Overview

overview

8

Static

static

afbd6562b4...e4.dll

windows7-x64

8

afbd6562b4...e4.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afbd6562b4a8fb677e0c01d14f81384c3b07a8dd55d74271f83aa220e9a277e4.dll

  • Size

    30.2MB

  • MD5

    c3022ed2bd994f040336e84889a1d4eb

  • SHA1

    3edd971cccb71a40ac49dc1e61404540a99be17b

  • SHA256

    afbd6562b4a8fb677e0c01d14f81384c3b07a8dd55d74271f83aa220e9a277e4

  • SHA512

    ebab6b39b7695c5b1bca44f4c0039925648105c75d1d19ad3635dd0bfd4191a842d3929e585d2d9d0fe97e26187e17b572c044290c225719a33356a6df5ded4f

  • SSDEEP

    6144:PYIlNB8+K+8VfBFRgP8tDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDP:wIlE+8V5gP

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\afbd6562b4a8fb677e0c01d14f81384c3b07a8dd55d74271f83aa220e9a277e4.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\afbd6562b4a8fb677e0c01d14f81384c3b07a8dd55d74271f83aa220e9a277e4.dll
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1376
      • C:\windows\SysWOW64\rundll32.exe
        C:\windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\AFBD65~1.DLL comdl2
        3⤵
        • Blocklisted process makes network request
        • Drops file in Program Files directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads