Overview

overview

10

Static

static

3

0324787dd4...41.dll

windows7-x64

10

0324787dd4...41.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0324787dd433998606be301fff016041.dll

  • Size

    230KB

  • MD5

    0324787dd433998606be301fff016041

  • SHA1

    1c9a7bf60307ffd4192159da77be266684f9f927

  • SHA256

    e27b9b450ac29718cd77475d1e2486ed458c9bcc4ff645daed0517575b446f46

  • SHA512

    b3341f8b452de87085a58a70f1dbfc6cde385a315982198346c2cb489f510c8d32010282ba99cb21c3c8bf9cf1d1059bdb9b67257eed7ea04a70c76771974db4

  • SSDEEP

    1536:mdEvyJnUuBWGc/GnYAN6DfD7m+xSchBSQ2Ks9mfWlivU258lwg/VGkGOwikleijy:iQyPWGcuYD7pFDkmvUEH8bwikwZ

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0324787dd433998606be301fff016041.dll,#1
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    PID:2064
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0324787dd433998606be301fff016041.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\iku.dll
    Filesize

    318KB

    MD5

    9fcd6a1744c4f217a9480315a461e5ea

    SHA1

    e08bf3962c06a8e35550de086a1cd1da99449e1b

    SHA256

    c2a90455993570d24504f48790f4009ac69c37395ae338130b96ff3a07e7b818

    SHA512

    caed893c697064e688ad3eb1725667f62179f7fc5f439ea8779d311c24d8ae721dfce8458e3a54baecd90dd103a7d93c97db7d498572b4745dfbb599317ffd2a

    Download Submit

  • \Windows\SysWOW64\uwg.dll
    Filesize

    289KB

    MD5

    1c162682731a84ef4d3db32544da20c3

    SHA1

    6893bb119e8c70ee76ccbd3457d1391d1d0bc344

    SHA256

    4ac82da7d0c70003e246ceec802765e0053c8c1a0e26ebb48da4818d4b8fe3bb

    SHA512

    25114aa9f7e2d76e1fd96ef1e20cc341066b83653b55ca1e87ff0804da0599697db0e0026373bbf55cb6396b1512f4cef2791c68c6c18e845b4162ea31a555a0

    Download Submit

  • memory/2064-0-0x0000000000150000-0x0000000000192000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2064-13-0x0000000076D70000-0x0000000076E10000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2064-12-0x0000000077630000-0x0000000077740000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2064-11-0x0000000077630000-0x0000000077740000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2064-10-0x0000000000150000-0x0000000000192000-memory.dmp

    Filesize

    264KB

    Download