwPi5Q/IVZu3qVmf2e

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 64 IoCs

flow	pid	Process
1	688	rundll32.exe
2	688	rundll32.exe
3	688	rundll32.exe
4	688	rundll32.exe
5	688	rundll32.exe
6	688	rundll32.exe
7	688	rundll32.exe
8	688	rundll32.exe
9	688	rundll32.exe
10	688	rundll32.exe
11	688	rundll32.exe
12	688	rundll32.exe
13	688	rundll32.exe
14	688	rundll32.exe
15	688	rundll32.exe
16	688	rundll32.exe
17	688	rundll32.exe
18	688	rundll32.exe
19	688	rundll32.exe
20	688	rundll32.exe
21	688	rundll32.exe
22	688	rundll32.exe
23	688	rundll32.exe
24	688	rundll32.exe
25	688	rundll32.exe
26	688	rundll32.exe
27	688	rundll32.exe
28	688	rundll32.exe
29	688	rundll32.exe
30	688	rundll32.exe
31	688	rundll32.exe
32	688	rundll32.exe
33	688	rundll32.exe
34	688	rundll32.exe
35	688	rundll32.exe
36	688	rundll32.exe
37	688	rundll32.exe
38	688	rundll32.exe
39	688	rundll32.exe
40	688	rundll32.exe
41	688	rundll32.exe
42	688	rundll32.exe
43	688	rundll32.exe
44	688	rundll32.exe
45	688	rundll32.exe
46	688	rundll32.exe
47	688	rundll32.exe
48	688	rundll32.exe
49	688	rundll32.exe
50	688	rundll32.exe
51	688	rundll32.exe
52	688	rundll32.exe
53	688	rundll32.exe
54	688	rundll32.exe
55	688	rundll32.exe
56	688	rundll32.exe
57	688	rundll32.exe
58	688	rundll32.exe
59	688	rundll32.exe
60	688	rundll32.exe
61	688	rundll32.exe
62	688	rundll32.exe
63	688	rundll32.exe
64	688	rundll32.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\4287890029\ImagePath = "\\systemroot\\4287890029"	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
688	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	688	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28
PID 1520 wrote to memory of 688	1520	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Sets service image path in registry
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/688-55-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download