edff9e20955abd14cb865c7746e4b04a71bc215cf220e10a894294b8b03d8d09

Analysis

max time kernel
118s
max time network
137s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
13/10/2023, 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mode/TapInstaller.CA.dll
Size

258KB
MD5

9e524b6facc67ea78a34524d08a7c621
SHA1

9d898e1d219c91d0afb35d5435965d12a82106b2
SHA256

0988fe4c642bf1aa8cdbc7e10be118224cd3b17e028dacb9c85ead40ff22725b
SHA512

4ed2375675af51ed231efc2331a534fe69bf867421b4cac3df521807e06266e3e6bec29ad3f78330bee0c80d08835c65302839366d908e59b89df8857829a80e
SSDEEP

3072:8Arbg5BxgracGnEnRQOl9WGPot0x9uYMiL8C7n5Byws1t5P9ZGtg32NKZI:8ArbtraBqLlAG3R57a5NGta

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2612	rundll32.exe
2612	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 4000	696	rundll32.exe	70
PID 696 wrote to memory of 4000	696	rundll32.exe	70
PID 696 wrote to memory of 4000	696	rundll32.exe	70
PID 4000 wrote to memory of 2612	4000	rundll32.exe	71
PID 4000 wrote to memory of 2612	4000	rundll32.exe	71
PID 4000 wrote to memory of 2612	4000	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mode\TapInstaller.CA.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mode\TapInstaller.CA.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\mode\TapInstaller.CA.dll",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240638562 262706
    3⤵
    - Loads dropped DLL
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mode\TapInstaller.CA.dll-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
\Users\Admin\AppData\Local\Temp\mode\TapInstaller.CA.dll-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
memory/2612-6-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download
memory/2612-7-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2612-8-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2612-13-0x0000000004ED0000-0x0000000004EFE000-memory.dmp

Filesize
184KB

Download
memory/2612-15-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2612-14-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2612-16-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2612-28-0x00000000735E0000-0x0000000073CCE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads