Overview

overview

8

Static

static

bebb72bd4b...59.dll

windows7-x64

8

bebb72bd4b...59.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    241s
  • max time network
    254s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059.dll

  • Size

    159KB

  • MD5

    2e2c1d6fb1dbe7b9fbbad8edb825586a

  • SHA1

    bea13d13f941597facc3d27d28ad558abbb9c8a0

  • SHA256

    bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059

  • SHA512

    e1ae1f13a7ff5e32d19c91fae3f0aa049022c25c94f7989e56a89876c07b677c168f7ff2888e5b07071ae178eb9d0b0a1291bb4b26d40c410f1993866c67e0a8

  • SSDEEP

    3072:vlxDF2MAP/JEhMCra2RTGPuYIrSOht/YzdTlIhZO7VrMYN6OG9ssjor:vlxDGP/JEhMCmFWYIrSOhlWdgZO7R3sE

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3908
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059.dll,#1
      2⤵
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      PID:2308
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Loads dropped DLL
    PID:3832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Linsk.dll
    Filesize

    159KB

    MD5

    2e2c1d6fb1dbe7b9fbbad8edb825586a

    SHA1

    bea13d13f941597facc3d27d28ad558abbb9c8a0

    SHA256

    bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059

    SHA512

    e1ae1f13a7ff5e32d19c91fae3f0aa049022c25c94f7989e56a89876c07b677c168f7ff2888e5b07071ae178eb9d0b0a1291bb4b26d40c410f1993866c67e0a8

    Download Submit

  • C:\Windows\SysWOW64\Linsk.dll
    Filesize

    159KB

    MD5

    2e2c1d6fb1dbe7b9fbbad8edb825586a

    SHA1

    bea13d13f941597facc3d27d28ad558abbb9c8a0

    SHA256

    bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059

    SHA512

    e1ae1f13a7ff5e32d19c91fae3f0aa049022c25c94f7989e56a89876c07b677c168f7ff2888e5b07071ae178eb9d0b0a1291bb4b26d40c410f1993866c67e0a8

    Download Submit

  • \??\c:\windows\SysWOW64\linsk.dll
    Filesize

    159KB

    MD5

    2e2c1d6fb1dbe7b9fbbad8edb825586a

    SHA1

    bea13d13f941597facc3d27d28ad558abbb9c8a0

    SHA256

    bebb72bd4b163cbea9871662616dec595180886b5e64b7002ced5c185ba7d059

    SHA512

    e1ae1f13a7ff5e32d19c91fae3f0aa049022c25c94f7989e56a89876c07b677c168f7ff2888e5b07071ae178eb9d0b0a1291bb4b26d40c410f1993866c67e0a8

    Download Submit

  • memory/2308-133-0x00000000021A0000-0x00000000021F6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2308-134-0x00000000021A0000-0x00000000021F6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3832-138-0x0000000001200000-0x0000000001256000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3832-139-0x0000000001200000-0x0000000001256000-memory.dmp

    Filesize

    344KB

    Download