Overview

overview

7

Static

static

3

48d20d11a7...a6.dll

windows7-x64

4

48d20d11a7...a6.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 11:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    48d20d11a7ceaf25b91a53a78c8e12a6.dll

  • Size

    1.0MB

  • MD5

    48d20d11a7ceaf25b91a53a78c8e12a6

  • SHA1

    656576d892bdf6b0705175813ff614b8e7f01995

  • SHA256

    e0e993e5237760772fa7089f635e39d0f4406dc6ca4eba34d65999ea3bc3c7e3

  • SHA512

    d2011ee2168cfcb1c066b526cf06d1b7647f3f3d610d69ca019003f07d6e40c73d0478571e8b84d2901d5cfea52879a35359460b3624fe5a05b6cb96f889fa38

  • SSDEEP

    24576:jLMosPrXcqPy1A6wBjSxheLE3tkNUdssjFz:jLM5PrVP2ArjSjmct8ts

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d20d11a7ceaf25b91a53a78c8e12a6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d20d11a7ceaf25b91a53a78c8e12a6.dll,#1
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:396
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\办公室党支部2020年度工作总结(20200115).docx" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:1204
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 1104
        3⤵
        • Program crash
        PID:3136
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 396 -ip 396
    1⤵
      PID:2276

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\办公室党支部2020年度工作总结(20200115).docx
            Filesize

            378KB

            MD5

            5a73f073fcc0b6aaf9e11ba6f026f15f

            SHA1

            5a4aad50203cc1e1cb2be04fcdfe5f059e19b2e6

            SHA256

            d965cdbea06bbf659254ae7c31f3122fd586716aae1784886bbc3af0e0ce2fd4

            SHA512

            0ded2a7e9ccf53c8853ac2c9896f9e0c31725484ac6f5ad7edfeef97c0fa1baad7231a0ffee85c9225d30dff8f3960ed24b995e18fe484519002226445f39727

            Download Submit

          • memory/396-4-0x0000000003720000-0x00000000037B3000-memory.dmp

            Filesize

            588KB

            Download

          • memory/1204-18-0x00007FFA2B6D0000-0x00007FFA2B6E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-66-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-10-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-9-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-8-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-11-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-13-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-14-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-15-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-12-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-16-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-17-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-7-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-6-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-62-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-32-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-33-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-34-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-5-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-63-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-64-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-65-0x00007FFA2E030000-0x00007FFA2E040000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-19-0x00007FFA2B6D0000-0x00007FFA2B6E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1204-67-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-68-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1204-69-0x00007FFA6DFB0000-0x00007FFA6E1A5000-memory.dmp

            Filesize

            2.0MB

            Download