Overview

overview

10

Static

static

3

0598ad17b8...51.dll

windows7-x64

10

0598ad17b8...51.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 16:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0598ad17b8be2fa8afd0ff8789c45f51.dll

  • Size

    236KB

  • MD5

    0598ad17b8be2fa8afd0ff8789c45f51

  • SHA1

    c5c1ea8f70b7c3e20cb7d03fff312b23b58dcc57

  • SHA256

    e13289ab40e0f04991f9381da9540ef870d00891cc0b4fc71bd77a8673119d5d

  • SHA512

    83de74939a98ad8b1cb48599748132f8b26f9916291b0bd30cfe62dea72b6d62beae562b0570719855952af6a5f54a4ff4da4c8704e8bef2c8d9fffd7330f456

  • SSDEEP

    3072:SeqmgHwlaazN9U3J+P0wFp+bLrt2wkkIf:+Qj9U3jwO3rt5w

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0598ad17b8be2fa8afd0ff8789c45f51.dll,#1
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3552
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0598ad17b8be2fa8afd0ff8789c45f51.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\dubjhnumk.dll
          Filesize

          83KB

          MD5

          05afb066565e1d9fee25704136fe6011

          SHA1

          17e8a72dc48acf49984f0d386f2eafc57e564292

          SHA256

          932282c35f93d09134987b94ffe63abb9c7b5fdf78415162f8f95e43e836dcd7

          SHA512

          168340db8fc343af619801d14027d85a4aba271289d4c0f4b1d048f98c1610be0e03cb3d85769158485bb831b06d9455b659cab8234000620a3b28b210b597a9

          Download Submit

        • C:\Windows\SysWOW64\dubjhnumk.dll
          Filesize

          126KB

          MD5

          b5fdbc7c64a8aff80c81501e1809876b

          SHA1

          259fc7d72123f652c86cd3872f50c38eb57bade5

          SHA256

          72cd54113ae6fde4558fe75c91ed0aa48442e30fbfa98ef0ae7e2b5d84d63530

          SHA512

          31c8bd7ffc7367530f8a179d78aaa957e28d3f526884673ffe82131ff872e6bc0e482998e7e635cba36b531e23576629bc6cff839dd9fd891d65af4f37f8e9fc

          Download Submit

        • memory/3552-7-0x0000000076830000-0x00000000768AA000-memory.dmp

          Filesize

          488KB

          Download

        • memory/3552-1-0x0000000000400000-0x0000000000444000-memory.dmp

          Filesize

          272KB

          Download

        • memory/3552-11-0x0000000076830000-0x00000000768AA000-memory.dmp

          Filesize

          488KB

          Download

        • memory/3552-10-0x0000000000400000-0x0000000000444000-memory.dmp

          Filesize

          272KB

          Download