Overview

overview

8

Static

static

7

2bd1db3a53...73.dll

windows7-x64

8

2bd1db3a53...73.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bd1db3a5357dcf620bf979eee24d073.dll

  • Size

    199KB

  • MD5

    2bd1db3a5357dcf620bf979eee24d073

  • SHA1

    089424f4975b51b4f549ca7c261f553da3aa0a8d

  • SHA256

    435d51cacb6bd9222d3165df22c2306e072403f0765a6f57224ab5a732305ae0

  • SHA512

    f009d9feb6cc4e2eb96f410b86cd8fb78b865e25d600172a613c11bdb0f484f0bb549d8daf0656330923f8bca79f7b5aa8bc11692e4e62e1b4c78a746d084a40

  • SSDEEP

    6144:Ugg12EnRtb7qmUcR4J7LjCoT4GipKruZeVROZoPgkRuFH:+2EPbOmNR4ldBjuZoTPg4K

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd1db3a5357dcf620bf979eee24d073.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:660
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bd1db3a5357dcf620bf979eee24d073.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1352
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2544
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1760
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2648
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2728

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9dbf2f7cd8236a8742c153805c5ac5ae

      SHA1

      6dd4895b9117acc416445d31de4cf9f7529cdedc

      SHA256

      23dbf1105b52f945f9e80a75776987e71a1efe43e099289546e55232e6f8dc68

      SHA512

      698f6e6bee61411a4d83b6cbf3153caf9236719e2914914edb86816871f9998faf1ab17a85a9d89b2987a0a7f62c423fc853107d1df1cf81665559069e29b8c1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d7f8a29e7bec7a7f3ec009e8897c3876

      SHA1

      71e91e093daa90c0c9025bf2de1e0bad51df87b8

      SHA256

      82a53f0354f2970713de62ec833fbc50d163060739c939e3de88a9d179fe9991

      SHA512

      7c7d97a24af45b2d5fd04cd0b034450b851512c02b5b49e2099b4e8b2e18fe91f3d23ec3ef63a6544bdaf3c5d650ff5f8f665b49900c1c8d34ba4380dcccae31

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      28604222f7b7b344464a9ed9843ca458

      SHA1

      e0375d974d223f178956d4b2e2c9cc767b8dc98d

      SHA256

      f0fa7708f3488c370e5adb1c845e3a9192c2b04a5e6fcda091e5a2d7baf7e0fd

      SHA512

      cb685a77239cdb74e27e90ee8fd1c4c7e97ae4590dd809bb081ad251439de3eb10063706b40fc0008c87e9205563d3a4a784beac4467e1d35011c99a4bd1db20

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      22e3666079fcf2619f455837d13e9c1e

      SHA1

      48bf2faf7fcba8d38fc5adc68b291675c9abbda3

      SHA256

      bfba47493d4928a4b34a1f135f456d2f706e2f071ef53cfa5da87179ff802c16

      SHA512

      929724542a6d4416799f629d2dd127349da0bab2090e6e6d0b9d1bb7bb0c3a5368ee0fabc1bfc9bb1420b76b13010e82832b3a6d23488237730b13ec5f1bbb8c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab87C.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar2091.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/1352-1-0x00000000001F0000-0x0000000000205000-memory.dmp
      Filesize

      84KB

      Download
    • memory/1352-2-0x00000000002C0000-0x000000000030C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1352-0-0x00000000002C0000-0x000000000030C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1760-6-0x0000000000130000-0x0000000000131000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1760-14-0x00000000009F0000-0x0000000000A3C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1760-10-0x00000000002D0000-0x00000000002D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1760-9-0x00000000009F0000-0x0000000000A3C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/1760-8-0x00000000009F0000-0x0000000000A3C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2524-16-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2524-4-0x00000000037C0000-0x00000000037D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2524-5-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2648-13-0x00000000003D0000-0x000000000041C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2648-15-0x00000000003D0000-0x000000000041C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2648-12-0x00000000003D0000-0x000000000041C000-memory.dmp
      Filesize

      304KB

      Download