Overview

overview

7

Static

static

7

bff22aae91...80.dll

windows7-x64

7

bff22aae91...80.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 05:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bff22aae91aa4bfe11e2e37461fae880.dll

  • Size

    40KB

  • MD5

    bff22aae91aa4bfe11e2e37461fae880

  • SHA1

    22330eb33bb6f4174ac04a7c7a9ef5b355f99151

  • SHA256

    2effe6a977e9a2968400d19bdc3bcb28af7ea31ecd26199ec97abe40921b2a14

  • SHA512

    6012bd79cff5b1e7e322e78bcd7a188efb6a2647596fc05320ac8f1bc96e28a9e8220ca909da71911fbee5d7d63f38f7eb8082c4bdf1e8d0faf5adf684b02063

  • SSDEEP

    768:KxRXHrByjf6YEO6+GK9exwP+rER6iccRWPynKHGtj1peP3pujqsv7kZ:GHPYEOF2muQgynKmtj1pePpOqsQ

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer Phishing Filter 1 TTPs 4 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bff22aae91aa4bfe11e2e37461fae880.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bff22aae91aa4bfe11e2e37461fae880.dll,#1
      2⤵
      • Adds Run key to start application
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1940

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1940-0-0x00000000037C0000-0x00000000037DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1940-1-0x00000000037C0000-0x00000000037DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1940-2-0x00000000037C0000-0x00000000037DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1940-3-0x00000000037C0000-0x00000000037DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1940-4-0x00000000037C0000-0x00000000037DF000-memory.dmp

          Filesize

          124KB

          Download