Overview
overview
10Static
static
1000ad95ca93...0e.dll
windows7-x64
300ad95ca93...0e.dll
windows10-2004-x64
305d1b79186...c3.dll
windows7-x64
105d1b79186...c3.dll
windows10-2004-x64
12411b23bab...09.dll
windows7-x64
12411b23bab...09.dll
windows10-2004-x64
631d025c022...55.dll
windows7-x64
131d025c022...55.dll
windows10-2004-x64
53b0dce669a...1d.dll
windows7-x64
33b0dce669a...1d.dll
windows10-2004-x64
33ba484fd94...b7.dll
windows7-x64
13ba484fd94...b7.dll
windows10-2004-x64
1443c727f45...fd.dll
windows7-x64
9443c727f45...fd.dll
windows10-2004-x64
94bc3d95ee8...a2.dll
windows7-x64
14bc3d95ee8...a2.dll
windows10-2004-x64
64d81b964b8...53.dll
windows7-x64
14d81b964b8...53.dll
windows10-2004-x64
34fb5b0da3a...45.dll
windows7-x64
14fb5b0da3a...45.dll
windows10-2004-x64
550d0a3b32e...88.dll
windows7-x64
350d0a3b32e...88.dll
windows10-2004-x64
359f42ecde1...d1.dll
windows7-x64
159f42ecde1...d1.dll
windows10-2004-x64
105a76edd4bf...87.dll
windows7-x64
65a76edd4bf...87.dll
windows10-2004-x64
6610e854b8c...19.dll
windows7-x64
1610e854b8c...19.dll
windows10-2004-x64
5644a054d1f...bc.dll
windows7-x64
6644a054d1f...bc.dll
windows10-2004-x64
6802a953fdb...1f.dll
windows7-x64
9802a953fdb...1f.dll
windows10-2004-x64
9Analysis
-
max time kernel
135s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2023 21:59
Behavioral task
behavioral1
Sample
00ad95ca939f4fbb3452ea300bb919ef18cbde843604d7148fa165b645c3030e.dll
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
00ad95ca939f4fbb3452ea300bb919ef18cbde843604d7148fa165b645c3030e.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
05d1b791865c9551ed8da6a170eb6f945a4d1e79cb70341f589cc47bacf78cc3.dll
Resource
win7-20230621-en
Behavioral task
behavioral4
Sample
05d1b791865c9551ed8da6a170eb6f945a4d1e79cb70341f589cc47bacf78cc3.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral5
Sample
2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
Resource
win7-20230621-en
Behavioral task
behavioral6
Sample
2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral7
Sample
31d025c022dfa29f0d953d477a5cefebe91bf28e60fa771b407cc0b25dd65355.dll
Resource
win7-20230621-en
Behavioral task
behavioral8
Sample
31d025c022dfa29f0d953d477a5cefebe91bf28e60fa771b407cc0b25dd65355.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral9
Sample
3b0dce669a07626746d3b2301607702abd3bb2cba8dcb9c8b655f246e7b8ab1d.dll
Resource
win7-20230621-en
Behavioral task
behavioral10
Sample
3b0dce669a07626746d3b2301607702abd3bb2cba8dcb9c8b655f246e7b8ab1d.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral11
Sample
3ba484fd9430dda5ea691c86ed0cd6e95f1e401d7b444c0d6465545a03ae20b7.dll
Resource
win7-20230621-en
Behavioral task
behavioral12
Sample
3ba484fd9430dda5ea691c86ed0cd6e95f1e401d7b444c0d6465545a03ae20b7.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral13
Sample
443c727f45873a83f2b236cafa7781439e0ce9a25120d01621a812af15934ffd.dll
Resource
win7-20230621-en
Behavioral task
behavioral14
Sample
443c727f45873a83f2b236cafa7781439e0ce9a25120d01621a812af15934ffd.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral15
Sample
4bc3d95ee8661f7d381b2ceb6cb4a6e9759d7d0f9d883b44528b0f9c0aa559a2.dll
Resource
win7-20230621-en
Behavioral task
behavioral16
Sample
4bc3d95ee8661f7d381b2ceb6cb4a6e9759d7d0f9d883b44528b0f9c0aa559a2.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral17
Sample
4d81b964b809d1d3c642d331f17f80ee013fdd2b8bd2cffd191449313ea92353.dll
Resource
win7-20230621-en
Behavioral task
behavioral18
Sample
4d81b964b809d1d3c642d331f17f80ee013fdd2b8bd2cffd191449313ea92353.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral19
Sample
4fb5b0da3a557a7dac922010a2b888a91055c4381cf494a6336a674be3bb4a45.dll
Resource
win7-20230621-en
Behavioral task
behavioral20
Sample
4fb5b0da3a557a7dac922010a2b888a91055c4381cf494a6336a674be3bb4a45.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral21
Sample
50d0a3b32e813c671248f0f2fe10c3c237ee94bfa94fcaf86886fc3a64d79b88.dll
Resource
win7-20230621-en
Behavioral task
behavioral22
Sample
50d0a3b32e813c671248f0f2fe10c3c237ee94bfa94fcaf86886fc3a64d79b88.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral23
Sample
59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1.dll
Resource
win7-20230621-en
Behavioral task
behavioral24
Sample
59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral25
Sample
5a76edd4bf074cc6a66199f87896dee330a81164d112605681ccb145d64cd587.dll
Resource
win7-20230621-en
Behavioral task
behavioral26
Sample
5a76edd4bf074cc6a66199f87896dee330a81164d112605681ccb145d64cd587.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral27
Sample
610e854b8c98ab9fd11985f3468eababee930d0bc695cc596f7a2b0e92b25f19.dll
Resource
win7-20230621-en
Behavioral task
behavioral28
Sample
610e854b8c98ab9fd11985f3468eababee930d0bc695cc596f7a2b0e92b25f19.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral29
Sample
644a054d1f42e129007fbe1ed445e1f36cc84737727e1d842530e16aec7c37bc.dll
Resource
win7-20230621-en
Behavioral task
behavioral30
Sample
644a054d1f42e129007fbe1ed445e1f36cc84737727e1d842530e16aec7c37bc.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral31
Sample
802a953fdb8efac8ec2a48bb8051713eb23edf962a10640d144206fea99b001f.dll
Resource
win7-20230621-en
Behavioral task
behavioral32
Sample
802a953fdb8efac8ec2a48bb8051713eb23edf962a10640d144206fea99b001f.dll
Resource
win10v2004-20230621-en
General
-
Target
2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
-
Size
473KB
-
MD5
3d051c701fbdf002650f8f90267ee16d
-
SHA1
e835e5d57c769cb86e9e61ff8e28d7bad1421cdb
-
SHA256
2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09
-
SHA512
4018efc79da22eb577a889b608c662ae5d59fc6c8dead939fd814675c08fdd0ac372aa132357451fe4231f592a13ad9b3dfca0f2a12ef9946601a277c18a7dde
-
SSDEEP
6144:nYGKcdvv6azsXOkDriqiN0DaSCrIB28UJ1F5FRpS0Xu0X:YGKKDADhi+Da3rIByJ13pRxX
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
SndVol.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SndVol.exe Set value (str) \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\postventralImpetuosityJunglewood = "rundll32.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\CostumicEuxineUndernatural\\postventralImpetuosityJunglewood.dll\" DllRegisterServer " SndVol.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 5028 set thread context of 3660 5028 rundll32.exe SndVol.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
SndVol.exepid process 3660 SndVol.exe 3660 SndVol.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
Processes:
rundll32.exepid process 5028 rundll32.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 5092 wrote to memory of 5028 5092 rundll32.exe rundll32.exe PID 5092 wrote to memory of 5028 5092 rundll32.exe rundll32.exe PID 5092 wrote to memory of 5028 5092 rundll32.exe rundll32.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe PID 5028 wrote to memory of 3660 5028 rundll32.exe SndVol.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll, DllRegisterServer1⤵
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll, DllRegisterServer2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Windows\SysWOW64\SndVol.exe"C:\Windows\SysWOW64\SndVol.exe"3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:3660
-
-