Overview

overview

10

Static

static

10

NA_11cbb02...JC.dll

windows7-x64

9

NA_11cbb02...JC.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2023, 13:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NA_11cbb0233aff83d54e0d9189d_JC.dll

  • Size

    38KB

  • MD5

    9cd94c8ac5c05061bcd4edb8c1e7f8f4

  • SHA1

    d722c153c9ea0b627b09346f1e9e6deec4c3cbe0

  • SHA256

    11cbb0233aff83d54e0d9189d3a08d02a6bbb0ffa5c3b161df462780e0ee2d2d

  • SHA512

    9eea5545db4bd2c4f898f3ca733af839e710754a417615a926df95279db6b3803c230f0f083e5ac4248c4ed8e67e47f4c7fb5a08c5c042da5ecc2c291a363084

  • SSDEEP

    768:gGiEEBGU4Ly9RWFaoF4Vcps8etdvAgV1N:JiLBWLAWFad8eT4u1N

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NA_11cbb0233aff83d54e0d9189d_JC.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\NA_11cbb0233aff83d54e0d9189d_JC.dll
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C "ping localhost && copy /b /y %SystemRoot%\System32\ActivationManager.dll %appdata%\Microsoft\nonresistantOutlivesDictatorial\AphroniaHaimavati.dll"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1064
        • C:\Windows\SysWOW64\PING.EXE
          ping localhost
          4⤵
          • Runs ping.exe
          PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e746e5ebbec64a3adda670fb370e48a

    SHA1

    11d8b1e3d786e243870b60e6d1f68f45bd4f514e

    SHA256

    aeb14d70ef3dc8630be823926839e1734095037cfe972d88b3fe2569381343f4

    SHA512

    cb243afc3ccab578f25db2bd7ca13aed7dd586f31ca96db75d6c9909f086b18eccf57acd1a87755f92f7d7ee3e0621741d1a5f76a9c4d2e695f8f2a5389e7333

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7274.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7332.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit