Overview

overview

9

Static

static

3

Informatio...64.dll

windows10-2004-x64

9

Informatio... .exe

windows10-2004-x64

1

Information/dbg.info

windows10-2004-x64

3

Analysis

  • max time kernel
    706s
  • max time network
    1165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Information/AppvIsvSubsystems64.dll

  • Size

    245KB

  • MD5

    d2b2f086bf9241954435caecc3ea851e

  • SHA1

    e16d41f69f5dbcffd39b9a6c1f8b5b5eda7f6651

  • SHA256

    e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8

  • SHA512

    bb90c6dbe3dcc36b80fc4969adf2bf345dbf37ffc8f27ef3b20f94ff2f5150e1af7e5cded060af820d1fe18e16be1e9eca627b42dfbd563bcc0f9f32d3884a83

  • SSDEEP

    3072:izOFLss8Lsf3gMAPr5k+Ycx+VHiTAyWOhvccCtaCWe8RA2w1SAMe0UAzSXw6gGPZ:izQLs/NMo5TAHcXVccHCWTA2KGzfGh

Score
9/10
coreentity

Malware Config

Signatures

  • CoreEntity .NET Packer 1 IoCs

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Information\AppvIsvSubsystems64.dll,#1
    1⤵
      PID:4516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4516-133-0x00007FFA81340000-0x00007FFA81BE8000-memory.dmp
      Filesize

      8.7MB

      Download
    • memory/4516-134-0x0000000180000000-0x00000001800C4000-memory.dmp
      Filesize

      784KB

      Download