Analysis
-
max time kernel
114s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 14:19
General
-
Target
c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.dll
-
Size
912KB
-
MD5
d24b38a543bfbb715b93e9059a79ada5
-
SHA1
af4b41a4ddd99d866360160f755a5f55fc8f35f0
-
SHA256
c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888
-
SHA512
abceb1d12fc00678b63d2439341e04bdee65952230ebd6ba674d9a9b8b6fccea04fed1e4b9f1c8f2064c944b7f5b8d71749a7b2b343923d335a8bd03b5eb3830
-
SSDEEP
12288:v+YE32Q8n9FgCBT4jh0rOcazvLbzTq4TYSyPKcaTuxfa:vvEwnfg04jgaXbzG4TYS8KcR
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fc9524fec2a6e2d2954d11b67a4d86a3c4a5672f21c388b1ab555e6fd09888.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\SystemSettingsRemoveDevice.exeC:\Windows\system32\SystemSettingsRemoveDevice.exe1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\aa3Efv.cmd1⤵
-
C:\Windows\system32\sigverif.exeC:\Windows\system32\sigverif.exe1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\KTrZiN.cmd1⤵
- Drops file in System32 directory
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /F /TN "Bmonoomlgjk" /TR C:\Windows\system32\ZS5XI\sigverif.exe /SC minute /MO 60 /RL highest1⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Bmonoomlgjk"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Bmonoomlgjk"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Bmonoomlgjk"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Bmonoomlgjk"1⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Query /TN "Bmonoomlgjk"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
196B
MD5aab2049b9bf0724ad0a1ee677844ad06
SHA1e7a06b18c06ce6193b82d15f62e3a55b3b2a4b5e
SHA25614821384978f04242e3db710f8307675d5981c02332cb08c42343389d019f0b2
SHA512a8facdec6cce9f57f4411fd1e5396c597a027f23ff1379acd774400750845c3a3e89b7a32c1980aeb2a1e2719071df208b0c8bf9ba38402aeaf4863d0f990021
-
Filesize
1.2MB
MD53049d19c1306ba375bdd7bd0a5db33d8
SHA161e393c3b125da09d05fe04cbf5859bb4d074353
SHA256d233ea56c5a9c2f37f20f54200862a5b3df2840754177ee2575dbd10ad0fe533
SHA512e80c058ec7bd76619e6a57acce2e32553eeb74421ddb655e51afbeb1094f2df431e7f64e88cc7d6c83458d4fb6dc645e60bb2564da419e96c54584f3a70b6ef8
-
Filesize
253B
MD553a306f6eb19b48b058d6606a51953e6
SHA1ef7db153543669de67a80f93d3be8f55359b59f2
SHA256bf7f7d1e7fbcf695566ea5f2649ea01f300119aa149588d40d32723468da1174
SHA5127b03e75f133a1ad421b8476178dae6df134be57e687d66c92a943787d36596e68591b113ede38ca330ac488af5be5b8c16c670e317421d664c6e954d1a312cd6
-
Filesize
916KB
MD58ad2d8bdf64035d3305f30556e3576b6
SHA14302ed87aa5044259cdcefcac24e71aa8e704e9a
SHA2562bcd287506d37b1e6ea15ca352586732de92f49760c82c2b88eb461a560dd0be
SHA512a2a3c9b7e11c50302e31c479a8b3de38e662d23318e58b1c5e4b3f87e9be305fda48288084a62ca723cd242349c60bd940674cdc823a330d52c3fdd0b5d5f61e
-
Filesize
39KB
MD57853f1c933690bb7c53c67151cbddeb0
SHA1d47a1ad0ccba4c988c8ffc5cbf9636fd4f4fa6e6
SHA2569500731b2a3442f11dfd08a8adfe027e7f32ef5834c628eed4b78be74168470d
SHA512831993d610539d44422d769de6561a4622e1b9cb3d73253774b6cecabf57654a74cd88b4ebe20921585ea96d977225b9501f02a0f6a1fc7d2cad6824fd539304
-
Filesize
978B
MD5e0753ab413f9c440dd52a3c67357ec45
SHA1ddd8b38b9f4acf40f5bdbe2a4dcfef7b285627df
SHA256c95657ad3050e7a7b26d8d36e00dfdbf09c6f02eb729592ec8c8425b57bff554
SHA512256a2cfa69f26d42f0e2eaa14ced734154dd314613bc48394972a3ae818dd49e93c28b87beae1e6f99e5cb9ce37eb034351f5d7309b2c5b956dbf3e14527cf79
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
912KB
-
Filesize
4KB
-
Filesize
912KB
-
Filesize
32KB
-
Filesize
912KB