Overview

overview

7

Static

static

7

easy_Benig...26.dll

windows7-x64

7

easy_Benig...26.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll

  • Size

    5KB

  • MD5

    419dde60c503fcd63cd47af6d2c4aff1

  • SHA1

    85e3b53de0018685ef7fd00977a36b0bdc073668

  • SHA256

    ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326

  • SHA512

    218cac2bf4199cd57a86736ead52806350ebe3698eadcac61e03e653859c39773e3a2d22ece3a560362a6f1d51b93d9de2389ca2e8eca17c9a7e1a29e23d044a

  • SSDEEP

    48:6BqvR+oisA/jGtJDAhFYUWQJg5dcipdK2JhIN3qO9UytVXMa84rygy5ISBo1SeJ2:i9o3rU9En1IrWytx7GjSSBox01s+k

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll,#1
      2⤵
        PID:2332
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 600
          3⤵
          • Program crash
          PID:2264
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:1284
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2332 -ip 2332
      1⤵
        PID:3576

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2332-133-0x0000000010020000-0x000000001002B000-memory.dmp

        Filesize

        44KB

        Download