52243008420767493eed7a3a5ffbe72e101ab53c843103df7afdb04184f31653

Analysis

max time kernel
35s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52243008420767493eed7a3a5ffbe72e101ab53c843103df7afdb04184f31653.dll
Size

218KB
MD5

9e70c792d40be5f0fdd9ee10b7939eb0
SHA1

b2fc87144c473b74a80618ba62005aa9b7bf18fd
SHA256

52243008420767493eed7a3a5ffbe72e101ab53c843103df7afdb04184f31653
SHA512

77285d75e401283e41be92bc3a865df73364b176f0078c7e0c650f897a3b32db0a860fc9dd8332df596df449db467ba67f8c236ea2630cf2756eaef35c854108
SSDEEP

6144:5zWGXFBX1sQ1kb5ssXXT2xtn2PgUQQomerjzZ:5KQn1iXXTigYUbJer

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28
PID 2004 wrote to memory of 1900	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52243008420767493eed7a3a5ffbe72e101ab53c843103df7afdb04184f31653.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52243008420767493eed7a3a5ffbe72e101ab53c843103df7afdb04184f31653.dll,#1
  2⤵
  - Enumerates system info in registry
  PID:1900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/1900-57-0x00000000006F0000-0x000000000070E000-memory.dmp

Filesize
120KB

Download
memory/1900-56-0x00000000006F0000-0x000000000070E000-memory.dmp

Filesize
120KB

Download
memory/1900-58-0x00000000006B0000-0x00000000006E9000-memory.dmp

Filesize
228KB

Download