dfdc38fcc1bb139fc0e0dab47ded9f782bd0dd8adaeea37c8fae6461ac6c490b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79a94726113a2f24e22531008a4769b1.dll
Size

44KB
MD5

79a94726113a2f24e22531008a4769b1
SHA1

d61e6a4deb8d9ca86f0a6668a9ce44173898493b
SHA256

dfdc38fcc1bb139fc0e0dab47ded9f782bd0dd8adaeea37c8fae6461ac6c490b
SHA512

d025d9aa8caf473e7ab734cdeb31bc1ead0ecddfcb2345c86442935d595752d2906a301af41dca2309bf90d9210d4813fe0a401d2b398ca6292d1c13a03e5246
SSDEEP

768:89CaKHasAAARKIZakKQXpZUbCTpjEpDRdi0:89C5AZ7ZakKQXpZUcBEpDRdi0

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winabc = "rundll32.exe Ü\a,abcLaunchEv"	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28
PID 3048 wrote to memory of 2204	3048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79a94726113a2f24e22531008a4769b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79a94726113a2f24e22531008a4769b1.dll,#1
  2⤵
  - Adds Run key to start application
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads