Overview

overview

8

Static

static

7

001bb4eb45...75.dll

windows7-x64

8

001bb4eb45...75.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    001bb4eb45b8ca991623bd1591eaf975.dll

  • Size

    205KB

  • MD5

    001bb4eb45b8ca991623bd1591eaf975

  • SHA1

    2e8885971ff2b0557fd77af4feb0d43cadc66936

  • SHA256

    e85ee4cf3127c06aadafd5ebe8b9e201fba8cf631b6fcbcceee34b9f3c1ac0b8

  • SHA512

    7b47e15dbc13a486be3eb25f3379fcb6bc810a1c7d45cbd3982f8ec9c2db523cec7a6e5855b0d880c6b7176cf88472dfcd14cc51bd6479fcc4824393f6886892

  • SSDEEP

    6144:i8D0fLejhyfFheiMP4jmLMO4pqEOc9YsbIoS:N0fIyfXe7PwRymRIoS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\001bb4eb45b8ca991623bd1591eaf975.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:3032
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2692
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:568
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      60a059194f636b1ef5c73dd095f9e227

      SHA1

      61dec1963deb0c16dc350764f9ba0cb732f19353

      SHA256

      2f3df17f33213d5b653e0a0f26b00f8bb6c79cc359255ac2fdfa4986911f5007

      SHA512

      a27eba0b1669d44aedf245137d57b38cd55bf007d476fdac6919894edcd1f72cb54a5a0b776a91cd44950dcb7394895a42471db8ed29c1e0866991b022e7af5a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      961c7911545c06235e22141b59da82e6

      SHA1

      5690c53b84d4e110df932bd171d2c114a7134562

      SHA256

      58eea1fe55f2f3f1992903affe1e5e56adef04560f63f3d4123a548f43d61706

      SHA512

      3e6ada9ddd7a4c3c598d0827a511d10fe996d1c442c10c304f388569d38ae9f2b66184541bf136d484ffc101f0aad9106ad39e51815d63739669b8796df24e88

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4a2ccda78b62a9ff6677cb4467e9ecf8

      SHA1

      ea56d1eec9ac40e79bc0428cdc99ed719b7e8dab

      SHA256

      17062ea8e3a1c7c2a7637fbfb8bebba3bac6837253e8dc9bf3f3133311d3e8ea

      SHA512

      b1016f892532ffb199ac60166f2758182de3593e9d5c644ce55140fa7ae74f5d6382faed64d35ebfdc105252668fb9f5e41d1363bbae64d6b668e5e7d6f05f0a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9a412e3cd71700cd2dc717646ea4ebe

      SHA1

      d959fd163f243fe22a4e7b2f98a8cd798bd3551a

      SHA256

      b3bbfc4b13ceeda07b25e30024e029474565f24df36b05c2bb5f6c1027f454da

      SHA512

      4057446cc66ecd5e16c389e5598424150782ff9908dec12ad676763541f096fd5bfa96fee4d54f6ce2de4d80162de9e8f4635f46f15f04f6a27b107a5d26831d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      74d8a1c84903fc003a5c2d25119fefe9

      SHA1

      a229a1a5363d48754768656140439e92131d6010

      SHA256

      5ad0f3d85195a728e771dbc78c0e2e7f6cfaa8a204c0c253cb43e44e07680ab2

      SHA512

      d8def9d2eb19186ecdb48823608f7e35dab29667dc1bf4792bdf5bc93002abb3e3ee5eab1f46ce9c54d5f84a337a92860d00d24e19acfbb9afeb315a3afe7b6d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0b691541ddc2b8e7625e8da51509327

      SHA1

      4986cbf38604603d383c70856447c059a8c76d11

      SHA256

      a4871ab74c6878af3ee3c0f2634a75d87edd6063d1b916a03c6c93ce319c2a7a

      SHA512

      cce6c5cbd580b0d69ebf754dc57f04886cb4e5da662c4e384c14f2498b05f3c05143635afb96334ad0c2465f2cd31254922d2b0e04d39b7ea90a14326ee00ae4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      957cdd9e453a4d57e81e67f47bad0102

      SHA1

      53bf3cfff9b1c49a7e09533bd2f4d90e9cb97298

      SHA256

      b018b759c438a27705ced4db1f890dd88fc40c929dde2ab017b2d7074acbd854

      SHA512

      843b9753f57aae38575fbb58a44e741b37c401dfc3980c76a8df387fcb578849149ac9e1edc25185128e804914ff4bfe3a0e5a5fe1f691e9dd9148e0743c71d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41e612909510e30c813f2264c21d80f3

      SHA1

      e746dcbea1011fd7944b1b870275cd57e32f4ef6

      SHA256

      4449e9418ceaf5739622bca5e05f3f3a9a48239fe5b2ff06dd94c1abd9ddd063

      SHA512

      d88d19f93a31bcece3320804acc8a3660a9c9c39348c77216f942fbc43a7eaca7f512b95cad0d777f7577be52b97b5921dc7f4249445549e5791805d6089ba36

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a45343bff13fe0b7e7639227b963687

      SHA1

      7b439dd753bb3ab8a1299dbb549bef6483b8cd52

      SHA256

      7d332eabd07e5d44879083d46c5dec4f3c20cfcfe526d78af145aa54a3c8d441

      SHA512

      ffd4cebd1ca104832b3b6dbf2fb279353f8f3ddcd412845d1255d2aece7588306cbad04755758624fa60cc60d174a265c5005e603cf0b487cf9ebe4ed0f152b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      86c028e6338eb6cd56230c0cf4164961

      SHA1

      9497d848e597bbf4e7d1cb7e0af19eef873aa83d

      SHA256

      4a6cd6bc1c288277ab0f9940a48ac526e4cb08ba29efcc6d3e55f0563bf22ee1

      SHA512

      b3631e5c99da4754e03ce9c195ed9455f2e60f78c42176ca86ba6cfb1ff4b6177c051ed32607767efcb7861d198b24084a415dc83d540902e631e2d107bc93aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5295.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5364.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/568-19-0x0000000002A70000-0x0000000002AD8000-memory.dmp

      Filesize

      416KB

      Download

    • memory/568-16-0x0000000002A70000-0x0000000002AD8000-memory.dmp

      Filesize

      416KB

      Download

    • memory/568-17-0x0000000002A70000-0x0000000002AD8000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2692-18-0x00000000002D0000-0x0000000000338000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2692-11-0x00000000002D0000-0x0000000000338000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2692-9-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2692-13-0x0000000000240000-0x0000000000242000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2692-12-0x00000000002D0000-0x0000000000338000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2704-8-0x0000000003A30000-0x0000000003A40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2704-20-0x0000000003A20000-0x0000000003A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2704-7-0x0000000003A20000-0x0000000003A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2836-0-0x0000000000400000-0x0000000000468000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2836-5-0x0000000000170000-0x0000000000184000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2836-4-0x0000000000400000-0x0000000000468000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2836-3-0x0000000000400000-0x0000000000468000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2836-1-0x0000000000400000-0x0000000000468000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2836-2-0x0000000000400000-0x0000000000468000-memory.dmp

      Filesize

      416KB

      Download