Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 02:11
Behavioral task
behavioral1
Sample
240c63fd292efaef4c91db2cbf8c3f99.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
240c63fd292efaef4c91db2cbf8c3f99.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
240c63fd292efaef4c91db2cbf8c3f99.dll
-
Size
269KB
-
MD5
240c63fd292efaef4c91db2cbf8c3f99
-
SHA1
210daf073de9432b7650706cdd7a6ac2168a7411
-
SHA256
727092e8e07437d799ca0cda7be6fc9753f857ad50003fd3129eebdabd54f9a2
-
SHA512
e79525a3de5f1ae76a2ad2b38c4b9f4402c1247a13612c4f1d2f83ff208c179ea92729a49509870d9f4e76bca464544da7890292da51298f4778e4a5970cabd0
-
SSDEEP
6144:FTdochbDK1aPcNaotanzwDH/yvjEp5ERAPzBn5aNyP7VL:MxAoIzwijEkGhMeVL
Score
7/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\CLSID\{2222222222222}\InprocServer32 rundll32.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222}\InprocServer32 rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222}\InprocServer32\ = "C:\\Users\\Frank\\AppData\\Local\\Temp\\MSServerTypeLib66687.dat" rundll32.exe -
Modifies registry class 6 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_Classes\CLSID\{2222222222222}\InprocServer32 rundll32.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID rundll32.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222} rundll32.exe Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222}\InprocServer32 rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222}\InprocServer32\ = "C:\\Users\\Frank\\AppData\\Local\\Temp\\MSServerTypeLib66687.dat" rundll32.exe Key renamed \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\CLSID\{2222222222222} rundll32.exe