Overview

overview

8

Static

static

7

c4210a26cc...78.dll

windows7-x64

8

c4210a26cc...78.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4210a26cc355b64ed5734df960b2b78.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2924
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1984
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1188
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1692

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a83e1c894d3157f9a529f0ed84f4f62

      SHA1

      f029d28993934fb8f87521580ec90553a744e9e5

      SHA256

      7010250429a1efb34ac6dba0e4168ba6ebba6a6a67c14b2cf8b88ac1b8acc842

      SHA512

      b1e488041fd6a7d4348d8bcb205cf7194aec1d57e7544586c9530ccfb3c7b9261f7094920c3f9c6ae15f544a6696cdb7515182f43bac4793a67ff3a24e507e91

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ddb3dc211fda3e4e3c3b405375095138

      SHA1

      dd52b32b11ee02302decf7f46a52a5f90ca05ac4

      SHA256

      e608733f4bfed651f462de219f3715ec2209936b9cb2f53adeefe5dfcc90c45a

      SHA512

      83564d9ed451f5be2e1f6b4ec293539bc401149a52cf14fcc5318f063d6c4f715f5604d56fb6806ddcdefcd57d17ad8eb82ab8f7db425b338f4ca4320bea387c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9b87d1f039eaedcd6c4fe973808c648

      SHA1

      d4a36c9d6369235bb993b323775a5520389d91d1

      SHA256

      ac127eaad9032ee3cb523e79069509090d778449db058de873bf925b22803720

      SHA512

      89e257e1019c0ccf09510020052f11f0dfa337b5109eb6113529dedebf3bcd9f27e9cd652f58d9ca160ff708f44b40596b2c0e1c17822f7ea6d5c06ffadfbbb7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      408c0cf00c1119941042be996d98078d

      SHA1

      6979df82f8dd30beaffc2d59834506ecb5b22a80

      SHA256

      2f3bd908c0f7d54179e159f2202e899441bdd64e46e71120f8f9340a3d1149ff

      SHA512

      aa18f3bd561a8391697717e560bd8a79e32567f1923c747b4a6256aa74593d06e2aeaf7b76218632d3fa4f1b1e6e4a8ee4b70f4e187f231cd254d1fa406c60cf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1301004bdc31f3e7013f78e5ecc063c4

      SHA1

      c6376063a847e2b873d83fbe641d68a1fa0ec9f9

      SHA256

      08dc1256bd54035994943573f9cc61af2ab48641470c42ff0fc44abe0042ada5

      SHA512

      6ede87c9d25d3a8075ec23356ac8c3a312730452cd2c03527be005a04548f50e4d8026bcc62502c609bb925a396625ea00a3749ae00adea4b3098d2785989d3b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b32b9908db723559a53a4332b9d91a94

      SHA1

      403c5452ef37de15bf75d5a42b464ea07e84a676

      SHA256

      2fdfca023011ca67fb6b83a3e93d062b53fa1943d87985ee246520720c73e384

      SHA512

      c4223a75bfaf780b636065229ca8dbbe37de08b3891f1c8e4bab35bdb25e03089160f71e8c7a02f519e225e8c368298249eb38756e65f2b75dd4e12a8f13dbc9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cd9b3a1d95acc5f952e8030871d92369

      SHA1

      c645bfe444872f5e13cc682e3a3c70e9278649ba

      SHA256

      d80ac4a2ad8b4b38a847e35cc3c92a61ff047cc5697baada77f170553acb28f3

      SHA512

      e627b1b0bfbcf925931c350b62bc76e08fbf9fabec7fa004d881c327d3a957dc52737bfa8e20c5da2d631aa09c7d6ce35cfa7b2f6c539b03ccde5c34b238ae7a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f07691096ea15c621766e2fe075384eb

      SHA1

      53277c111e71a93b613bf6098bb0fc92a738e0ee

      SHA256

      e9ceea7315bfec7968f1a941b3494dcbc041e61e018b5b1bd6a3f777ecffd02e

      SHA512

      27774b98bc595a8b89f44ec749bd53400fb644605899fd79df25512d34b9e2925816c7d7958e8bfd892069812197653990982a27273911755007a73f6d237d89

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7966.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7B52.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit
    • memory/1188-13-0x0000000000600000-0x0000000000652000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1188-14-0x0000000000600000-0x0000000000652000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1188-16-0x0000000000600000-0x0000000000652000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1848-0-0x00000000006D0000-0x0000000000722000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1848-3-0x00000000006D0000-0x0000000000722000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1848-2-0x0000000000190000-0x00000000001A4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1848-1-0x00000000006D0000-0x0000000000722000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1984-7-0x0000000000180000-0x0000000000181000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1984-15-0x0000000001F10000-0x0000000001F62000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1984-11-0x00000000001D0000-0x00000000001D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1984-10-0x0000000001F10000-0x0000000001F62000-memory.dmp
      Filesize

      328KB

      Download
    • memory/1984-9-0x0000000001F10000-0x0000000001F62000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2508-22-0x0000000003A80000-0x0000000003A81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2508-6-0x0000000003A80000-0x0000000003A81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2508-5-0x0000000003D80000-0x0000000003D90000-memory.dmp
      Filesize

      64KB

      Download