Overview

overview

10

Static

static

10

tmp.dll

windows7-x64

8

tmp.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 11:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.dll

  • Size

    108KB

  • MD5

    f494ebf692ec096ad75b3417e2a63ee0

  • SHA1

    d3762b977035d1dfbcacd46ccfc0d00d2f490f7c

  • SHA256

    225cb82545dfbd70f8b05b95004b3eaac4e2f9ec408c5d72200ad36a39b969b9

  • SHA512

    e31a03d4f8a04d0d4adc0ca6ed858823e48429674b7d629de919deb2764cbdae758f4a45a708e505528f8f530f6254af00ce3beff103f1c1b622b892e5aa2ce3

  • SSDEEP

    1536:ongBItTzXcG6ZO/8RrU+cNCy65KiCUf6IDh9AjLo5ZY5WKQaSno2dMpFI149+/:ugBIpQxykrUTNCH5KY6DXXUo2QIi9I

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Drops file in Windows directory
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2908
  • C:\Windows\svchost.exe
    C:\Windows\svchost.exe
    1⤵
    • Executes dropped EXE
    PID:3776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\svchost.exe
          Filesize

          60KB

          MD5

          889b99c52a60dd49227c5e485a016679

          SHA1

          8fa889e456aa646a4d0a4349977430ce5fa5e2d7

          SHA256

          6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

          SHA512

          08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

          Download Submit