Overview

overview

8

Static

static

7

b7c8d34264...b0.dll

windows7-x64

8

b7c8d34264...b0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7c8d342643d68ff3a243c1678c7dcb0.dll

  • Size

    206KB

  • MD5

    b7c8d342643d68ff3a243c1678c7dcb0

  • SHA1

    49d8d16ffe8c257910e148c6e53a83b4e256cccd

  • SHA256

    e89165a67b17f1dbb694846d998fb19383fb1f3b9530325eebf00c91f20751dd

  • SHA512

    c6a48a95eb4b22b5a060473dee89ae96da35391607d7bc33d985b7a8780958213131525837c622af929d80a9fc4b762f91ccd23dce358aa8eac0c1e0d25dec55

  • SSDEEP

    3072:qUTuDZCMaKhfS/Z87OiTqZMHGePv1IuQ6zvVkwz38vGUufMxHlbH+G9kj4:rT+jhfW5jZwZqrYCuEHlH+Gm

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7c8d342643d68ff3a243c1678c7dcb0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7c8d342643d68ff3a243c1678c7dcb0.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:3056
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2528
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1076
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2544
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2100

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      28d59b557d492049666399c9a4bb9b41

      SHA1

      fbe7da08cbad5ca0dd9773c96a6ca2bc498705b5

      SHA256

      b1c35a52cbcbbf8daccff206fb67d3aaed352c3b302db926b166688e8e4f32e7

      SHA512

      99591c7d8bb83b96efbd536adb14eae66a3eba5cedc680ac918f953a266182aab96601de13c73a19c577b4498deda6ec95f41d5aed90e530e3c073b6de1aabc0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56ea819e7ae486f499eee15becc4a1e5

      SHA1

      7257eb47e38e37d43dde6089f41029e3cb6dc4b3

      SHA256

      d955ee3ae48775e780618b1c9f35d410bc650a6fc655cf7f042081fda9e1689d

      SHA512

      5588f3aad71e713cfbad618b84c8ef49bf32f71e79e8e8c9add95f6416ed184adf89d40d95b471213fae816e1312d1a3496854b94cab943e8b36a9888b6dddb7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf9b41ffe3dbc9cd286e1a46d6982927

      SHA1

      db6c0090e3036360b2733304ac6cb90624f7eea4

      SHA256

      c5a451870ea3a8c8ba7dc54a0ab92b9c7f7e7d7329fc15640e3d8316894a340e

      SHA512

      632fd47b6cf428cf88023ef646b376ec2e2563353508f290f401b45f06a019d5f4f10fcd25a752a3755fe96758279d371185d56c813b2ab1af8ec2823b1d277f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      963cc1f89db0bab2b02b4bc7553a3c21

      SHA1

      904dbcfa591c53f12b2b06cda662383fb21b6ce1

      SHA256

      0e99c902ab2a667cbddbd2b89643eecece3ec1a73942979be80cd1d13f47b351

      SHA512

      cdd86e40abc971ca79af024e6eb79ce6af619223b42da16af92ba29b7a312202a2e01acc0a2e23651ce202fe3c7afecb440f3f5580817137291e5001f60c5960

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ef2d9c2b47ce9432ca6e49e6cd98872

      SHA1

      a2d1b275987105fbddbe798e3d722d60f7fe5aa1

      SHA256

      7adcdd13fa7b94be59ec886c8f2345ed1bd4868256782b3ffe3de01118ef61c6

      SHA512

      6cd0b3b5d1deccac4609b5e34f2aae07e69047742d140f689763e2e5a1c2da5875a2bbc3b307c2198ef937255bee4ac843b724c388494e2b16752c0d576b091b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      658beff9df6a52bcb0357850d20f83a7

      SHA1

      582f76a6e996e339205e131c017e702970d33ad5

      SHA256

      78cae6e0bae7257e4afec3c367ce31bff0baae3b280fec52857b8542a6e69cfd

      SHA512

      4309dfb61d45e6e987454247ae95adec741731518da5f241ef36cd59d63c0588e7ac0d318cf84036248ecfe58208bd851ad1ae3742b6bc7eb84156d13c35ba60

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3f798350e0dfe2176bf285277ea5ac76

      SHA1

      e0984423557ad4410279a5191e0a0779fc4c9923

      SHA256

      5ef93674aef08b09c6865b1868305da05bd687bc3ed3101bb4d598819b03502b

      SHA512

      0a8612bc7e23d13f338f90492256963bdbd442cd6836487a3c0ff73cd7bdbe98e54d947bd82e9bcf65845bd4caaab74d8b57f8e9910600daa74de24209b0a14d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3b3696964f17f7ac6b275e620a51abb6

      SHA1

      126e6111ac95d75ea06940e87f6f892809786617

      SHA256

      eece7eef8fd22114269e771c6c9b7e84493ed76f4ac4332d07b61070b98d6c6b

      SHA512

      a9fd1487d82c471e61b388234b63d05b161371229e796b137498bc46fd54948a9db340a82230b76568491f1ac8ef91bf146388dde0d55f36e042ea90d214fa51

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c60a892624abd339234a359aa00e622f

      SHA1

      3f9c4727856e6bd4e160b4b1cba396e317a40453

      SHA256

      3d3a1fd9196aa3ab3598ade1157f8670f38b47e73257fa193084c1b64209fdc4

      SHA512

      e4dfea88dee1da91ecd815bc7c42a91ad406ef3fdf94e968059ea7227078f0ea1e5460e6a7b8c874f1d6b63d1c6928780f5585c51cf9cdab1d2b4ddd57883184

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a2865e14d7d20f8ae2d39f55f9b4d087

      SHA1

      61d1d61c235f99f9812e123d9b7c14aec99aa784

      SHA256

      844a4b70207f367db67e43218c206983da1c33f0ee22c4f8b8c8e976052ae286

      SHA512

      d5bd1c67173ee1b95e5fb1d30d619630f6ce2bceeac26b4527e4ab38f64da65e43461cbfce2fdcc8c9cf601321d204e201836f8527c6178090ba10b8aa1bef36

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03813d40e4160219f199dba315d85ec7

      SHA1

      950670277d3b5eb860a7ef883406a1d0c6bf1a92

      SHA256

      532c517541b897cd1820b612cf47b059e061695e99e1e31057fa79b65d1d0bc3

      SHA512

      5ab563f1a7753b809b5eb54952dcc7c4a40d330cf1acda796c3c22c49ae6ce56b17f50c629a2f3fafa2bc225bb1af210eaa807fecedd239f21555bc87f883e1b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7e0dbd073b1cd64554cf77f2853cec3f

      SHA1

      62ff254ad6be1f7e37c7fbe46b86d67b6a95168f

      SHA256

      4ede7012d9dc94a31600663bb797f5f2dba1d1f860c25b0e838c912244216ffb

      SHA512

      0ec1a144f849d5e23c3c60056a7ad161a47411861c0c8943a157960d0d9e856821b029cb510cd2ff302bdd4fe9410e0a021dd9ff654d1db3aeaffd53d53ae7ba

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a6dfbb499906c6354161640d7af05f69

      SHA1

      9aa3466225d4da7cc60a9170794199c6e2c5279c

      SHA256

      d6ba778ec31d196ce00bd9617ef5a44703a7cb9bff1d82e530f9a298c40b81f7

      SHA512

      5c33e0420c4a2957aaa6ca1e87e4984c906f21d3c015df79df726c9ffed0c4edee9c7e91603bba1b87908651c5ed5f3737d0f43d4b97d676d9fd67419cd7ab8d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b764a76451d18e9d3786ea83a634e9bd

      SHA1

      a6aa6f7bae5c6d0f701d849a704406229dbd4f5a

      SHA256

      0cecdcaba9dcf848514d990f40ac2bb2f841c3c6cd9c66a69df3eaf5495108fe

      SHA512

      52e53054a778ac476f90e4e9bdcecc44fe75d002935f8947ba9db580204caaa31acaa4d62456e2084b98c55439728bac49130de352653fda9167df79ce8bc045

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ec7a4e06a4e19cefd9bdf9c1ca70807f

      SHA1

      b5727bbc6b0f416a1bbd46d2713dddeabccad00f

      SHA256

      447ec4c002aacac474accf5cbd14c9a853f239500cb2c80fd2b4268d580dfa90

      SHA512

      caf8e4d39f8ae44cb278f51e172cbd7c2b6e7bc392d3e78262130449328f6da31fe541c41ab49275f0690c8d64db0870b5f99f1ae30b680ce2fa2c31a90ea69c

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab4695.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar4979.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit
    • memory/1076-16-0x0000000001E20000-0x0000000001E70000-memory.dmp
      Filesize

      320KB

      Download
    • memory/1076-15-0x0000000001E20000-0x0000000001E70000-memory.dmp
      Filesize

      320KB

      Download
    • memory/1076-18-0x0000000001E20000-0x0000000001E70000-memory.dmp
      Filesize

      320KB

      Download
    • memory/2528-11-0x00000000004D0000-0x0000000000520000-memory.dmp
      Filesize

      320KB

      Download
    • memory/2528-17-0x00000000004D0000-0x0000000000520000-memory.dmp
      Filesize

      320KB

      Download
    • memory/2528-12-0x0000000000230000-0x0000000000232000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2528-10-0x00000000004D0000-0x0000000000520000-memory.dmp
      Filesize

      320KB

      Download
    • memory/2528-8-0x00000000001B0000-0x00000000001B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2708-20-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2708-7-0x0000000003A40000-0x0000000003A50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2708-6-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3048-1-0x0000000000160000-0x00000000001B0000-memory.dmp
      Filesize

      320KB

      Download
    • memory/3048-4-0x0000000000170000-0x00000000001C0000-memory.dmp
      Filesize

      320KB

      Download
    • memory/3048-3-0x0000000000220000-0x0000000000234000-memory.dmp
      Filesize

      80KB

      Download
    • memory/3048-0-0x0000000000160000-0x00000000001B0000-memory.dmp
      Filesize

      320KB

      Download
    • memory/3048-2-0x0000000000170000-0x00000000001C0000-memory.dmp
      Filesize

      320KB

      Download