Overview

overview

8

Static

static

7

180e5fd478...ee.dll

windows7-x64

8

180e5fd478...ee.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    180e5fd478c61b02020500577d3285ee.dll

  • Size

    215KB

  • MD5

    180e5fd478c61b02020500577d3285ee

  • SHA1

    7418fc8a26c44718c25f7a60ffb7d5eb4d7cd705

  • SHA256

    e5dc9cacee44fc125ada6c16b69f037f5a950f03bcdc4857298e598d17099b0e

  • SHA512

    8e2bb3ea8a47e901b9f9cdcfc645abf0c11643d3c2492fd8e3ab69c9c83a39b6ce59ae738bccfcbe075bc4707aaf32e51aba04446ac1ca89ff4068b2d29f61f7

  • SSDEEP

    3072:oPz8LDdv02rPUe7ZIf3aJzZc1lS8gV775CNXlALW657+tBO12B4daq/fiQVt:oyDdM2oe+a41lc97E7s7Haq/fL

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\180e5fd478c61b02020500577d3285ee.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\180e5fd478c61b02020500577d3285ee.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2128
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1388
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1648
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:736

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      654cdb6d932445fcbc98fe9325fbb849

      SHA1

      8f2aba7119a4ff007b9e153a8d9f33ee8acdeb9b

      SHA256

      d55b51d7eea01826a96aaab816078546ae2dcee09fed044f30c580d680335adf

      SHA512

      1ece9815e2a584bb91f234118c01dc277a04ffccbeed83e040f3fc37b83eb60a02c54ceef41b033d99e7d57ce38cbfe98315363ca1aeef39f591a1351595ddb5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e8c24db8b9f7b90c82863efb16387217

      SHA1

      67511923a6400169273286815c9963120ec2b895

      SHA256

      f28624293a6c8e0ca8e92915015fd632d6c09dbd18120840850c589d66a0e51a

      SHA512

      a66635b49f7939b62d11cf9d822228e6070fc16c3ede0cbffc9f828e4b1cad8007d84c070d9b218ce7fd602fc497e2a5e263edf730e90c408d3a3ba3c7ad7d2c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b0f0786c7b4bb7311184c84991eb16d6

      SHA1

      eb0f016ce3af9fcbbfccb8052c0fa51d67e800b9

      SHA256

      427d7a00d0f8eb4a24237266c5628da8d480468e1dfb1f039eafa14826cf38b7

      SHA512

      63f3a3869ac8e6896b1e04062203b0b49cb4dd556191f18629c86b0ba489f61021db90f82a4fd21eb4c9a02229fdef106c773f0a97ce575dba718cd49cadc564

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ca70964dee8df10fb34aeea21349af2

      SHA1

      943111fe8c8842cd395db6cbf678c2d5c12036ae

      SHA256

      4d6c87f9ced0669f58caeb7be53206f069d92e0ccb4ac62875f4db60158a17cb

      SHA512

      bd251daf84b2b43226b0cb3e4326fe8231b1d66322fe753f061c82ddc3ece803abd55cc95b4ee01aee268f0e4ba4e08cca37517b003a9202b7d5bdc632cb0ad5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9cf6d84e6429e7b8948c28dd465f5db4

      SHA1

      7e796f8372cd9aba8b3a7a323ea9c8cff7264289

      SHA256

      8709f0541251adae26756beb4dec491b5ccb9f65d3a8e010be089650ab534a68

      SHA512

      b9b40103152879284a3b693ee8e97d3c7a538005459f8b0438cfe962146dbb7ee126bfd2552ea6c788c6a1ccf5fa12bc94744593eb60324f1e08d1b45f71d837

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c156787ac400c0ce2c4bafb4d0e70259

      SHA1

      c05f46bdd3772d2363fbda2b5daed7e4098b9fa2

      SHA256

      8ec81a4ec787b8e117e2b51a4692bffb696e50c3cf7b093f2b188c0ccaa2a553

      SHA512

      1bd0b7cb5741bc542c80a45fe810a878249143fbd7e4ef784d19cc8c6015508287d24e61dfc6b5e84c39c0d12b476e4616bdd956e4543f9086b134140c2e949d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bea761676549e62385e60bc3d8925197

      SHA1

      d192d1469171aa901d1fb165f00d03b3abb3cedd

      SHA256

      37cf20bad3bf67d0431321eabde8c8e25e77591a58a18a6980b0d75173d6918e

      SHA512

      e3336e54f9d01c6a8f8aa6039ca65f908d97b745a7e17835c1e399e6a906c742fdc2aab29e0a79cb71d8883e70b9477046c2551746f594413d9cc63b37a7f445

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e3bba2ab04c9bf0c0ae11c601fcd8e7b

      SHA1

      954ed1436c97ecfbd61824ca281b665804cad9c4

      SHA256

      7ab5af5727a7f7bff65c83b158c7e192739caed079a14e438caaaa57e73c197d

      SHA512

      4b62687abc04ddafa3c48e5eea1cf75ca6e4644a1cdd998236ee980fcc00d4c59f8000f41487752c5c6c2c36420374618695bae99301b3704528741701f0b537

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      103bdbe9c053e78330ac158b40f73da4

      SHA1

      c2f907247dccf0ce2ef51a35bc95b31044461bbd

      SHA256

      7a4d4f3e091a78e83767f153af1505ef5a0d89bae0cfd9e69f5d2feb5e6bfc8f

      SHA512

      12f28d66f785891904163079eb2739ac95d9eeeb9f59609d4e16004a873b78b3b062fbd4a49dc107efe2b0ceaaab10b0097151a0237bcfbd8ab372fb08c0310d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e46fffd0cf9e280c4c1bbd0eb732dd0c

      SHA1

      ef6be20bd2123d5d3e15ae4ba57a49ee1f6a7538

      SHA256

      de827266ccdba669fa7ecc938ddcf5c6fb8b9ebf5c4693f7a0332088566ef51b

      SHA512

      44a9fc677f2339bc5c338b4810f28ef3b546cd3e0a21c292b35fdd3269a2df83381600295d8a238372f85f3de92fc85a8730c05adff711e198f3bbcf29b834ae

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0d3cfa987cb71fc31b054764f5b295c

      SHA1

      be025360e609e5aa3156d07452281128da93a0d1

      SHA256

      3072ba4b621393a69850ea50fd23050b6e3fbf9f79419d1806ef2464e6d79040

      SHA512

      d40db4a1b716b1e1d266b0f33327befa0f165082ecd012d71983eb7c8647b24b75685a01978faffa08553bfea785ec318a4dcc1a032baf2b4895a554ac68d6a2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      194e2fffff3e39128dfd956ad53651c2

      SHA1

      cd3a00de54f5ea68570479dfef976a2e7fddea17

      SHA256

      bda78d6a26a6bb75ac4202c9ba94bb1cea479c2f0a9b8cfd270cab41bcd0d36c

      SHA512

      2597c5e493c683a05e7f91fde3691583e1b971a04968883dd90e52b90640a9721fe0d4444e305c520efbd8247b2da6e9be0093abc65c6ad3e47711a486e01d40

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9BC5.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9C93.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/1388-9-0x0000000000200000-0x0000000000202000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1388-6-0x0000000000170000-0x0000000000171000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1388-7-0x0000000000890000-0x00000000008E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/1388-13-0x0000000000890000-0x00000000008E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/1388-8-0x0000000000890000-0x00000000008E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/1648-14-0x0000000000200000-0x0000000000256000-memory.dmp
      Filesize

      344KB

      Download
    • memory/1648-11-0x0000000000200000-0x0000000000256000-memory.dmp
      Filesize

      344KB

      Download
    • memory/1648-12-0x0000000000200000-0x0000000000256000-memory.dmp
      Filesize

      344KB

      Download
    • memory/2776-15-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2776-4-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2776-5-0x0000000003A40000-0x0000000003A50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2876-0-0x0000000000290000-0x00000000002E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/2876-2-0x0000000000290000-0x00000000002E6000-memory.dmp
      Filesize

      344KB

      Download
    • memory/2876-1-0x0000000000130000-0x0000000000144000-memory.dmp
      Filesize

      80KB

      Download