Overview

overview

8

Static

static

3

52c2f50984...37.dll

windows7-x64

8

52c2f50984...37.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52c2f509847fbd0b4f71f0dfda585e37.dll

  • Size

    32KB

  • MD5

    52c2f509847fbd0b4f71f0dfda585e37

  • SHA1

    304bc20a71ff757426b76c571f29f9f0f4b68c9b

  • SHA256

    30beb4f31397f43b3caec6bf6d4c5a277a203c90451f35fac2bb850f639a6ef7

  • SHA512

    5f58a43e245572e2e91a7acbc2bbe0ad02825f2b5cd1409e57c3837c5a0481d331586429125314d51d9a8f9ca521e3ef392496029a158bac3243b804230be1d3

  • SSDEEP

    384:+mTPScPQPfRmL7k3F+e/eKRzr+Ujd9VKf6fX1qwnwy/CBfuA:+mpMoL6eKRzr+IHV31qny6BfuA

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\52c2f509847fbd0b4f71f0dfda585e37.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\52c2f509847fbd0b4f71f0dfda585e37.dll,#1
      2⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:804
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\a.reg
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2876
        • C:\Windows\SysWOW64\regedit.exe
          "regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\a.reg"
          4⤵
          • Runs .reg file with regedit
          PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a.reg
    Filesize

    179B

    MD5

    f3dbe232e05c7524d83f53e5b1d74903

    SHA1

    73f9f4252efc4ccb54aa7a000ababf88fcd5934c

    SHA256

    24228c7cc91bb36420590e9a46a668d5a336578c64c3db507559c5c24ab69782

    SHA512

    873a02dcf63f1fad1c1b508d8f330fde5ac5fc36c57b2e8ab18b632facd1f6f9c93335e7564cfdb12dc05c6b1317666faebb6a440bd0d968892a31a7d48764e9

    Download Submit