9ebeef8be72c8139ac8483c5af83f898bdc19584c6225dd78b607c9fea214927

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

175f51a9573591fcef1cfe86c8c56e9a.dll
Size

23KB
MD5

175f51a9573591fcef1cfe86c8c56e9a
SHA1

a82e7fccd674e8892eaf91438de901b6eadbee09
SHA256

9ebeef8be72c8139ac8483c5af83f898bdc19584c6225dd78b607c9fea214927
SHA512

43c69f29c6f3fba9c650b9f04f9997cd528ef24901961d7a9e392b8a3e0f93afe7017da5165521b61c0d6e27c4734f2af6125366c27bb51c2b5a2befab04ef98
SSDEEP

384:WQntQXrGSn3ksp+GFHRKTsWkPBB9IFVTHqxkHe69RN3lJubQB36gsIoic2c:FM7n3ksphbNBeFVTHEyRvJubiqg/p

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2168	rundll32.exe
2168	rundll32.exe
2168	rundll32.exe
2168	rundll32.exe
2168	rundll32.exe
2168	rundll32.exe
2168	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14
PID 1680 wrote to memory of 2168	1680	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\175f51a9573591fcef1cfe86c8c56e9a.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\175f51a9573591fcef1cfe86c8c56e9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lac_log.txt

Filesize
895B

MD5
8d8683ef11113032662e8cd38464e23c

SHA1
b6fcf840e849b986a51e2e16dc033db02ce83a49

SHA256
470030bf165e42d3c1f787196f8614c2485294ed841bc35641d01320898ad66d

SHA512
f2ff1e5e211a333861d0eb50b4d113e9f79715652704be5e5075b21d43d3ccab6c15db04ef428312c722da0766a88b27b35fa73bef90ef60e250e4f3ccedb440

Download Submit
C:\Users\Admin\AppData\Local\Temp\lac_log.txt

Filesize
1KB

MD5
a485c5d42e9929fc0dc975d3b65ad93f

SHA1
fa24e83a5c598f0f52ed95aeb49845877219f567

SHA256
f3a104fe29cce645a22c9eb0e4da96a061341de98b6e94082c263c305dcb6118

SHA512
0cd1003202702caeee4deb7c3e1dc6854a294975f44f62e3a0239091afcec120376317651bda8f0d91453912c6159da354d11d6febb8e7f87556f166db185c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lac_log.txt

Filesize
2KB

MD5
e2dc9a24752ecb83333c23c840e2e389

SHA1
67710bd1b0f114b0b24651befb4445a02299e947

SHA256
cd2ee5697f59052aeacf636eb21e5bd6246d2e41aaab5d7081d08cc66cb5fedd

SHA512
7772d0bd4ed8f9359a27abbce62bb7f68c4feed83171b0942ac0250b29740e00123fd175ec90ca411812e377d7d479ecb35e59c34a78035e6772240034062836

Download Submit
C:\Users\Admin\AppData\Local\Temp\lac_log.txt

Filesize
2KB

MD5
467d6aad741de0067b1b922fa3c1b349

SHA1
4943a4b890b91220ba5bae2ff7cd9c0aaf5c7c00

SHA256
fb572b3d751c411703cc4a73c29145f8b01e9f4316f55889ced3365fae734e1f

SHA512
9d3c849dfc0672f353c9b5f55d8654deb2b4ad06afb6b8c4a9d1220f0e5c7be58d98489b93e34410462f459261e3007f981389e2f3e504de7b28cee0c42ee596

Download Submit
C:\Users\Admin\AppData\Local\Temp\lac_log.txt

Filesize
284B

MD5
7d934e4a7f80679372a9d7624bf949e5

SHA1
e24243238dc4ef91bd0aef20842a75d3999cb3b1

SHA256
a608e76097bf4ead20f260ff71c54a58dec446dd9930c933bfa15da149ded977

SHA512
e24a8e2020902f308db1af529d1b28a06e594c69f724c94e3766f939f087d9e6dd0db8d41591dabc1bd1721e1d0280e5ffa0e4e38c7f820bb3af59dec0878ef4

Download Submit
memory/2168-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2168-55-0x0000000076F30000-0x0000000076F31000-memory.dmp

Filesize
4KB

Download
memory/2168-2-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2168-1-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2168-72-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download