Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11-03-2024 21:23
Static task
static1
Behavioral task
behavioral1
Sample
c1a3660ce4934b1893409d492ef2ba1a.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
c1a3660ce4934b1893409d492ef2ba1a.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
c1a3660ce4934b1893409d492ef2ba1a.dll
-
Size
19KB
-
MD5
c1a3660ce4934b1893409d492ef2ba1a
-
SHA1
80efb217f26a08584885257f2d8668dbbfc25a1b
-
SHA256
de3dc8d9d32d1d2d8d7359969d375dcd04ab482974b12fe291c4e4e1c90cfd59
-
SHA512
637294a8db9aed7760c3ca6cc76ede9a920b6045e74ec20549c1e61cd741b2d4a99d75e4868c13dc3aa97b5f6ab6f60eda304693512d06023e24e338f4302398
-
SSDEEP
384:sIVQYVbGqT5VUVbSsc1l6mHpF9+gMgLmB9w8Wp8qZvPIpR8mlo:NyYRGAL1l6OP9+ggw8/qJPs1W
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\HookHelp.sys rundll32.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found 476 Process not Found -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28 PID 2936 wrote to memory of 2264 2936 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1a3660ce4934b1893409d492ef2ba1a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1a3660ce4934b1893409d492ef2ba1a.dll,#12⤵
- Drops file in System32 directory
PID:2264
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51491df9fc38d212754684c04120d42b0
SHA1a66b6efc475eecad8d0eb08d2e881d25a05261dc
SHA256ebd20946bbbaa32937b271e8106fa27173b09dbe6480222ccf616128e9878801
SHA51262a4fbe5e669bcfa17deadffbf75e7ce1c0927b61f6bad911e1b03adbc8b421adb692e37f695ae29fdcfa57479174b5d9c017c63cda49af92411a8313950bfb8
-
Filesize
58B
MD55602febf87bd4c535da2d4e90f56e52b
SHA1e563ac3a277e614480525dc60061a06afe1a0419
SHA256569f5ce34e8e491d1b425b57cc90c1463d72eb531983727557802b17c148486b
SHA512b0e8186706e004b800f3e554171c2a3d8c7391b5d0ba8694380fdfdd12fb09330033a1af29bdc8898a09fabad611aaa98e3deb51d2e4d6e1e0d524b673eddb0f