Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

  • max time kernel
    1557s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 14:27

General

  • Target

    c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll

  • Size

    28KB

  • MD5

    7fc30b3540428adc624a060b9005d575

  • SHA1

    8a08667b8c0bceb82502e55848ca4e4f69326217

  • SHA256

    c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e

  • SHA512

    6fb43ccd2c6698dc027c48cf61d7b40b9faccbaa717c14eef207d4312ab9eb9497af6ae70191021bf3166d6bf703a248d509b327d4b05b126449e87a0cae7cc2

  • SSDEEP

    384:NZMO4CXWoRNt7oAbiKuWiO9fjQ/1/ZMzUFeM/Dd:NJ4CGoRNPGG8/96UUcDd

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32 "C:\Windows\SysWOW64\Pidalce.dll",DPldalic
        3⤵
          PID:2268

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Favorites\Links for United States\ÌÔ±¦Íø.url

      Filesize

      97B

      MD5

      cd0a61d98969279d5726bfe656429ef4

      SHA1

      37fcfab8293e7d41361394ae8a827f6416b77515

      SHA256

      1106d3ae302e51bd55b0fa50a5befd555d0919576831d0e821daefa717b7019b

      SHA512

      d1ad1422d284942d0dbdf5b823cf30f705501c67244f920ddd50416de7783d7b779c1ccb0ee5452f484f5d43ff380ed255a2c30649ed4289efbac5b0b80331f1

    • C:\Users\Admin\Favorites\MSN Websites\VANCL ·²¿Í³ÏÆ·.url

      Filesize

      63B

      MD5

      c772d95f3921ad2b5cd7e591daf41bb2

      SHA1

      eb4d2cbe38be7fe0aded05266e1186b06281be4e

      SHA256

      ca07aa59518c6eacf0e572980d27d9f0fbfb6a07c390114002c35f0f4fafd555

      SHA512

      1d0b7b43a500d7f7f75f62bb8dd3c3f505f0b97f00d7fa8f077648461ed4ccaa1773711c118566a6caea9d2c1eab9e83b851361de7622ab2a6e173e86431b46b

    • C:\Users\Admin\Favorites\MSN Websites\XpϵͳÏÂÔØ.url

      Filesize

      54B

      MD5

      f34737c4f0c4fdb889e074ca99c25368

      SHA1

      5a9d9c9c4126fa806240046f22d1786a2991715d

      SHA256

      24f3957dacf5651ffc813986e8ac169607f7588da8ec94a2b524a877decbd480

      SHA512

      919225d77fbebe711a173566f159d5dcfbc13e6939ea913f87b150bd5950680aa8296c03e8580f48dae527890bf259d7a9071245af0bfa45997d454ad0ddd0dc

    • C:\Users\Admin\Favorites\MSN Websites\°ÅÀ­ÌÔ±¦·µÀû.url

      Filesize

      52B

      MD5

      feb809ab6e61d75e1bb8a241e11385e8

      SHA1

      12a71885798109dea55771e53358606d2a0c4b56

      SHA256

      0d80613e892f32c5c09acd87cfdba76512987eac5320d07bdf40ad1afacdbdc4

      SHA512

      6e8b3ec1ac1e34191666bd0c84438cf089a230a1a17a3b180172615a5019097c1d59d284291a9d8877edb310a0f5e64fd0897232f89eb303506af94d549ef207

    • C:\Users\Admin\Favorites\MSN Websites\µ±µ±ÍøÉÏÉ̳Ç.url

      Filesize

      131B

      MD5

      27de099ce4510609d75617971251ed1b

      SHA1

      3a7846070baa7e4e06d95193eabf395e4933c238

      SHA256

      55a0bc5d42f71e47faba9ea96a43a5e417ce335bd289bba8a1379466b9913bce

      SHA512

      1cfeffb282a6d5de6672ba191722e4f909ffe775d124d6d01205103b3ee2e3f12052e039a6aa5be5f1e6f1d6e7ce8f694f3ded3964ef01a66f05a0109e0c5e71

    • C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦»Ê¹ÚµêÆÌ´óÈ«.url

      Filesize

      100B

      MD5

      2584d6cfc29621552b28f0905fdba7f8

      SHA1

      a2fb6de408e519e71883974e0e3191d5f5e58949

      SHA256

      1a7771485a51404fce51f453ab0e4532a0674a26ac7e305d9992ba6f3daacccf

      SHA512

      85bf76dd1e0d4caa19713ebca259153f33511f9712a7bea97c708f526316fc2604ceba98d130404bb9dc28c0d60cfa4c3f89899e21e88579aa1e7dee4ff70dc3

    • C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦Å®ÈËƵµÀ.url

      Filesize

      95B

      MD5

      a866782554710ef7e69bb381fb5bd7bd

      SHA1

      922ab6f615ae84165e084d58345515be1ad81a9d

      SHA256

      69e3df75ac1833490ed17a88e9fbda30301e6d18499397cfefbe6e3b2ac6d78a

      SHA512

      57ec15586e869d12e5fc343bca8f65cae1f65482b6655fdd01b395f289641855c17a89bbf03befde18ad190c137bcc165f86e5f17b780dc3bf38b6419a4131c3

    • C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦É̳Ç.url

      Filesize

      105B

      MD5

      bc9250c5a3210f2db2391cbec1f33f74

      SHA1

      4c3aeb7f8c73081a3bfe8299f07ca431e18d68ab

      SHA256

      7d54dcdcd48c6dd7f8138ac21f7b9a4b8a1dd3fafa1bd8947982ce908120f845

      SHA512

      d5ba01669542a7e0bc913d211a81651fb6d2228f42123fc4727c2da531ae75a96509e26bbd6ae251d6eaae4be49fc16a2aafe0f370617d8f71855bc965a395bf

    • C:\Users\Admin\Favorites\MSN Websites\ÍøÖ·´óÈ«.url

      Filesize

      48B

      MD5

      181686fb05f3abd9c7adea860e5f8131

      SHA1

      43188041be0d74503e22ac42771c7ec7b7e94907

      SHA256

      64efb9a71ce40259dad8cc393188f05e36804829551a4fdc1656d736af197eef

      SHA512

      b8943bf08a45d531f712f227ae934c5ac6fa9d71d03558bc9eac30e45e7c51e2f6ee81b4004200f331957cdeaf45af78f1c874dc4b4c42ca8bd53908c6f89753

    • C:\Users\Admin\Favorites\MSN Websites\׿ԽÍøÉÏÉ̳Ç.url

      Filesize

      162B

      MD5

      2ce9d605c8cb62c08b90f07930df170a

      SHA1

      2780c34d620ed793133c0635dc050371fc048498

      SHA256

      8c313420a0b779d32016d4d8120a361d2106e218dcef597c80af7b81efc48b5d

      SHA512

      20598be8e77e8ad45bb123ab0f2a63b075ee4594b363d9f564101c8cc9a0374329a36e784b6cac191815b529fe498c9782cecdeb5b15a124a5864a7d52ad4823