Overview

overview

8

Static

static

1

373d0d4496...47.dll

windows7-x64

8

373d0d4496...47.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    373d0d4496a03f38fe1b84fd1ad97f47.dll

  • Size

    77KB

  • MD5

    373d0d4496a03f38fe1b84fd1ad97f47

  • SHA1

    63bdd269ae0fac3579d39bfe1fba8ecf1c1663d0

  • SHA256

    db8699f47b073f1b209c43121de172dad782b2a80026824e433e8521d67e22ed

  • SHA512

    913b3d1abc36b83d69cd7a15fab18a595afedb3cd390e8d7c8b2f8ee337848ff25ff0f6cdb1e6164fdc12ece651ac53bc293a8c0d399a7e72cc1b28306c24747

  • SSDEEP

    1536:WYZ/TmPKISNBMy4NeJILNlaUZyvzLqQn40:WqWu9RJILNlZYvzLqQn5

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 6 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\373d0d4496a03f38fe1b84fd1ad97f47.dll,#1
    1⤵
    • Drops file in Drivers directory
    PID:2888
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\373d0d4496a03f38fe1b84fd1ad97f47.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\drivers\0f760a9b.sys
    Filesize

    12KB

    MD5

    21edc1472e3a426a3bc5d9ba1a59f54f

    SHA1

    3b1ee4f21d2b49c0d28a661696c1267896be0d8d

    SHA256

    01bef2212fa01b5dc030723560b8c77b114b8982767a961674730635f5aa9b84

    SHA512

    323a48a3a5dcc9c775e19c8dce6c3550ace77ae388af1e2f1072ad3dfecb2aa34c87ad2418720b903a70b6bf9ee220452a3ae3ac2aad3c4913c00122f10f109e

    Download Submit