Overview

overview

5

Static

static

643002abee...a8.dll

windows7-x64

5

643002abee...a8.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    61s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2022 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll

  • Size

    5.9MB

  • MD5

    185902246db0dcd5b7c0205f6c4fba2a

  • SHA1

    19367bfd8c9fc58daef956ff22e1db27f4762534

  • SHA256

    643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8

  • SHA512

    11f85d76c3b7bb8958b336b2d3c06040ae94baf0b3bdf3610e3934c4b5cf5f309be04a4f6914c59c29cbb2d92168a2f5b6b8d17fdea932a48dd89451ba135ea6

  • SSDEEP

    98304:00eJ5nMkn6PVjTUHMKqJZyDvOmTyKIKEQnC3DHIHbnRcNQwpZ4kCI2CBng+j+FKx:00T1tp3JZyDnBE5DHIbRcNTbjLj0Kykg

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\643002abeecaeb93ef7886b69a8b4e95351d4c4da589ba1c9e8813d9e4e8aba8.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4832-132-0x0000000000000000-mapping.dmp

    Download

  • memory/4832-133-0x0000000074D40000-0x0000000075341000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4832-135-0x0000000074D40000-0x0000000075341000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4832-136-0x000000006E940000-0x000000006E950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4832-137-0x0000000074D40000-0x0000000075341000-memory.dmp

    Filesize

    6.0MB

    Download