Overview

overview

8

Static

static

7

3d66b6170b...b3.dll

windows7-x64

8

3d66b6170b...b3.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    164s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d66b6170badfefb74ff2d1377d5afb3.dll

  • Size

    201KB

  • MD5

    3d66b6170badfefb74ff2d1377d5afb3

  • SHA1

    1212981f325c60a6a7d296929b047c7d74d16776

  • SHA256

    0ff3c9098a2b336916c3fecaf3d0a90354f6e3332c099f7171c302c572f85dca

  • SHA512

    d0f88a91ba58fa04ae883d59617ddcd83d8a654a6248ea3abfe04e88cbf296b25ed4fbafc304cdce2b067d57ebc198922cce99f596635b02ed4b20148ee03153

  • SSDEEP

    6144:bNhusqvH9ylSJI8eCgD8yCish9EfKfys/g+5:hws2918UIshGKfyK

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d66b6170badfefb74ff2d1377d5afb3.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2844
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2852
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1872
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2884

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      526de320b77769ee1433926567818aec

      SHA1

      18379a0dc5fcb66598f1291788f6f4aa5e7d8d36

      SHA256

      d286848bb4bcf5285a8044de6777bc1feb4a7b709765aeec3a9b7a5bc7e50c7d

      SHA512

      6620e09e9806d61b4e9623ba9c3bb5d73033efbec97e07ae637245a11451e2bcd7631d30bbdbe376d78b480b1d6aeaa5a3310a5237a2d9bcf14dcbfbeb02d51d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      224b02c6c911eb335a26d2980fdad16d

      SHA1

      5a29d08d6484d81256dbe57328d4bf2aec97c73f

      SHA256

      8e0a42d3a63649b3d924e8ab5d226137170194eb6b430f3a958bc69b35e2018b

      SHA512

      2ef6caacfbb1af2e3fedfa4aaed809d7d1a0dc0bca8f847af258c785b01f3fddffc7c23beb41e6e1f6fa40803284e4d578e9b1cbb7bf2e5abef30e3ed03ee965

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a9746d736a21341164bec00ea8e22a1

      SHA1

      9f30ca5dbf49523474823be8dbc595e3e9342243

      SHA256

      ea432e83ec6a4743a19cb156135e86ab3970bfbb03ef735e2d6d7af78125a4a8

      SHA512

      4709d31e6adc474149e60a6eee50d4782483b36ac9b9c510915be8383ace263284248dff2ee10cc04ca5250a06d5a6c99009c618c0dcfc05438a285bd270dc99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      20367f67a712d3fae9e94f435b0b5173

      SHA1

      09203c70caeded2039a0b7f0a89bad02e926fc92

      SHA256

      a08e2a21b0bd8ebde5810901cd37eb6555704bfa8999338ad758db985ca1134a

      SHA512

      e88fb3f12a017b33d3cd22639ca5cd5216febee1acc14db8a748b395b2eefefbe31211f6481f7fc6ec3047fa138747deead6d81d9025341a4d9e6bbbcbe3b745

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c3e2c4c976101b91dc07ace4cec29812

      SHA1

      2754b5f1b57a630e61392aee6d798464d2304e61

      SHA256

      44201258792e8f5b19f96e2923efa8ce8587ffdd148c73c707742fa74e430dbb

      SHA512

      21d0f215f5d20a3affe3424204da0615c0b6091a06229363242def21959e6ef64f01f8d02f89e0daddc107d3cc8228173d7130ea510a5ec3d36cbfa03cd287fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d31e1d493a5b247681dd81a90d622c21

      SHA1

      c9f280a7febd6032326ecd9bf7a8a685a9f163e4

      SHA256

      953c74e16a3adfd85b9cb3a5a6a6fa9a22e79fe6fee1ccc9830c032d5aa91c2c

      SHA512

      cbb4c266d22bc922778a8b389f28da998a3af86731da8dd2e04d4ff2754794879d1b249072c1fe2703ae06ec0b00a5adb67e3be87aef7633744a1ed079c91131

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c38e170449780176db4d8461e619cae4

      SHA1

      08a9de7e094f4d54f7b7313ede5c25aa03c2de6f

      SHA256

      4980484c64f00dcf8529897146b4c82b2efc21b2bf1d3f6c3e996cdd689d56e0

      SHA512

      f4c6c56b92e38c31b968097a7e77009335f846526170fa7738cd44522c817494407a11de4d276dfc0ab4ae86e0d786674ab7d0c4feb06444f122517c65fa13f8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85bc8517215e86859c79313dbfb304e2

      SHA1

      0def14db1e08abfdd41a955fd79110dbe7a6f2b9

      SHA256

      3461d20a20646a9c1b60bb4408c7788c9d11ccac93563389fcb968d81d3f5466

      SHA512

      49c880511db57f6c3b4e36688e477d757d051fe7a1ab2d970f1a94ec14fd3746c7c437009d4210b29f400c68676cb30cfae2e76f85e37c2f295f6aef1bf5faa4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f8a244d83f999eb47f951cb138fba93a

      SHA1

      85f80a02ed7abbce5e2d3109ee1b318d68e9dc4a

      SHA256

      2f9ac373107f5f8b5ecf2c17a6b40e321ac321ac2e82c57660307d86a21b291f

      SHA512

      8039332cc19c720df4e47edf7b33e3c63c60c571dba068d57c713f4858b734971d2ddb834a65f6f729fc2e998b2d5e5a04a552668ec5014233a90b0d6409b102

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9555d6956abc2533d5130fb1517cfb31

      SHA1

      bf86183f19b4ea6e0ec47fa46443b1fdb010db71

      SHA256

      bcf71c1b5b3ccbf3b0eeddbfbe42837255910d33964d5f595e48a5744aa42b57

      SHA512

      b51d15a746470723c7b0dcb5d0b970682de393bf82b317b051ed2012f40bcc171ce56cca9dc9ba00a04c3db616983e9f8397fd76cf610ee0ef1ca4a11b367a54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      73033c8d434740b231146e4cbe6ba0a8

      SHA1

      48a2b815be482062a7c58a8fe90feb3f0fececdd

      SHA256

      15677a54984f61efa9c92fb05ebbd68d1c5ea431f18ccfc710c3a0284dd2dfdb

      SHA512

      deb58dd3de3bf274374ff7a2344aeada614f1c09e76831fb5c20952de1c77eb1b90761574400d1dffd3e668a71f9fba45f7a5751b439f0777d962ac4374a31f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCA72.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCAA4.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/1872-17-0x0000000000440000-0x000000000048E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1872-18-0x0000000000440000-0x000000000048E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1872-82-0x0000000000440000-0x000000000048E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-3-0x00000000001A0000-0x00000000001EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-0-0x00000000000A0000-0x00000000000EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-2-0x00000000000A0000-0x00000000000EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-1-0x00000000000A0000-0x00000000000EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-5-0x00000000001A0000-0x00000000001EE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2128-4-0x00000000000B0000-0x00000000000C5000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2728-83-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2728-7-0x0000000003AC0000-0x0000000003AD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2728-8-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2852-81-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2852-9-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2852-11-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2852-12-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/2852-13-0x00000000003F0000-0x00000000003F2000-memory.dmp

      Filesize

      8KB

      Download