Overview

overview

8

Static

static

7

002325c6d5...3a.dll

windows7-x64

8

002325c6d5...3a.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    002325c6d5ff1184320cb9d86750b53a.dll

  • Size

    201KB

  • MD5

    002325c6d5ff1184320cb9d86750b53a

  • SHA1

    27b40c67cc44675169603ef175f04af1d118b090

  • SHA256

    4c736c3660695d303248d0b9edd1b2fd48822cb27b066c58908ba5a22e0aa65f

  • SHA512

    95e50cc5cd7c9b5f725811a42c1b9429b2dbf10f5208cfbb69364b356c252109d04d4611a998dcb6a6329171592c5256db675432d5e3f9af51ce768a9d51baf7

  • SSDEEP

    3072:wKR2KgWgZBNdePSY6b8ByUP5XEbZOjL10Wv9W/KyEW80VQcKd:jR/m3du6b8ByWXIu1XVq80V

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\002325c6d5ff1184320cb9d86750b53a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\002325c6d5ff1184320cb9d86750b53a.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2288
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2264
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2696
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2268
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      24d9cc5df8559ff2dbb8a15e3b765836

      SHA1

      7a65d17d95aa3b30b2ba4f70ebb7f62d12175289

      SHA256

      b7819876cb0e11a684ae00046fec77ce57df43dd35aeba365c00f05923db4091

      SHA512

      10e23e06f67747fa6e02bfa0a4c829bbf3bf6a9988cd42616dacb186151adc36b2ac3622d83ab0b25348fc4abc0151a76540bae7e7b370be96b9c275b3a2f979

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a7035be2628da638cb43b907d88852e9

      SHA1

      bc67743d45dd3d33a45b1d5ff57512cbac3f6770

      SHA256

      90d2b141d7fcc4706c4bc43b55dbe32f88843f05ba0b610a0ba1525c628f91ba

      SHA512

      8a3f5e72c5359e10b480825c48c0aa9403f73f24c5dd6756c1cf6f52db7111c1dbaf9e0cdd6d524f75fe671cb6b0bf08da5210c211c6e1c7b329b28b83863f80

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      995b402414a88e080df531c50aaf522f

      SHA1

      c04a9b03599df9a5e557ea08a6ca5591012f4a63

      SHA256

      340dfb23ed8083621243d47d90c1491db805aff8c806ffc3a37b8e53986fc85f

      SHA512

      0d96fb874b62382a3124d10ac19c05cd9f362d43f9772ac70592748cd7168f14db84b961101b6a51b207b7af9a844a5a26804bd13e0b6ebeff2205cdbdba3f16

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      98180bba21b8f17712704b9b68391b6f

      SHA1

      6847487dd8df08211e8f877d8980c1db00a4ab78

      SHA256

      ff92eae4ead9576cafafc4d861f805ee3584d76710c4837465c6480a85cf356d

      SHA512

      51436530a03734dd59f30fb486e4ec38ea4499ed9534f4d7ec01ffff72b3b7e4fdd0412c98687491306a6e74dc02a6fdf62db780138c5b550bf0ed9a9e25aca2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b660319d2c335f257143be051f1b2800

      SHA1

      f6287cc7a1607dbdae7b2efc268e67883309662c

      SHA256

      7447dcceb8654f34af84df5df4ef580fff31ca2388f3e4e1f9f757394724f07d

      SHA512

      5278a431b666c1af0f3fad8081d491916812f6771ebc969e68e90ebe544aa4f9f8620d6980788d360717f9dc4a7773b3cf1cde27d4b694fb6f229a715263ebd5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9f045c03e12cf38ae98475442ad948c8

      SHA1

      e55f96c74dd0abd41837f1443ba2811f8ed0071d

      SHA256

      0852df2a1e11b72360d875858648e3ab7481190ed9abed8030e560b263044427

      SHA512

      aa3cb1bb79cf3e5d20861c386c294f842ba2a1f5c692fa12c458cda81486f99d0b9c0bd9b41c34aecd88cbfe958cdbe1290ea4c9a2925975b0e0efcefe1e1199

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c02403dfcaaae8c94a6b2f87fe41c7b

      SHA1

      b5a94a1e348611215cef52dce59ae0ddd18b7ef0

      SHA256

      8ae5b0feecf70d120ee1c2bb350f2d497ec6a5e12a5a540df8e8a1a8c66296c8

      SHA512

      8722ebe8519514cefe514851f6ba2accb13f9844e8e68ac7afb1b443b3ecb44521b4bd6a6b02629e9ce6be88ef563ba20b0f6d93954df641a97489b56e4d2e8c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      98a5eebb67268b89fec1d0b8fd0d0785

      SHA1

      029b5d469d750d1fa4ef00862b6ee901cdcb8236

      SHA256

      39503c4f1378da960a9b7e8be38f5c82c6b0d6c59936664d7a27ed08916c5592

      SHA512

      096bc0d1042786aad64e792497190dcc96a88db44f0e1631346b38de8927a1c4c5d2f4dfc1025a9daf171e0a595a439c1bbeb0dfdf00427d1da306f94adf4cdc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA8DF.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA93F.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/2264-6-0x0000000000170000-0x0000000000171000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2264-8-0x0000000000180000-0x00000000001CD000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2264-77-0x0000000000180000-0x00000000001CD000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2264-9-0x0000000000180000-0x00000000001CD000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2264-12-0x0000000000940000-0x0000000000942000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2640-0-0x0000000000160000-0x00000000001AD000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2640-1-0x00000000001B0000-0x00000000001C5000-memory.dmp
      Filesize

      84KB

      Download
    • memory/2640-2-0x0000000000160000-0x00000000001AD000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2696-11-0x00000000005E0000-0x000000000062D000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2696-14-0x00000000005E0000-0x000000000062D000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2696-93-0x00000000005E0000-0x000000000062D000-memory.dmp
      Filesize

      308KB

      Download
    • memory/2932-5-0x00000000037C0000-0x00000000037D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2932-4-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-256-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download