Analysis

  • max time kernel
    153s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 23:48

General

  • Target

    2b530e5b3cb6b6a4e4d9b7c8960f2a2d01fa3221197ef26bbfda4d9813c82707.dll

  • Size

    2.6MB

  • MD5

    b61949c9b0b3ecfa9d0e4376914f490c

  • SHA1

    9d74935d585588a367d4c8da5960fd3071561f0f

  • SHA256

    2b530e5b3cb6b6a4e4d9b7c8960f2a2d01fa3221197ef26bbfda4d9813c82707

  • SHA512

    afd1a8bb4ae0715f0fc33200d3bde56e5efa98c81596bfa045a15a58fe860b7dac6e319f62c2bbc4aacedcd288c17525af1888e196bc7a4c4100c6e1263bbe9f

  • SSDEEP

    49152:Am1AUh2/G7ubvX185Z4+EvVO/xMlEFEpXhEQTZ1lsc07PFz8jvOARXUNqMrFJ0y8:1ulG74vlyZ4PvwAEw2B8jvVRCqEGwl6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 53 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b530e5b3cb6b6a4e4d9b7c8960f2a2d01fa3221197ef26bbfda4d9813c82707.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b530e5b3cb6b6a4e4d9b7c8960f2a2d01fa3221197ef26bbfda4d9813c82707.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4448
      • C:\Users\Admin\AppData\Local\Temp\F4B0.tmp
        C:\Users\Admin\AppData\Local\Temp\F4B0.tmp
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        PID:4812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Google\CrashReports\279755c7-3c25-4c3d-894a-7e6063982b0d.dmp

    Filesize

    34KB

    MD5

    c01e64d77b49ece61d6f6f0cad57367c

    SHA1

    8721c167184b5eebe54712347c6751807c0f8510

    SHA256

    6c872a6e325ccd878e5639dd534fa1d41c9114ed48d0f7bdb34a2363c09d0b7d

    SHA512

    f9075db52a43c66c8bbb439958b2c8c40ca22c0f3bf9445f5a8a136dba9d3b6fc14816c72f946b6a6e2a2a1207d5846c2be05089921bac465aec3bc45464da1b

  • C:\Users\Admin\AppData\Local\Temp\F4B0.tmp

    Filesize

    145KB

    MD5

    c610e7ccd6859872c585b2a85d7dc992

    SHA1

    362b3d4b72e3add687c209c79b500b7c6a246d46

    SHA256

    14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

    SHA512

    8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

  • C:\Users\Admin\AppData\Local\Temp\F4B0.tmp

    Filesize

    145KB

    MD5

    c610e7ccd6859872c585b2a85d7dc992

    SHA1

    362b3d4b72e3add687c209c79b500b7c6a246d46

    SHA256

    14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

    SHA512

    8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

  • memory/4448-0-0x0000000002A90000-0x0000000002B5A000-memory.dmp

    Filesize

    808KB

  • memory/4448-1-0x0000000002A90000-0x0000000002B5A000-memory.dmp

    Filesize

    808KB