Overview

overview

8

Static

static

7

1ae3206072...1b.dll

windows7-x64

8

1ae3206072...1b.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ae3206072ef33e6417ca78a8b8ec71b.dll

  • Size

    224KB

  • MD5

    1ae3206072ef33e6417ca78a8b8ec71b

  • SHA1

    9ce4f5b38bf23f2a4e7a4b38fa687a221cddbf99

  • SHA256

    16302786e3373669844875d73dbbf99f632d4f748cdafcebd8434cc2d5450394

  • SHA512

    30589d0a2c65231967370c4f57134c1f739d05dd8970f584f542317eabb0cbf134769ca4d64c1cb683c8552ada185b92e883e004fbe59cad8ad406fc8d805e0f

  • SSDEEP

    6144:TA5DS5BdexpUj3RDXu+Rlblfa9p6U7wAK/8n26:Tau5BdebUjBDe0lbU7Pn2

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ae3206072ef33e6417ca78a8b8ec71b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ae3206072ef33e6417ca78a8b8ec71b.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2644
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2376
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1056
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2808
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2572

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56d3cb3c024728db47d6f911e6ff7256

      SHA1

      7c0d3a20fe5f4e5ed322d4e79ffbc977954745ad

      SHA256

      a190d80773246106cacb4e158fea73e9e10708f6c1df9d218948de16c81fffb6

      SHA512

      5e3eed86d83f5fc3fc6722b311a675c6532d565a87d93a5c21d2c97f995605ca3148b5012baf9cb155bd659d401cf38bd5b2a9b8cbc2203d4c90d6fed8a52db2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f44595c1d44a7fd5569a70b962cf9270

      SHA1

      87f8773440b6fd140fd92b5b0290817b79781818

      SHA256

      a3d7fbac36cf39db7c234b6f8a1d7e49e2a8fd7ae2e32b1916acd0709c15ba75

      SHA512

      81aa356dfc39bc5ec970c469d53991dec865d7aaf5a99d1b28b7df5f1fbcc0b6426098f3ead212dbc8c2c937d097d82bacfb0e46c8aa377ba21ab21bc4be63ed

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      edc93f214a991dfeed2e509154a19812

      SHA1

      12dac32073dd35b7e0c1875391d3558b2176b1a9

      SHA256

      ffc52f7ee400ed2190c8750c0f427f1ec23c9b46064ddae7550da3e69fbc65f9

      SHA512

      0359b9237f9c9b78ca46001154b628dac0e00dd2a7f104ee71dc74124f8e4fb89a031e41649de0778bc9e1f8f59a197de5be9a94574f72d09f5130cdaa527431

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      00015d2a7f0f813f0fb4d98a8668817d

      SHA1

      17b014c26ed36b700ea756a178959346e179ab38

      SHA256

      078a36afb9af8bda7b6ba67fdf3d3776059aaff498fce3caddd87e1b668e1677

      SHA512

      44153858ef6893557829ce151a11c59745875aeae05cb11bdc28bfcb9b16e7074e9aecc65425b7629462a823f70690d98384bb8cf2939703952fd9624946c475

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4a99decf4dcbad5e43cccbee005b05e3

      SHA1

      83ced210adc301b207ec4fb0ab1d76b950ee47ef

      SHA256

      78afcbba8248c5132dbf57cb067a3e8a6e1c84bf0bcc528edb66998e272622bf

      SHA512

      65479fbf454f6cd43ffd51b0f9be09ced99c05eb7fca9f36922371b561d22bff63732129f9b61f50bc07718ea9339ca80e97c1e75e099876758040fcb35be741

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f00e2c2c5e26901e93bddbd22fcfd4de

      SHA1

      86ca563455753d0e7b7f8848018cdb51140f772e

      SHA256

      2ba348fa6ad2f1e849d1a972ef6622123f12852b5e20ca4d85d46e1c6eab205e

      SHA512

      576f895a8d4b21cd9f6f02817f47b36e1f0d72174b85bb3405b27d7c1dfeb9462ce942a431707b7e036d5f2bb0b3d5ca4d4cb64681e4f12ae901e7f7467ccfc7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ac1db72b1e4488a1638e1bab07968532

      SHA1

      ce9a038adc51c3046c0e9414079a750d6b5f2269

      SHA256

      e982ec88c64e2bea848f35ed7d86b2fb0bf11a6d796a9ee0bf4a4e8cd93c561c

      SHA512

      6b91e96fca7b5a2d0213f1e2016ca038529c419ecbc2a782e9df3d53d7ff35cef4e83df601c7ac7b07329da8b2c83a27b3b6237c33f6188fe5afc5bb5e469536

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8dedbd750dcac457ec249dcd663e7d55

      SHA1

      12b4f867f6a16575bb4ebe09cec21c43c1bf8fe6

      SHA256

      66d065ccee860b70443cb58728dddec98e4761874530d76b73be01fae9d78783

      SHA512

      3ed859be667536823aded0115d83ae07d1b25d31847fae3622882e04f5972c3e859340b0a44003abb380666e96b989a4f0e0e03ce71f24260286a370d1437294

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab2FE.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar1B54.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/1056-13-0x0000000000590000-0x00000000005EA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/1056-14-0x0000000000590000-0x00000000005EA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/1056-16-0x0000000000590000-0x00000000005EA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2264-0-0x0000000000700000-0x000000000075A000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2264-3-0x0000000000700000-0x000000000075A000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2264-2-0x0000000000290000-0x00000000002A4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2264-1-0x0000000000700000-0x000000000075A000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2376-7-0x0000000000130000-0x0000000000131000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2376-15-0x0000000000270000-0x00000000002CA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2376-11-0x00000000002E0000-0x00000000002E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2376-10-0x0000000000270000-0x00000000002CA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2376-9-0x0000000000270000-0x00000000002CA000-memory.dmp
      Filesize

      360KB

      Download
    • memory/2680-18-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2680-5-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2680-6-0x00000000037C0000-0x00000000037D0000-memory.dmp
      Filesize

      64KB

      Download