Overview

overview

10

Static

static

3

d3917af043...e1.dll

windows7-x64

10

d3917af043...e1.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2024 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3917af0432540bc9b405ed87b69c6e1.dll

  • Size

    15KB

  • MD5

    d3917af0432540bc9b405ed87b69c6e1

  • SHA1

    6ea20ff921431b740b076b97e8950bc72f9a45c1

  • SHA256

    824fa544821a28b51ee3d5157761d383645636db90cd1ac3f9a34d3bc9963fad

  • SHA512

    976e9c7bf9b71c4c5338bd3ae0b34d1d5d9fee738100380bbea0bc96abb261655434312d79b153c553124008fd84cc246b3ca44b0805287316fca94bbbde2051

  • SSDEEP

    384:9mgss1W8twKo0fMqbnApRUvaD6Gad0qXTh3bh:sgHXtvZEqbApRGjBNV3b

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3917af0432540bc9b405ed87b69c6e1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3917af0432540bc9b405ed87b69c6e1.dll,#1
      2⤵
      • Modifies firewall policy service
      • Windows security bypass
      • Windows security modification
      PID:4924
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 588
        3⤵
        • Program crash
        PID:1584
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4924 -ip 4924
    1⤵
      PID:4376

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads