Overview

overview

6

Static

static

3

VirusShare...d5.dll

windows7-x64

6

VirusShare...d5.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 16:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll

  • Size

    2.1MB

  • MD5

    64f26f341dc59ee8c340fcae3ed2b4d5

  • SHA1

    5bf2a4d34959007c1d7d85b45f8a2c5801636cb6

  • SHA256

    4fb409b42ecc1d03c557e804df5aba0ba721fc885e8b3e5b7032a2551275d4e0

  • SHA512

    b54bafc839e722e79e213d4babc303b9b123dfa78a7f622864058a2e0f58cc81b360db22eea67ba843397599a43b630218543d758dd2afbf070f96453eef579e

  • SSDEEP

    3072:da/fT8nSPDyBL4ORnMAhr1yw649iS3BAarBQ/sVsVuSOUwQka/:WT8nftDD/i+Aa1csmYSNp

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1240
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2180
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll,#1
          3⤵
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2172

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\asoor32ni.dat
      Filesize

      4.0MB

      MD5

      6be2c685798c55551dec6f94077659e2

      SHA1

      a4c4a1ee8c5ddcc9aaae6b4bf0f8b8be1db52374

      SHA256

      27c83bececa6498510568e7d848891b071374f362637d38825549527aa68ceb9

      SHA512

      a3d2a15dfc43f37c88c2ac4bfc8d84461a461978aec8d2d0fd3e38d47398905094b2f9b5e25df7f21465d4e5006487cd4ba92a2ce63d3b9a4a4d67b121e17a08

      Download Submit

    • C:\PROGRA~3\in23roosa.dat
      Filesize

      30.1MB

      MD5

      cfbdf94da04a0a8fa95f39f85b1665e1

      SHA1

      6391c5648d0c16105730f65df5268f20721b9e85

      SHA256

      2e538ff4eb4835b641f15e529433e09fc2cc72f95a77e34330c63d8a12039bff

      SHA512

      1782d00c9a51f7b64a3125640994a367258ad26b70cf3be848a3551daa2374309f71822a1a1433afaece778a098071ea037554922717c6e9e72b6d8a4ad60d14

      Download Submit

    • memory/1240-15-0x0000000002A50000-0x0000000002A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2172-0-0x0000000000200000-0x000000000024F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-1-0x0000000000200000-0x000000000024F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-2-0x0000000000200000-0x000000000024F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-3-0x00000000006E0000-0x000000000072F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-4-0x0000000000200000-0x000000000024F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-19-0x0000000000200000-0x000000000024F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/2172-21-0x00000000006E0000-0x000000000072F000-memory.dmp

      Filesize

      316KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.