Overview

overview

8

Static

static

3

48bc0e0ee6...c3.dll

windows7-x64

8

48bc0e0ee6...c3.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48bc0e0ee693885f65455e2d207eb6c3.dll

  • Size

    1.6MB

  • MD5

    48bc0e0ee693885f65455e2d207eb6c3

  • SHA1

    e2375d05f0d46598015f55b006b3ad62724b1cff

  • SHA256

    86e0f4ab422632d059185f4612c346fdd20c9ad32d715a8eb3d9865651ff9be0

  • SHA512

    037ee3e4fa759dba68545922e39898dfeacd32376121af972cf760d2c281aee2dc4771733be00f558e6f5853a20bb9b662d554732d28b5ca42923926516603e1

  • SSDEEP

    49152:b/vl0jY5EdcSucc5aEvEljtPrtsjfenhhs7hY5O/QTGoy:b10IEdpucc5aEvElZDtsjfis1Y5O/QTy

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48bc0e0ee693885f65455e2d207eb6c3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48bc0e0ee693885f65455e2d207eb6c3.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Adds Run key to start application
      • Drops file in Program Files directory
      PID:60

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\outlook.doc
    Filesize

    58B

    MD5

    19b790b75346267df7ae9f34a07c173c

    SHA1

    045d7bbec7a8acdd6640eaf0e646b03ccdc15591

    SHA256

    7fd4ec0628a2f3a5eba923dabea236142ef6fcb00f562f81a7059e3fc740a3e0

    SHA512

    cc8182dbcd06756b152444fe396c546fb11c4cc2504227db2df9aac30c194bbcafbfcb368ceb07f7c0ae49c591cb95c1daac457cf9a30e4a6e7938f750dacf9f

    Download Submit