Overview

overview

8

Static

static

7

4e181a0297...bf.dll

windows7-x64

8

4e181a0297...bf.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e181a029753852087ccfcef6ec398bf.dll

  • Size

    216KB

  • MD5

    4e181a029753852087ccfcef6ec398bf

  • SHA1

    99aa1c4adf27b4acf390fe0e09b6747905022cde

  • SHA256

    c00ccb8652171093889ac6d6391e8fa962980e53d6b863e0667f8001e8a9fa04

  • SHA512

    937b8275da10aacdbec2d2564740e7858feca66f829b178939d9e82bd602b7409066890cbe470d2cdafb727a9fae1f5b2a061f3f96648b34603f729c31950e46

  • SSDEEP

    6144:qDOr7lSFcI4mmRTKkkiDHJYMcMk7Y6vVWWFYrAW1z8b+SzmnT:hPrmETnk6pYMw77oWqAqg8nT

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e181a029753852087ccfcef6ec398bf.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e181a029753852087ccfcef6ec398bf.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2380
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2648
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2036
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e040cbd6ecec19d5260c9fe34a0a9cf9

      SHA1

      5c39edc097d68325d9a1c69753f74a44d3fe0890

      SHA256

      c070b53401ce7173caafb8bd6d00537796cf53884cbc19447431e7c364b6902b

      SHA512

      1be43b3ab6ff2d617736ca5186d36bede56d1166a0047af3fd6d2d5d3ea9f2adfc399cc2f993d0e2f3dc9baace3d6d40c604ca7f87c0bc6e29c669f7d7fff04e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aaa350fe9f5bda596de99350b29b8ba8

      SHA1

      dd0d27b9831ca5edd0a905f3ce3853291ec4f0d9

      SHA256

      4f3b4f2a9b8d20f8ddfa5344983d939aae46ee9b5a5ed3b4ddac2b3d3b9259df

      SHA512

      d8c5fc8132f217fb4d5c779294a8af8fd04f81f154bc52134c542dc61eeec78211c87ea95952f7a287740e216b5ce09b3b8c4dd73bbb0a412533a3d53e0eee9e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e87306a830f7970bd9f32c616818f71c

      SHA1

      87ab4e217bdf8ab72e37e0ef7d480e93a904be1e

      SHA256

      e3a768fd8ab9ff683cc112743d0a11bd55165f1f04815e67744946b283595b9b

      SHA512

      248f2e7dfdcb45ab00d2835a09729dc26366beb5be10ff83fd07a12f4ce79d47e8f66d3030ac0a9bd20e1a985e56b47cb61a610433695ea087bb4f2e68b24afb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      09b70efc6e8dc6936f807e805ccf9a12

      SHA1

      0dda934475c7e345bfa0f078dada4e59540d60d1

      SHA256

      44d0c199834722bb45cc09f001503e4a0a2bdf6a6eda830932f1790c031a79b2

      SHA512

      f08b93f503862e22d3e2a9f177c1fbaeea09b1f1d809bba6581e38da680de264edbc0b649e42a4af6327421e54cfd54f1717022abf453db4e92f9cf32852133f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      02239fa7e785a2bca7b127da2e90f0dc

      SHA1

      1d4cba319efeecf3162163eed3254959721bd04d

      SHA256

      40938118914c5b7e55c92d210a421736e1f6d9b1520b4553fe68b7da386ded21

      SHA512

      a7b4681da7f28eb5b1ff2ea51024be45ced8cdf4891ae5f4caa82df4d311c212164456dc8f2f2956b678dfe32451a33bcf1c10e276abf1ebafe7a0231a4f7e95

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4145000975720105db06dc43c056482b

      SHA1

      ffbb1706e6b7da0b77bbb200719332e53fcc4ed3

      SHA256

      30d34b4c4ce8b86519056e587b0a2c74e4210b9d3b5389258d352cdf4d3e3db1

      SHA512

      02ffe3da4966737b2d064aac0d04d26ba3e80af1927ea131582b605fd54929d505c9f028ebbc34bb5df58e8b970cf4dc15ba59875c602dfdf177b39388b6930f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6f77dbb4a35a99b518c6560b7c8692fe

      SHA1

      ed4e30d855704ea18877becfb0df26271909ea2b

      SHA256

      f374602e1134f80a9f08330551eeeb814c8e18704660aa725fb4efa1dda40296

      SHA512

      7dadb1c87340b9bdd02565685d8bedbf651235d5dec25ac49b1647234e01a8c807cd8905f28dc29983dd6366ef0525538d333aad8089b866567a3e1687766d8b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e42afb08e45a1bc399bdb5fa8ae1c199

      SHA1

      ce38a39bfaffdd8a950e4c11c32193f7e82547ca

      SHA256

      05ee734db88f2e8a34d09cc2aa986e4eb5e2f053547b99b7de9287f6dccee428

      SHA512

      fa39ecc4cb0e584ede4a8b5a0f82eed33dcc0858600e3b22db4793ba404784118bea502b3ae34bd089afb1a231a44a04320beb1f9e31b6e50dba3c8c67821702

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      831996732eb1101e9bdd19b5c924e625

      SHA1

      133bbc7101290e4938c797fe62c753fc04c3ffe0

      SHA256

      d11be5ff7e11a501ad1f7071e22a5a40c05ca80f38c4d6c56995f33cd157f759

      SHA512

      86e396902ddd1fecba447d9a24135df18e4518b94dbb19fabf47de360cb80d352041500e9fa95de1d03184f6e2dc04163ea2752f641f9402b0c17fd52c0c2a91

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5fce92435908247749b8f53994a8fa04

      SHA1

      5b7a3a2b3723e9c9c54eac56a71bc0cc119d68a2

      SHA256

      a30f7d8b9364b91fac7c2650cc459487eeda54876dd63b9e0c061702ae4f6cbc

      SHA512

      65542fb783f851ca288393b6a5992777cb439f2b6a328c16c3e41c55d90f75ab8dd79bee2066d7fc1f9b47a7a3f538c01e1201e6edfdd3a7675503624ee43a0f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f061e2ed735a81dedc5b592e11e29447

      SHA1

      3ad33b98f06f2bce04fa11815ecf4c8328462afa

      SHA256

      3482449adfe070e405f9daf84ef451ad5ef341d9bfed6ba9df03d4e34e938d4e

      SHA512

      686733fd7263e92f4e7d4f8f2f8f9e8ca9a73e352c51ad1b9fb4a5cb3d6c36b57aa7306a578e486dd482317ef80a974e57b639aacfad57f74d0733b71e88ebce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9e9ab6665b809a643002a829b101c915

      SHA1

      c63fae9cef5c29105ac1e2f077da6262cf4f2a13

      SHA256

      b25772d2b3834eb9555d7f20ba288206e742f74165df54d9d1c9df2c35647959

      SHA512

      924e9a75309aa879335bad49be60271d9d2ee8d1415ccf1d2705e38c58ba2ce69b2ff0129bc0fb5d1f98d6e98eae25dee6d7c1cf7e70a36a83329a8e7120c2f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5a625f632278f7712006625901b36e9

      SHA1

      b9b85079076588a3eb925eab4bf1cf4f0314b8d7

      SHA256

      c049162f9765f2efca0588bc091aa56864f09b77a989cea079031a0fe9d4deb7

      SHA512

      7bf1662530a629c6f5136f9b190bf3a100ff5512948210bdc5db47a738877dd27c6d186c4db705b1ba837a729e59f4fdb69677577dc6fbae6ba61c199c25a564

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4921df87436341950c0a56f8224c9d37

      SHA1

      40af7dbf63f3485723d923bc48929e2695ff1649

      SHA256

      3e9191650afcd0c6094ce5276735a7ff4848a8aba5662f1f37a550e941a32794

      SHA512

      0e7a342a0777c2bce619551da5b26fb3fa39dcb93dce8afd6e453b2dbb560ed1c54f013fd977c19cffc4ff2f24f03972148df16a777c814d9d3c3031416b3569

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2E25.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2FFC.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2036-15-0x0000000000360000-0x00000000003B7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2036-13-0x0000000000360000-0x00000000003B7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2036-12-0x0000000000360000-0x00000000003B7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2248-0-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2248-3-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2248-2-0x0000000000170000-0x0000000000184000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2248-1-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2648-8-0x00000000008A0000-0x00000000008F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2648-14-0x00000000008A0000-0x00000000008F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2648-10-0x0000000000900000-0x0000000000902000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2648-9-0x00000000008A0000-0x00000000008F7000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2648-7-0x0000000000290000-0x0000000000291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2760-16-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2760-6-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2760-5-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download