Analysis
-
max time kernel
151s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 09:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4894e6e97daded00b318793818991352.dll
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4894e6e97daded00b318793818991352.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4894e6e97daded00b318793818991352.dll
-
Size
23KB
-
MD5
4894e6e97daded00b318793818991352
-
SHA1
498e99f29f13d278b95c2e55571b40a34b313e7d
-
SHA256
899abaf96087ca5f427817b2f9bf3cd6a0b07ee31cda633c4b3f3a1837086f76
-
SHA512
13431ad77cc1cb52e3a2e4c75a4b344b47ebebe81eca9333c1bde4b797802e713b307b93bfdf6325e36354a20f05929e223bd66788442b4609407466a9c513f4
-
SSDEEP
384:6yaC3SIFeWMX4grNoFt09pjjNoXJMqzewN2t6Ul8Cv3h+f3:6y6IgxpjjimOea2t6Ijo
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssgrate.exe = "C:\\Windows\\system32\\winsystems.exe" rundll32.exe -
Suspicious behavior: EnumeratesProcesses 62 IoCs
pid Process 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe 1604 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3196 wrote to memory of 1604 3196 rundll32.exe 88 PID 3196 wrote to memory of 1604 3196 rundll32.exe 88 PID 3196 wrote to memory of 1604 3196 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4894e6e97daded00b318793818991352.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4894e6e97daded00b318793818991352.dll,#12⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:1604
-