Overview

overview

5

Static

static

643002abee...a8.dll

windows7-x64

5

643002abee...a8.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2022 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll

  • Size

    5.9MB

  • MD5

    185902246db0dcd5b7c0205f6c4fba2a

  • SHA1

    19367bfd8c9fc58daef956ff22e1db27f4762534

  • SHA256

    643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8

  • SHA512

    11f85d76c3b7bb8958b336b2d3c06040ae94baf0b3bdf3610e3934c4b5cf5f309be04a4f6914c59c29cbb2d92168a2f5b6b8d17fdea932a48dd89451ba135ea6

  • SSDEEP

    98304:00eJ5nMkn6PVjTUHMKqJZyDvOmTyKIKEQnC3DHIHbnRcNQwpZ4kCI2CBng+j+FKx:00T1tp3JZyDnBE5DHIbRcNTbjLj0Kykg

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1996-54-0x0000000000000000-mapping.dmp

    Download

  • memory/1996-55-0x0000000076031000-0x0000000076033000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1996-56-0x0000000073C20000-0x0000000074221000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1996-58-0x000000006D4B0000-0x000000006D4C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1996-59-0x0000000073C20000-0x0000000074221000-memory.dmp

    Filesize

    6.0MB

    Download