Analysis

  • max time kernel
    144s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 16:33

General

  • Target

    dc190e078bbd76c0635b415325d93067.dll

  • Size

    172KB

  • MD5

    dc190e078bbd76c0635b415325d93067

  • SHA1

    061dc1a3c3391563b6cfcfe251077dbc311cd186

  • SHA256

    5c0219ee2ef3da0d3399d7b85522e5682b1d742548f078804d2bc63063669bf5

  • SHA512

    d8f7c40c8d67d9913152e17bc26d9c70136861b1ab75485a925d091d88b340982983cfb35f2bb8ad35180a0a5e9b7e92ea8e610482a807d2ed289b5fe65c900c

  • SSDEEP

    1536:NX0vHiJ6zFzUAMAKGe94MCsnn6NyDClbRW9Z/DxfbG+SwVol:6viJgUTAFe94jslDC3+Z/FfFt

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc190e078bbd76c0635b415325d93067.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc190e078bbd76c0635b415325d93067.dll,#1
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1004-0-0x0000000010000000-0x000000001002B000-memory.dmp

    Filesize

    172KB

  • memory/1004-2-0x0000000010000000-0x000000001002B000-memory.dmp

    Filesize

    172KB