Overview

overview

8

Static

static

7

564c5fcd11...e4.dll

windows7-x64

8

564c5fcd11...e4.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    564c5fcd1118cf4d616ea4fe2fabe8e4.dll

  • Size

    180KB

  • MD5

    564c5fcd1118cf4d616ea4fe2fabe8e4

  • SHA1

    dda2689aff88f4e026ffcec43f7175934f31001a

  • SHA256

    3c41d48645775ca5a5d0076f2277d0371e54f27fd48090455189c6130830e4ba

  • SHA512

    315b1783bec3304ff49766cd9f893d8a14768b4fc2de040c91cf057616f01abb2840307672fd0a8366a520aaa18496263d180b23e84dc66c9246e9e14e5c4a18

  • SSDEEP

    3072:VEkXWU58q9f6vIjdpPNh+skbvfL8kfGljGbufD6hYtPQrWT9vrHnqoutp7:/zVtZ5oz5GixWqrWT9vLqoSp

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\564c5fcd1118cf4d616ea4fe2fabe8e4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\564c5fcd1118cf4d616ea4fe2fabe8e4.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1308
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2828
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1584
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ee9a0e06a034199d22bf82ed856b9619

      SHA1

      728b29440d9f8ef574455b479e97fc7ac37f811a

      SHA256

      2b19a2c1bdbb95d2c25cbd5c5c6e723857eacbb34919d313b98c60d2533bc2b4

      SHA512

      25575fa49be194265566fa6eb3c01bb3574a14315430b0b250c5ff53bd8e43d582ad58f165813a9e5f4376c62d79b6f9424ee2329ea2f070f69a18004e5465b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6204ef943319d9bb24f609deb9e68b49

      SHA1

      1e8b00f77226c742de811353356d57093baf56ad

      SHA256

      8f5125fd3060032a132dea6076c57c41651c3a684b7ab06d6711a1e1735d0832

      SHA512

      6d99965ac8e4b37d11718aab0eb7697acca998f3fc683b8a6e140c416efbecf0b85db3a531528d4ddfb11e9770df123a826a18bfe93db86cf2732a837bda734f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      38fc7c5733afdb58c99e57de66f9a08c

      SHA1

      b7be5c5b8f28ed7e4922934c0eaf3c69df129a98

      SHA256

      d12db3e02f21fbf7b5020797cbca1a2c70e8cb5d1205ae47b672ed6d4e1f529b

      SHA512

      34469cf192e16cee3f8ece1525b08cd5768f67bd923a940d836a8c599383f398390ff630bb069dbf0e97114503abbbb72f37a0c187f15aaba500e135918773a8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c7da98c4ce9642dcd5e358dd1f4627e

      SHA1

      5cdcbb5abe13055ad215dcadabfd94bb2ffaa02d

      SHA256

      af2538e1db32f2d788eabc9b845dfcddb0a13f56532460cffa6b9df8b75e246a

      SHA512

      3c4f416f5067b324a4ae9c225129dd82e2c7207c8b9bb69417bf718a7f2d36bc0145415229e06150c1975da5300cda485262edf702d109d347cabc585e16e221

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8f3f8c86d91c33743bc9404c6e6cdfc0

      SHA1

      3ced1d0b04a3d224082d8cba5626f80afc4cffb0

      SHA256

      fa2c57cb8c76af8c5f098f7418dc5cff0de3337fd77ff5b979c844e78d0421d3

      SHA512

      09b7c9815f9b25c75558fa73487d22af6ef68ebe13d21e1349be212576a4556b7ca05384582e33d3ca311f540b6adac94828213d190ce2556461236d6cf6430c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      147540959ba17c6fa88aa8f8410c96b6

      SHA1

      baf55a45630848ea02c14605ba61b3fe348e4086

      SHA256

      f9de82b88b26474bafa631b84a4d14b66041b8eb06f3578ecb7e1a009db59a3f

      SHA512

      b762cbf1de6375f965c46d31968e97fa26869163172398db1d337b857d5e95faaaa2b8c1c1a5ef55ac7acbf2c14d40745915503275cd7180ba6900475016ad0e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d48742b804dd19f49a248e1d3cf26133

      SHA1

      d87fe1f0ca3fe531cb46fb8fe185238744d19a6e

      SHA256

      6a6a1cdba6a29871dc6785b4861fd52b961ddd8b25588cc412a8b759d8e5d984

      SHA512

      4f9a1c54f15b3bd18ed0dc2b669884cd6cefb5e1176e67f84529e572007bc28db035c8dc2f62b237721db1f7217de9f83b536da5f61e3c8bb12c5d68e58b771f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f36996f2cf7e5726466190f0ded590d4

      SHA1

      8c050326650755f500bb2cc8bdce6d71d59200ae

      SHA256

      478fda00b176a7f74d4e0900e87ee49c99fba1c2b2ce649a1a7802b33dd77795

      SHA512

      d392afe19d0b81c4262591016e1cf54f5a680b0842cf23c6e35066bab865dbac50cf4943332a31d5ed94243235ab16db19e7ded7930cb2d22bda18e2214b3b86

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03cf0efc217843502c50ae8ad6b1044d

      SHA1

      7d093b2dbb7b70d380837dbdbcb36a6600f85e79

      SHA256

      b0168940929e316205937c2512ae45596fc20d88dc27e2c4344320442b7e1a70

      SHA512

      9b17be89aa3e4c0f8e55904413c8c004611bdc1cc08d706e7c765bbf29a10058ec16bc929317f349d3741d673ed4c744d3b56c7fd27d3562fe4d47ad0e190057

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dba9204ae8d92f55b6d4ed74588e5003

      SHA1

      aa989c41066817b952b7c1815f70e05a02a85da5

      SHA256

      eedb88a7affae390ba1a5478147adcf3b30c3fa2457b5674e51a602a57297cee

      SHA512

      2f70d3dbf72024f4749b76911aca9012060021f7da3bac6b5ad4efdab0e4909f2e15332dbf2d6f0499d0cc331dfa5b741b8a61bad02049cac6f7ab5040cac693

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9902fdd6b2778bb470ba62e3ee36424a

      SHA1

      bfad8abd0076d5de48fd9096ff332422d36dd1c5

      SHA256

      9b888a8d3058f638076bda65c207a52f011044063343d377e89dd104b90335b0

      SHA512

      6cad486fb6aa42b1e2a2b72cde83cd196485cab59cf9fbcce4a3120c80929b8c55baf643ab868298ef0139aee74cc1ff250a18bf0d3370c87a8130fb7e0e2fee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa48b1e2d0c116fe2ca84ebd56de762f

      SHA1

      c7a46711faba85b7668cd3d38994b60211714253

      SHA256

      bc37ecf68c13b21378a5d1871da903a170a38ee4c5c6539fdd4bb2d8fe902890

      SHA512

      367edcfc9edfe0619e8eadc7ff34699d741231e3ef23665207048f77774e32b7fc50ef730e573e0c46ad4257400028c8c1c098e79fcfef876d88120d6cf2d894

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3F23.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3FD6.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/1584-14-0x0000000000730000-0x000000000077B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1584-13-0x0000000000730000-0x000000000077B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1584-421-0x0000000000730000-0x000000000077B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1880-0-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1880-1-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/1880-2-0x00000000001D0000-0x00000000001E4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1880-3-0x0000000000400000-0x000000000044B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2428-5-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2428-6-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2428-449-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2828-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2828-9-0x0000000001CE0000-0x0000000001D2B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2828-10-0x0000000001CE0000-0x0000000001D2B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/2828-11-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2828-19-0x0000000001CE0000-0x0000000001D2B000-memory.dmp

      Filesize

      300KB

      Download