Overview

overview

10

Static

static

ed9981e178...4e.dll

windows7-x64

10

ed9981e178...4e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 12:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ed9981e17860c5c68f4e63610b2bea23ec2fd14f6aa64dce59b77fb6b47cb74e.dll

  • Size

    312KB

  • MD5

    2256eaef6b2c21ab4ee463ca36109a61

  • SHA1

    c7f6fa51865f2a9f7f475064642652bb674e79f6

  • SHA256

    ed9981e17860c5c68f4e63610b2bea23ec2fd14f6aa64dce59b77fb6b47cb74e

  • SHA512

    a770b59d8ba6ab5c3d868e1f11cbf6861b8b7b45373f453d1b6a9f80b2452f67c2c5fa6b1dd5d08d005cbb24edfa6d75734093280ccf5de8e00628aa8b663e36

  • SSDEEP

    3072:QhrXgpanqX61IFlHguP4zuuqyJb4KwNf5792xv/XC4lqwkC2L/05BjAZ5IVL1MTn:ErRk6tuXhVGt5BwS1IZ5m9SK9o

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9981e17860c5c68f4e63610b2bea23ec2fd14f6aa64dce59b77fb6b47cb74e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9981e17860c5c68f4e63610b2bea23ec2fd14f6aa64dce59b77fb6b47cb74e.dll,#1
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Modifies registry class
      PID:1960

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1960-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

          Filesize

          8KB

          Download