Analysis

  • max time kernel
    291s
  • max time network
    264s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/02/2024, 13:23

General

  • Target

    version.dll

  • Size

    67KB

  • MD5

    47f8ae27b9bd71108a86280e1c725e37

  • SHA1

    9a398eb8fe991fbb2c6bdf57b60f8c104127b2cd

  • SHA256

    b4e35d2d294ab6ef2b028b11766cdd52365b7347bc0255f37de3148984ea3016

  • SHA512

    1fb3dd049a636607dbe199be96eef883b220da15308582dc5322add5be68ed01d567a5f53f137f63f837670841d81d971482d2cdaa9882950f200a8565d147e2

  • SSDEEP

    1536:fVBOTgnOd9kcb98pJJXZIMZW3Lb2EU3rCSm53VmckVPxIiT:+Hwcb98pzXZIWW3vbU7p8UckVPxIiT

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1864

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1864-0-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp

          Filesize

          256KB

        • memory/1864-3-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp

          Filesize

          4KB

        • memory/1864-8-0x00007FFD61C30000-0x00007FFD61C70000-memory.dmp

          Filesize

          256KB

        • memory/1864-10-0x0000027BBC5E0000-0x0000027BBC5E1000-memory.dmp

          Filesize

          4KB