Overview

overview

8

Static

static

3

b7d67a09e3...6d.dll

windows7-x64

8

b7d67a09e3...6d.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2023, 06:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d.dll

  • Size

    908KB

  • MD5

    d663ebb9947ea39d2004a7fa6e8d79ca

  • SHA1

    1fbdbe294fdb4aaa56ec93716abb2060195723c4

  • SHA256

    b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d

  • SHA512

    4b25c84958b67e5fe235881b534f5ea6d7017d1b53572ff734f5eeac4fb09bbac77c16960165f9225d95ee64e1e222ec53d665fa7295751d75a7b8c0522b1c16

  • SSDEEP

    24576:GHcgLiNmJ7FWqxxixsJrJ5WRJlqvHbNAx:Cc0igBsIrJ5SqWx

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • cURL User-Agent 9 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7d67a09e35031ce5260b4ee614ed83c18dc57c7625178dc6e689e0aa4f65f6d.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Public\downloads\关于2023年3季度个人通信费报销工作的通知.docx"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2996
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1860 -s 532
      2⤵
      • Program crash
      PID:2392

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Public\downloads\关于2023年3季度个人通信费报销工作的通知.docx
          Filesize

          500B

          MD5

          604839b85b4f3067dd581dc8227943a6

          SHA1

          dcd9a131ed39a695742c46c3d89cd5537ea7ddf6

          SHA256

          fac4ccbd72e7121472d0a5dafdbea65d23ce8ccdb49a3c01c1fa5cf56d02fb31

          SHA512

          0935c765de15ba48c0cd7555ed3758657848ee6bc5e5011667d7854093cb91ac6ac60a8575288784998aa926bf5614fc83caeed777fb738c5a16138f996a5c7d

          Download Submit

        • memory/2996-57-0x000000002F880000-0x000000002F9DD000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2996-58-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2996-59-0x0000000070E6D000-0x0000000070E78000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2996-64-0x000000002F880000-0x000000002F9DD000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2996-65-0x0000000070E6D000-0x0000000070E78000-memory.dmp

          Filesize

          44KB

          Download