Overview

overview

8

Static

static

3

aa376a2497...95.dll

windows7-x64

8

aa376a2497...95.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 02:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa376a2497c1e132717eb889e34f2895.dll

  • Size

    20KB

  • MD5

    aa376a2497c1e132717eb889e34f2895

  • SHA1

    1b6b3b7d844cf792102fbfde46027a8549654795

  • SHA256

    8b2130c2cf03ddbf7b751730d5a0d2e4f8c5bf16740dc3869698540051758647

  • SHA512

    4c484a2940cc15928719b9147c15b84b31300f8e84f3ad900b7b2992dde18588891ebe73208e00243fccb93a64d4442fc08af65bc80a20af694ff9cf6362e6dc

  • SSDEEP

    192:O4QlXs2pOQszQwp8AzVSkihTqUY7L165jYvSLnAbrne4Haqeq:E5nwuABSk0TqP7L165j00Aby4H

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa376a2497c1e132717eb889e34f2895.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa376a2497c1e132717eb889e34f2895.dll,#1
      2⤵
        PID:2492

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads