Analysis
-
max time kernel
141s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
cae605b78297b8c24f0cf048a38afbe7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cae605b78297b8c24f0cf048a38afbe7.exe
Resource
win10v2004-20240226-en
General
-
Target
cae605b78297b8c24f0cf048a38afbe7.exe
-
Size
64KB
-
MD5
cae605b78297b8c24f0cf048a38afbe7
-
SHA1
fc8a2b19dfe70cff2407774f165dae31f6912906
-
SHA256
c7413113105daed6130ce1662d8bade253b6c085c9dc2c4fc96e01015e827c1c
-
SHA512
7808e00e3a57cb14f91272ed7c856d28a68a08d194a4a7d32b0c6e25ad982360f0b0a5e8dfda3e1e5cbf06e17ee3a0f048c2105f6ba2eb4a01c6a648527bf4bd
-
SSDEEP
1536:7BlhSCnLSDK7vDnvVcXv73RAuiNYtXl1Oqo99Qhy6K4bUM3HO7zI:7B7ScLpLtmv73VEYFTeQPRUmuv
Malware Config
Signatures
-
Loads dropped DLL 8 IoCs
pid Process 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe 2992 rundll32.exe 2992 rundll32.exe 2992 rundll32.exe 2992 rundll32.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Jdalamehiga = "rundll32.exe \"C:\\Users\\Admin\\AppData\\Local\\mdblet.dll\",Startup" rundll32.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe 1788 rundll32.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 628 wrote to memory of 1788 628 cae605b78297b8c24f0cf048a38afbe7.exe 28 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29 PID 1788 wrote to memory of 2992 1788 rundll32.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\cae605b78297b8c24f0cf048a38afbe7.exe"C:\Users\Admin\AppData\Local\Temp\cae605b78297b8c24f0cf048a38afbe7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\mdblet.dll",Startup2⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\mdblet.dll",iep3⤵
- Loads dropped DLL
PID:2992
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5e41c58551e47d7046a4f822a64d55d07
SHA15c9e0e35a1da953aaf523aa3bad33b2ffdd9c20a
SHA2563bed36f58caa0a0213a1fea1b8280db4c5c7db1d2cd1313d75b860e5ea3f22b1
SHA5126b133ae6102a94e6d6acbf77aa5ddf0b0e03da8a0498426bd11dc2f0474ec27d7af6290c27ed32d2dd5928dd9a5b3788420bd8b48cf994ff9e64e1a72ef9e939