Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 19:45

General

  • Target

    4e1bfc80b0afeb98eb5f6ff0454b7059f252d13f99708b9617f1379c5683cda2.dll

  • Size

    339KB

  • MD5

    a7c4c1c4fabf6dc0f5702f73083f3e46

  • SHA1

    99a705d77e1e442e04963e6295aa15b24e9c4db5

  • SHA256

    4e1bfc80b0afeb98eb5f6ff0454b7059f252d13f99708b9617f1379c5683cda2

  • SHA512

    0379170d8b772bf3ab4a8292fbb136b5ab49b7b961175ebe77884e8c1b700643c9566b9b1da6e45945cf3f642dc13eed58ed318cdc6751cbc2942888fd989144

  • SSDEEP

    6144:xJ7D5RtYutKWXfsMWxbsFMTk8YnpjAycXdBkA:PbtYapX0yrXA

Malware Config

Signatures

  • Modifies Shared Task Scheduler registry keys 2 TTPs 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1bfc80b0afeb98eb5f6ff0454b7059f252d13f99708b9617f1379c5683cda2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1bfc80b0afeb98eb5f6ff0454b7059f252d13f99708b9617f1379c5683cda2.dll,#1
      2⤵
      • Modifies Shared Task Scheduler registry keys
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Modifies registry class
      PID:4332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\WRMW.dll

    Filesize

    339KB

    MD5

    d68d219b607eefc8bfe7fc6dbfca9b3c

    SHA1

    6a364f40df329f80c6107ec207ff41722198d0c8

    SHA256

    c1dfe969a71f81c5d87ab700e28413fb0cb30d30d15d65c242dbd50c1b772ebf

    SHA512

    89f7c9fc6282c6d848cb4a062c4afc872c6bc33a166bb3eed6196d24965a7fbf4441f4f2e6b739526c013eee5a9e8a0da912f5cf2272499803b71152a92a65b2

  • memory/4332-17-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-16-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-12-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-13-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-18-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-15-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-1-0x0000000077784000-0x0000000077785000-memory.dmp

    Filesize

    4KB

  • memory/4332-0-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-14-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-19-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-20-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-21-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-22-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-23-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-24-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB

  • memory/4332-25-0x0000000000630000-0x000000000068C000-memory.dmp

    Filesize

    368KB