Overview

overview

8

Static

static

3

7127440e9d...9b.exe

windows7-x64

8

7127440e9d...9b.exe

windows10-2004-x64

8

$TEMP/kR9R5GkiZB.dll

windows7-x64

7

$TEMP/kR9R5GkiZB.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2024 02:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/kR9R5GkiZB.dll

  • Size

    67KB

  • MD5

    0926c75dcfb71173c22ed89e44ea6f78

  • SHA1

    012ecac790739f5b92f207ff9f1cbb4dc86516e3

  • SHA256

    40055fa711c4e132099cc760c6b8f10423233b6543be153d7e895a5af1070d55

  • SHA512

    4f761af8f8bec360ae3842d57f12648f6cfca1355954e55b882b983022849b8004dfca61015a913ccf2f0f0e93b6dd853d4710c7d5bdbf738a7c3a12f1ba3608

  • SSDEEP

    1536:w3A1mzmabNdopbmBQdTP66LNMGF51Bct4EB7:BIopjTP6+NxC

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\kR9R5GkiZB.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\kR9R5GkiZB.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /e:on /d /c ping -n 6 127.0.0.1 && DEL /F "C:\Users\Admin\AppData\Local\Temp\$TEMP\kR9R5GkiZB.dll" >> nul
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2980
        • C:\Windows\SysWOW64\PING.EXE
          ping -n 6 127.0.0.1
          4⤵
          • Runs ping.exe
          PID:4108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads