Overview
overview
10Static
static
1044ede6e1b9...0b.dll
windows7-x64
1044ede6e1b9...0b.dll
windows10-1703-x64
1044ede6e1b9...0b.dll
windows10-2004-x64
10830700df4f...46.dll
windows7-x64
10830700df4f...46.dll
windows10-1703-x64
10830700df4f...46.dll
windows10-2004-x64
10b89d80ca3f...79.dll
windows7-x64
10b89d80ca3f...79.dll
windows10-1703-x64
10b89d80ca3f...79.dll
windows10-2004-x64
10cad0968f5a...b9.exe
windows7-x64
10cad0968f5a...b9.exe
windows10-1703-x64
10cad0968f5a...b9.exe
windows10-2004-x64
10e3932ab83b...e8.dll
windows7-x64
10e3932ab83b...e8.dll
windows10-1703-x64
10e3932ab83b...e8.dll
windows10-2004-x64
10Resubmissions
03-08-2023 07:52
230803-jqkwdsca99 1027-07-2023 11:24
230727-nhyvhaec35 1026-12-2022 13:39
221226-qx588sgb9y 1026-12-2022 13:39
221226-qx1zhsgb9x 1026-12-2022 13:38
221226-qxxbbsda57 1026-12-2022 13:38
221226-qxjp8sda56 10Analysis
-
max time kernel
1800s -
max time network
1803s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
27-07-2023 11:24
Behavioral task
behavioral1
Sample
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
830700df4fc2b75b067479d6f2f67d51dff7e883d2a33793c905380a9351cb46.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral5
Sample
830700df4fc2b75b067479d6f2f67d51dff7e883d2a33793c905380a9351cb46.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
830700df4fc2b75b067479d6f2f67d51dff7e883d2a33793c905380a9351cb46.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral8
Sample
b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral11
Sample
cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9.exe
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral14
Sample
e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
e3932ab83bc05de2e91d321c4d479ff1aa3d10fdbd91e1687c80cc0ec88270e8.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll
-
Size
345KB
-
MD5
adba2ac8f027946da258155b140c068a
-
SHA1
91b1dceb17403910d7aa9bee1029f11153accff4
-
SHA256
b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279
-
SHA512
356865ecaf00b10af50ec1f7ffdcc89249e1eaf2a1648c970393d7c66359e578ce9d6987f66dc49cb769e36e8ea62c4ff17d6b173bc793b61fa81e11e619229f
-
SSDEEP
6144:q9xZILKtmfbcPK2U6gRURSxE8efnQe+R+FNHmZ04aR31cdpN0V:q9xZIL1bcPRUrURAOn8gTGCPMwV
Malware Config
Extracted
zloader
nut
16/02
https://wewalk.cl/post.php
https://dpack-co.com/post.php
https://dr-mirahmadi.ir/post.php
https://indiaastrologyfoundation.in/post.php
https://metisacademy.ir/post.php
https://lan-samarinda.com/post.php
https://pyouleigorgawimbwans.tk/post.php
-
build_id
351
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 16 2332 msiexec.exe 18 2332 msiexec.exe 27 2332 msiexec.exe 28 2332 msiexec.exe 29 2332 msiexec.exe 30 2332 msiexec.exe 31 2332 msiexec.exe 32 2332 msiexec.exe 33 2332 msiexec.exe 34 2332 msiexec.exe 35 2332 msiexec.exe 36 2332 msiexec.exe 37 2332 msiexec.exe 38 2332 msiexec.exe 39 2332 msiexec.exe 40 2332 msiexec.exe 41 2332 msiexec.exe 42 2332 msiexec.exe 43 2332 msiexec.exe 44 2332 msiexec.exe 45 2332 msiexec.exe 46 2332 msiexec.exe 47 2332 msiexec.exe 49 2332 msiexec.exe 50 2332 msiexec.exe 51 2332 msiexec.exe 53 2332 msiexec.exe 63 2332 msiexec.exe 71 2332 msiexec.exe 72 2332 msiexec.exe 73 2332 msiexec.exe 74 2332 msiexec.exe 75 2332 msiexec.exe 76 2332 msiexec.exe 77 2332 msiexec.exe 78 2332 msiexec.exe 79 2332 msiexec.exe 80 2332 msiexec.exe 81 2332 msiexec.exe 82 2332 msiexec.exe 83 2332 msiexec.exe 84 2332 msiexec.exe 85 2332 msiexec.exe 86 2332 msiexec.exe 87 2332 msiexec.exe 88 2332 msiexec.exe 89 2332 msiexec.exe 90 2332 msiexec.exe 91 2332 msiexec.exe 93 2332 msiexec.exe 94 2332 msiexec.exe 95 2332 msiexec.exe 96 2332 msiexec.exe 98 2332 msiexec.exe 107 2332 msiexec.exe 115 2332 msiexec.exe 116 2332 msiexec.exe 117 2332 msiexec.exe 118 2332 msiexec.exe 119 2332 msiexec.exe 120 2332 msiexec.exe 121 2332 msiexec.exe 122 2332 msiexec.exe 123 2332 msiexec.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2184 set thread context of 2332 2184 rundll32.exe 31 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 2332 msiexec.exe Token: SeSecurityPrivilege 2332 msiexec.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2560 wrote to memory of 2184 2560 rundll32.exe 28 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31 PID 2184 wrote to memory of 2332 2184 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b89d80ca3f0a5da24b8b768d2d5eb35ca1322f6bc2b01e265465ac95d7d61279.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:2332
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27