Overview

overview

8

Static

static

3

18b30f3bce...6e.dll

windows7-x64

8

18b30f3bce...6e.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    129s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e.dll

  • Size

    968KB

  • MD5

    d8d5a23fea07be98e316d53c906fd68c

  • SHA1

    cc1b849d69a6b37e50d247a63fdfd9e31dff4b07

  • SHA256

    18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e

  • SHA512

    6b2c65ed2515a32ac71d5b2992d691790f692d11216c1fa639d1d1467d9c82f6aa53b31163a4e86d79751bda7f449d99f6315d3db221f79b64e7f5a8ccd0270e

  • SSDEEP

    24576:YOQgOF2ikXc6bHpa7QhKspQ59VQFwqlSHCTchvCmUI04ylyPMvJQWZ1Wzx:rg6Fa7QhKspy

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of SetWindowsHookEx
    PID:2840
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\18b30f3bceb281ea073ffa668a56ca8bc328b7ab01e4cedece3e3eb66214136e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2840-0-0x0000000010000000-0x0000000010118000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2840-1-0x0000000010000000-0x0000000010118000-memory.dmp

    Filesize

    1.1MB

    Download