Overview

overview

10

Static

static

REPORT_XK8855.lnk

windows7-x64

10

REPORT_XK8855.lnk

windows10-2004-x64

10

RecentInfo...te.cmd

windows7-x64

10

RecentInfo...te.cmd

windows10-2004-x64

10

RecentInfo...es.dll

windows7-x64

3

RecentInfo...es.dll

windows10-2004-x64

3

Resubmissions

26-12-2022 16:35

221226-t3ym5adb75 10

26-12-2022 13:17

221226-qjpdkagb7s 10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2022 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RecentInformation/NeedChangeRules.dll

  • Size

    817KB

  • MD5

    0e2d5c8c4b7d0c79696deaf595e03ff4

  • SHA1

    e80fc6fd663fb62da6e7977c2026bd922398c210

  • SHA256

    a31afaffcaaf2daada6c7b89e55d204f6de94cd81df8f2a26f010d39dc3e8e6a

  • SHA512

    32e68b2d701ea4ad0d648a728f2a2c648b8113f78b346360ecde4f136433dfb869b426f50e27795c062468ba6ec18d0306bea08b0a2b7f87cb193aec2871c4b8

  • SSDEEP

    12288:JJGwvTfCMf8rVomRle7XBr4fi7wDqo4TARMhxMrFND648j4xhT6Wl:JY5rVtcsfi7wDP4TAR0sFN+Ux

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\RecentInformation\NeedChangeRules.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\RecentInformation\NeedChangeRules.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 224
        3⤵
        • Program crash
        PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/808-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1108-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1108-55-0x0000000075B41000-0x0000000075B43000-memory.dmp
    Filesize

    8KB

    Download