Overview

overview

6

Static

static

a37ceb1468...aa.dll

windows7-x64

6

a37ceb1468...aa.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    116s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 16:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a37ceb1468d761c335f4f22b5db5a9bdd58d045538ed7b140026d758ab49abaa.dll

  • Size

    362KB

  • MD5

    6fd7613c78e39d01ef30b5b9232a9573

  • SHA1

    b11b124638f951a0ffc998ef7d931c17470ff4dd

  • SHA256

    a37ceb1468d761c335f4f22b5db5a9bdd58d045538ed7b140026d758ab49abaa

  • SHA512

    35ae08a9f15a92171da588015b6942d15cdbe3811934b3039230c3033f674c9c192b4a12b1b02ba8cca4718ed21507af4a1fcd519658b70b4cc39e3267591115

  • SSDEEP

    6144:QfNPIM8GnbgYCucP3WeNQvhodt1UoZxvJp/YCQRHHTxfyK5rcgOG0XKV:h0nbhXon1vvTsRnV15rxX0XK

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a37ceb1468d761c335f4f22b5db5a9bdd58d045538ed7b140026d758ab49abaa.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a37ceb1468d761c335f4f22b5db5a9bdd58d045538ed7b140026d758ab49abaa.dll,#1
      2⤵
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1628
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1200
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275461 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1828

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KOWN1FLO.txt
          Filesize

          608B

          MD5

          6ea36b1e3a872d916420ebf248c76d98

          SHA1

          56507ae0964933e5619016ca991d02ee2bad0956

          SHA256

          7261630fd1d242f7c95fb9d22fd4c50fa12c68f18628409f033c218319eae117

          SHA512

          68b546857ee87d742e546deb30900b151cebf03309304875a424396acf3990834c9428ef5d826189e6e73f67800e37a553becce613d6638e93fb313004e27fa2

          Download Submit

        • memory/1628-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1628-56-0x00000000001D0000-0x000000000022E000-memory.dmp

          Filesize

          376KB

          Download

        • memory/1628-60-0x0000000000130000-0x000000000018F000-memory.dmp

          Filesize

          380KB

          Download