Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 12:45

General

  • Target

    dba838199351cc0c1ccbf351b32b1fb2.dll

  • Size

    354KB

  • MD5

    dba838199351cc0c1ccbf351b32b1fb2

  • SHA1

    677382c9f127839d9a03a21940b9655c4ed16021

  • SHA256

    2b58c2f317105b85a2a87419f8654e6977aa6369e16c38ee26ce4d177dcb86c7

  • SHA512

    38c888c75252c3199d95783c6adc3134b93b4809215823e50e42fbb0274bcd8705f1fe9435e9d9858cb17d6f2e2159aa0e278048b36693ed0a6c6796a276c26b

  • SSDEEP

    6144:4Daa04b6Hx6ZhQuEaJW6wKHKFUOvyrBco8nN9zsy4:6aa04bwghQDUHsB4

Malware Config

Signatures

  • Modifies Shared Task Scheduler registry keys 2 TTPs 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dba838199351cc0c1ccbf351b32b1fb2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dba838199351cc0c1ccbf351b32b1fb2.dll,#1
      2⤵
      • Modifies Shared Task Scheduler registry keys
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:3320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3320-0-0x0000000076F54000-0x0000000076F55000-memory.dmp

    Filesize

    4KB

  • memory/3320-5-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-6-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-7-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-8-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-9-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-10-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-11-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-12-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-13-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-14-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-15-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-16-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-17-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

  • memory/3320-18-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB