Analysis
-
max time kernel
151s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
13-10-2023 14:19
General
-
Target
c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.dll
-
Size
912KB
-
MD5
d24b38a543bfbb715b93e9059a79ada5
-
SHA1
af4b41a4ddd99d866360160f755a5f55fc8f35f0
-
SHA256
c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888
-
SHA512
abceb1d12fc00678b63d2439341e04bdee65952230ebd6ba674d9a9b8b6fccea04fed1e4b9f1c8f2064c944b7f5b8d71749a7b2b343923d335a8bd03b5eb3830
-
SSDEEP
12288:v+YE32Q8n9FgCBT4jh0rOcazvLbzTq4TYSyPKcaTuxfa:vvEwnfg04jgaXbzG4TYS8KcR
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\BitLockerWizardElev.exeC:\Windows\system32\BitLockerWizardElev.exe1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\V3Q.cmd1⤵
-
C:\Windows\system32\sigverif.exeC:\Windows\system32\sigverif.exe1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\jj4kz.cmd1⤵
- Drops file in System32 directory
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /F /TN "Mfkxodvgd" /TR C:\Windows\system32\mcLQpI\sigverif.exe /SC minute /MO 60 /RL highest1⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Mfkxodvgd"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Mfkxodvgd"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Mfkxodvgd"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Mfkxodvgd"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Mfkxodvgd"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
916KB
MD51c0d48b8d4b34d2adc4746d7283a0573
SHA18889af88acfb36c44b9b9a5cbac102bdfa8abc28
SHA2569a90a6f9577ee2deafced6a69a6be68b410346f4f96eb9cc5d39b743c4e4d4a2
SHA5128dab10d22ca5252e5069dba9f9877854fe801e925ed8d035e8d5579dbe5e8845041f718abb54110df60a9f2c4854fb6ac3635d8e767314013477ff192b1fa147
-
Filesize
244B
MD58aa72044ee680d60847ccd3b70c70ead
SHA1e46b97747a4222d4ac57eebeaf82e28f4a487f51
SHA256ae97a0ed517bde6db35c0c75ccd487e5241144237da5097c3ec15488757793ac
SHA5122e58120b4e83329914e8b65d5284706224817e9569143a0d862ddc11f8a1fef81f2177d50b2638200735853550c1d9ff47fd6fe2eaf4bb0a4f9d4b09f2a9d1a1
-
Filesize
200B
MD50ab62000878ff6057b7fce108bcc17c7
SHA1c71cc30ba80b2e098f63c13f8f5e22d75954b72a
SHA25636ae51c9232e675f1f8f140ecd9afc14731e791f34018f4130236637392b3585
SHA51243c7fa318fc9d40ae161a40bc31dbe356d402f6a053499f7dbf6427e5c4ec1515ed67f1b87737151c9827d9bedc81c9b7e0cc18aec6e27f8f3e6ea168a9f1e71
-
Filesize
916KB
MD5c9d0eff44a995485e93803bbf736fdeb
SHA1db9b418a63c77bc701244dfd27b02eedd3505fed
SHA256600be58ee6b2878074a26721c29a4d072486e99e55d8e6b832b5c9cb3373b02f
SHA5127bcaa9a2fda28c6b0e4592935b32ba117d2b2d5de77e3d5dcaf89615706da4508e837eb69740b0b4e17b325e9f2b9b886a4df597a68811ff7a1b63796feab560
-
Filesize
855B
MD592eaa9e28568c5a8e241f3e09fdf43e3
SHA1b30dbdc4f75c838dd292127275a4c3ee4239c966
SHA256d4580fe0fd40ec2b643cb2369e198cb05712090f19fa234a8593e79a14653a78
SHA51295c1733b3d8dcd50ca549b753c179e0eaa89de3a8d3e103495026377a40778ea930173e2015b92716ed267185d7ab1fcef074bba5088b80c45f6961fb185f41f
-
Filesize
98KB
MD573f13d791e36d3486743244f16875239
SHA1ed5ec55dbc6b3bda505f0a4c699c257c90c02020
SHA2562483d2f0ad481005cca081a86a07be9060bc6d4769c4570f92ad96fa325be9b8
SHA512911a7b532312d50cc5e7f6a046d46ab5b322aa17ce59a40477173ea50f000a95db45f169f4ea3574e3e00ae4234b9f8363ac79329d683c14ebee1d423e6e43af
-
Filesize
98KB
MD573f13d791e36d3486743244f16875239
SHA1ed5ec55dbc6b3bda505f0a4c699c257c90c02020
SHA2562483d2f0ad481005cca081a86a07be9060bc6d4769c4570f92ad96fa325be9b8
SHA512911a7b532312d50cc5e7f6a046d46ab5b322aa17ce59a40477173ea50f000a95db45f169f4ea3574e3e00ae4234b9f8363ac79329d683c14ebee1d423e6e43af
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
912KB
-
Filesize
912KB